首页 -> 安全研究
安全研究
安全漏洞
TCPDump ISAKMP解码程序远程拒绝服务漏洞
发布日期:2004-01-31
更新日期:2004-02-09
受影响系统:
LBL tcpdump 3.8.1描述:
BUGTRAQ ID: 9507
CVE(CAN) ID: CVE-2003-0989
Tcpdump是一款命令行监视网络通信工具。
Tcpdump在接收到畸形ISAKMP包时会进入死循环而使程序崩溃,远程攻击者可以利用这个漏洞进行拒绝服务攻击。
虽然没有得到证实,不过存在执行任意指令可能。目前没有详细漏洞细节提供。
<*来源:George Bakos
链接:http://www.linux-mandrake.com/en/security/2004/2004-008.php
http://www.debian.org/security/2004/dsa-425
https://www.redhat.com/support/errata/RHSA-2004-007.html
*>
建议:
厂商补丁:
Debian
------
Debian已经为此发布了一个安全公告(DSA-425-1)以及相应补丁:
DSA-425-1:New tcpdump packages fix multiple vulnerabilities
链接:http://www.debian.org/security/2002/dsa-425
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.7.dsc
Size/MD5 checksum: 587 fc666bc6c77312ce601782871bde22a1
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.7.diff.gz
Size/MD5 checksum: 12091 8453e6103104e509ab52adb0ed1bbd37
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2.orig.tar.gz
Size/MD5 checksum: 380635 6bc8da35f9eed4e675bfdf04ce312248
Alpha architecture:
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.7_alpha.deb
Size/MD5 checksum: 214088 90f363cde67deec9e56bf827bf1f9e8e
ARM architecture:
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.7_arm.deb
Size/MD5 checksum: 180028 e0fb2e07c499544aafbec0bbf1f853c8
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.7_i386.deb
Size/MD5 checksum: 169896 d6e159ea45a8663a31bdcbecc83ac3fa
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.7_ia64.deb
Size/MD5 checksum: 247376 34ca33e36d7c85c8401e1fc04ae0b295
HP Precision architecture:
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.7_hppa.deb
Size/MD5 checksum: 196120 1edd4cc6f1a5ec98aa3210893b26870b
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.7_m68k.deb
Size/MD5 checksum: 157854 b798473fd9ec1d4c1d0ca1d34450e061
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.7_mips.deb
Size/MD5 checksum: 189302 bc5fc61607359b857996af3b7cd1759f
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.4_mipsel.deb
Size/MD5 checksum: 193268 961b6b8d7e70ae97722759b8049445b1
PowerPC architecture:
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.7_powerpc.deb
Size/MD5 checksum: 177184 8ac3abd34f1131c0cd2fadc21b92deae
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.7_s390.deb
Size/MD5 checksum: 174738 533d1cea1cb982cf252900ee8f2d0604
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.7_sparc.deb
Size/MD5 checksum: 179666 a4e039dc8f12be45b144bd731e1d713c
补丁安装方法:
1. 手工安装补丁包:
首先,使用下面的命令来下载补丁软件:
# wget url (url是补丁下载链接地址)
然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)
2. 使用apt-get自动安装补丁包:
首先,使用下面的命令更新内部数据库:
# apt-get update
然后,使用下面的命令安装更新软件包:
# apt-get upgrade
MandrakeSoft
------------
http://www.debian.org/security/2004/dsa-425
RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2004:007-01)以及相应补丁:
RHSA-2004:007-01:Updated tcpdump packages fix various vulnerabilities
链接:https://www.redhat.com/support/errata/RHSA-2004-007.html
补丁下载:
Red Hat Linux 7.2:
SRPMS:
http://download.fedoralegacy.org/redhat/7.2/updates/SRPMS/tcpdump-3.6.3-17.7.2.4.legacy.src.rpm
i386:
http://download.fedoralegacy.org/redhat/7.2/updates/i386/tcpdump-3.6.3-17.7.2.4.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.2/updates/i386/libpcap-0.6.2-17.7.2.4.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.2/updates/i386/arpwatch-2.1a11-17.7.2.4.legacy.i386.rpm
Red Hat Linux 7.3:
SRPMS:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/tcpdump-3.6.3-17.7.3.4.legacy.src.rpm
i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/tcpdump-3.6.3-17.7.3.4.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/libpcap-0.6.2-17.7.3.4.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/arpwatch-2.1a11-17.7.3.4.legacy.i386.rpm
Red Hat Linux 8.0:
SRPMS:
http://download.fedoralegacy.org/redhat/8.0/updates/SRPMS/tcpdump-3.6.3-17.8.0.5.legacy.src.rpm
i386:
http://download.fedoralegacy.org/redhat/8.0/updates/i386/tcpdump-3.6.3-17.8.0.5.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/8.0/updates/i386/libpcap-0.6.2-17.8.0.5.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/8.0/updates/i386/arpwatch-2.1a11-17.8.0.5.legacy.i386.rpm
S.u.S.E.
--------
S.u.S.E.已经为此发布了一个安全公告(SuSE-SA:2004:002)以及相应补丁:
SuSE-SA:2004:002:tcpdump
链接:
补丁下载:
i386 Intel Platform:
SuSE-9.0:
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/tcpdump-3.7.2-72.i586.rpm
patch rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/tcpdump-3.7.2-72.i586.patch.rpm
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/tcpdump-3.7.2-72.src.rpm
SuSE-8.2:
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/tcpdump-3.7.1-341.i586.rpm
patch rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/tcpdump-3.7.1-341.i586.patch.rpm
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/tcpdump-3.7.1-341.src.rpm
SuSE-8.1:
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/tcpdump-3.7.1-341.i586.rpm
patch rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/tcpdump-3.7.1-341.i586.patch.rpm
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/tcpdump-3.7.1-341.src.rpm
SuSE-8.0:
ftp://ftp.suse.com/pub/suse/i386/update/8.0/n1/tcpdump-3.6.2-330.i386.rpm
patch rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/8.0/n1/tcpdump-3.6.2-330.i386.patch.rpm
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/tcpdump-3.6.2-330.src.rpm
Opteron x86_64 Platform:
SuSE-9.0:
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/tcpdump-3.7.2-68.x86_64.rpm
patch rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/tcpdump-3.7.2-68.x86_64.patch.rpm
source rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/tcpdump-3.7.2-68.src.rpm
补丁安装方法:
用“rpm -Fhv file.rpm”命令安装文件,完成后,如果rsync服务是用inetd启动的,向inetd进程发送信号重启之。如果rsync是用“rsync --daemon”命令启动的,则再用此命令重启rsync服务。
浏览次数:3437
严重程度:10(网友投票)
绿盟科技给您安全的保障