首页 -> 安全研究
安全研究
安全漏洞
TCPDump畸形NFS包导致缓冲区溢出漏洞
发布日期:2002-05-30
更新日期:2002-06-05
受影响系统:
LBL tcpdump 3.6.2描述:
- Conectiva Linux 8.0
- Conectiva Linux 7.0
- Conectiva Linux 6.0
- Conectiva Linux 5.1
- Conectiva Linux 5.0
- FreeBSD 4.3
- FreeBSD 4.2
- FreeBSD 4.1.1
- FreeBSD 4.1
- FreeBSD 4.0
- Mandrake Linux 8.2
- Mandrake Linux 8.1
- Mandrake Linux 8.0
- Mandrake Linux 7.2
- Mandrake Linux 7.1
- RedHat Linux 7.2 ia64
- RedHat Linux 7.2 x86
- RedHat Linux 7.1 x86
- RedHat Linux 7.1 alpha
- RedHat Linux 7.1
- RedHat Linux 7.1 ia64
- RedHat Linux 7.0 alpha
- RedHat Linux 7.0
- RedHat Linux 7.0 x86
- RedHat Linux 6.2 x86
- RedHat Linux 6.2
- RedHat Linux 6.2 alpha
- RedHat Linux 6.2 sparc
BUGTRAQ ID: 4890
CVE(CAN) ID: CVE-2002-0380
Tcpdump是一款命令行监视网络通信的工具。
Tcpdump在处理畸形NFS包时存在漏洞,可导致远程攻击者进行缓冲溢出攻击。
攻击者可以提交畸形超大的NFS数据包而导致tcpdump在处理时出现缓冲区溢出,精心构建NFS包可以导致攻击者以tcpdump进程的权限在系统上执行任意指令。
目前尚为发现利用程序存在。
<*来源:bugzilla (bugzilla@redhat.com)
链接:http://online.securityfocus.com/advisories/4169
http://www.suse.com/de/support/security/2002_020_tcpdump.html
https://www.redhat.com/support/errata/RHSA-2002-094.html
*>
建议:
临时解决方法:
如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:
* 不要在不可信的网络上运行tcpdump。
厂商补丁:
RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2002:094-08)以及相应补丁:
RHSA-2002:094-08:Updated tcpdump packages fix buffer overflow
链接:https://www.redhat.com/support/errata/RHSA-2002-094.html
补丁下载:
Red Hat Linux 6.2:
SRPMS:
ftp://updates.redhat.com/6.2/en/os/SRPMS/tcpdump-3.6.2-11.6.2.0.src.rpm
alpha:
ftp://updates.redhat.com/6.2/en/os/alpha/tcpdump-3.6.2-11.6.2.0.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/libpcap-0.6.2-11.6.2.0.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/arpwatch-2.1a11-11.6.2.0.alpha.rpm
i386:
ftp://updates.redhat.com/6.2/en/os/i386/tcpdump-3.6.2-11.6.2.0.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/libpcap-0.6.2-11.6.2.0.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/arpwatch-2.1a11-11.6.2.0.i386.rpm
sparc:
ftp://updates.redhat.com/6.2/en/os/sparc/tcpdump-3.6.2-11.6.2.0.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/libpcap-0.6.2-11.6.2.0.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/arpwatch-2.1a11-11.6.2.0.sparc.rpm
Red Hat Linux 7.0:
SRPMS:
ftp://updates.redhat.com/7.0/en/os/SRPMS/tcpdump-3.6.2-11.7.0.0.src.rpm
alpha:
ftp://updates.redhat.com/7.0/en/os/alpha/tcpdump-3.6.2-11.7.0.0.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/libpcap-0.6.2-11.7.0.0.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/arpwatch-2.1a11-11.7.0.0.alpha.rpm
i386:
ftp://updates.redhat.com/7.0/en/os/i386/tcpdump-3.6.2-11.7.0.0.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/libpcap-0.6.2-11.7.0.0.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/arpwatch-2.1a11-11.7.0.0.i386.rpm
Red Hat Linux 7.1:
SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/tcpdump-3.6.2-11.7.1.0.src.rpm
alpha:
ftp://updates.redhat.com/7.1/en/os/alpha/tcpdump-3.6.2-11.7.1.0.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/libpcap-0.6.2-11.7.1.0.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/arpwatch-2.1a11-11.7.1.0.alpha.rpm
i386:
ftp://updates.redhat.com/7.1/en/os/i386/tcpdump-3.6.2-11.7.1.0.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/libpcap-0.6.2-11.7.1.0.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/arpwatch-2.1a11-11.7.1.0.i386.rpm
ia64:
ftp://updates.redhat.com/7.1/en/os/ia64/tcpdump-3.6.2-11.7.1.0.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/libpcap-0.6.2-11.7.1.0.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/arpwatch-2.1a11-11.7.1.0.ia64.rpm
Red Hat Linux 7.2:
SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/tcpdump-3.6.2-11.7.2.0.src.rpm
i386:
ftp://updates.redhat.com/7.2/en/os/i386/tcpdump-3.6.2-11.7.2.0.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/libpcap-0.6.2-11.7.2.0.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/arpwatch-2.1a11-11.7.2.0.i386.rpm
ia64:
ftp://updates.redhat.com/7.2/en/os/ia64/tcpdump-3.6.2-11.7.2.0.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/libpcap-0.6.2-11.7.2.0.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/arpwatch-2.1a11-11.7.2.0.ia64.rpm
可使用下列命令安装补丁:
rpm -Fvh [文件名]
S.u.S.E.
--------
S.u.S.E.已经为此发布了一个安全公告(SuSE-SA:2002:020)以及相应补丁:
SuSE-SA:2002:020:tcpdump/libpcap
链接:http://www.suse.com/de/support/security/2002_020_tcpdump_txt.txt
补丁下载:
i386 Intel Platform:
SuSE-8.0
ftp://ftp.suse.com/pub/suse/i386/update/8.0/n1/tcpdump-3.6.2-300.i386.rpm
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/tcpdump-3.6.2-300.src.rpm
SuSE-7.3
ftp://ftp.suse.com/pub/suse/i386/update/7.3/n1/tcpdump-3.6.2-300.i386.rpm
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/7.3/zq1/tcpdump-3.6.2-300.src.rpm
SuSE-7.2
ftp://ftp.suse.com/pub/suse/i386/update/7.2/n1/tcpdump-3.4a6-376.i386.rpm
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/7.2/zq1/tcpdump-3.4a6-376.src.rpm
SuSE-7.1
ftp://ftp.suse.com/pub/suse/i386/update/7.1/n1/tcpdump-3.4a6-375.i386.rpm
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/7.1/zq1/tcpdump-3.4a6-375.src.rpm
SuSE-7.0
ftp://ftp.suse.com/pub/suse/i386/update/7.0/n1/tcpdump-3.4a6-374.i386.rpm
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/tcpdump-3.4a6-374.src.rpm
SuSE-6.4
ftp://ftp.suse.com/pub/suse/i386/update/6.4/n1/tcpdump-3.4a6-372.i386.rpm
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/tcpdump-3.4a6-372.src.rpm
Sparc Platform:
SuSE-7.3
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n1/tcpdump-3.6.2-58.sparc.rpm
source rpm:
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/zq1/tcpdump-3.6.2-58.src.rpm
SuSE-7.1
ftp://ftp.suse.com/pub/suse/sparc/update/7.1/n1/tcpdump-3.4a6-318.sparc.rpm
source rpm:
ftp://ftp.suse.com/pub/suse/sparc/update/7.1/zq1/tcpdump-3.4a6-318.src.rpm
SuSE-7.0
ftp://ftp.suse.com/pub/suse/sparc/update/7.0/n1/tcpdump-3.4a6-318.sparc.rpm
source rpm:
ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/tcpdump-3.4a6-318.src.rpm
AXP Alpha Platform:
SuSE-7.1
ftp://ftp.suse.com/pub/suse/axp/update/7.1/n1/tcpdump-3.4a6-329.alpha.rpm
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/7.1/zq1/tcpdump-3.4a6-329.src.rpm
SuSE-7.0
ftp://ftp.suse.com/pub/suse/axp/update/7.0/n1/tcpdump-3.4a6-330.alpha.rpm
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/7.0/zq1/tcpdump-3.4a6-330.src.rpm
SuSE-6.4
ftp://ftp.suse.com/pub/suse/axp/update/6.4/n1/tcpdump-3.4a6-330.alpha.rpm
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/tcpdump-3.4a6-330.src.rpm
PPC Power PC Platform:
SuSE-7.3
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n1/tcpdump-3.6.2-189.ppc.rpm
source rpm:
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/zq1/tcpdump-3.6.2-189.src.rpm
SuSE-7.1
ftp://ftp.suse.com/pub/suse/ppc/update/7.1/n1/tcpdump-3.4a6-317.ppc.rpm
source rpm:
ftp://ftp.suse.com/pub/suse/ppc/update/7.1/zq1/tcpdump-3.4a6-317.src.rpm
SuSE-7.0
ftp://ftp.suse.com/pub/suse/ppc/update/7.0/n1/tcpdump-3.4a6-316.ppc.rpm
source rpm:
ftp://ftp.suse.com/pub/suse/ppc/update/7.0/zq1/tcpdump-3.4a6-316.src.rpm
SuSE-6.4
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/n1/tcpdump-3.4a6-315.ppc.rpm
source rpm:
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/tcpdump-3.4a6-315.src.rpm
补丁安装方法:
用“rpm -Fhv file.rpm”命令安装文件。
浏览次数:3843
严重程度:0(网友投票)
绿盟科技给您安全的保障