RHEL 2.1 : tcpdump (RHSA-2002:121)

high Nessus Plugin ID 12632

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

Updated tcpdump, libpcap, and arpwatch packages are available. These updates close a buffer overflow when handling NFS packets.

tcpdump is a command-line tool for monitoring network traffic.
Versions of tcpdump up to and including 3.6.2 have a buffer overflow that can be triggered when tracing the network by a bad NFS packet.

We are not yet aware if this issue is fully exploitable; however, users of tcpdump are advised to upgrade to these errata packages which contain a patch for this issue.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2002-0380 to this issue. This issue was found by David Woodhouse of Red Hat.

Solution

Update the affected arpwatch, libpcap and / or tcpdump packages.

See Also

https://access.redhat.com/security/cve/cve-2002-0380

https://access.redhat.com/errata/RHSA-2002:121

Plugin Details

Severity: High

ID: 12632

File Name: redhat-RHSA-2002-121.nasl

Version: 1.25

Type: local

Agent: unix

Published: 7/6/2004

Updated: 1/14/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:arpwatch, cpe:/o:redhat:enterprise_linux:2.1, p-cpe:/a:redhat:enterprise_linux:libpcap, p-cpe:/a:redhat:enterprise_linux:tcpdump

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 11/27/2002

Vulnerability Publication Date: 6/18/2002

Reference Information

CVE: CVE-2002-0380

RHSA: 2002:121