Mandrake Linux Security Advisory : tcpdump (MDKSA-2004:008)
High Nessus Plugin ID 14108
SynopsisThe remote Mandrake Linux host is missing a security update.
DescriptionA number of vulnerabilities were discovered in tcpdump versions prior to 3.8.1 that, if fed a maliciously crafted packet, could be exploited to crash tcpdump or potentially execute arbitrary code with the privileges of the user running tcpdump. These vulnerabilities include :
An infinite loop and memory consumption processing L2TP packets (CVE-2003-1029).
Infinite loops in processing ISAKMP packets (CVE-2003-0989, CVE-2004-0057).
A segmentation fault caused by a RADIUS attribute with a large length value (CVE-2004-0055).
The updated packages are patched to correct these problem.
SolutionUpdate the affected tcpdump package.