Debian

Updated:  August 26, 2004

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

More information can be found in Debian Security Advisory DSA-478. Users are encouraged to review this advisory and apply the patches it refers to.

Fedora Project

Updated:  August 26, 2004

Status

  Vulnerable

Vendor Statement

Fedora Update Notification FEDORA-2004-120 2004-05-13 Name : tcpdump Version : 3.7.2 Release : 8.fc1.2 Summary : A network traffic monitoring tool. Description : Tcpdump is a command-line tool for monitoring network traffic. Tcpdump can capture and display the packet headers on a particular network interface or on all interfaces. Tcpdump can display all of the packet headers, or just the ones that match particular criteria. Install tcpdump if you need a program to monitor network traffic. Update Information: Tcpdump is a command-line tool for monitoring network traffic. Tcpdump v3.8.1 and earlier versions contained multiple flaws in the packet display functions for the ISAKMP protocol. Upon receiving specially crafted ISAKMP packets, TCPDUMP would try to read beyond the end of the packet capture buffer and subsequently crash. Users of tcpdump are advised to upgrade to these erratum packages, which contain backported security patches and are not vulnerable to these issues. * Wed May 12 2004 Harald Hoyer - 14:3.7.2-8.fc1.2 - CAN-2004-0183/0184 fixed This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ c11dc7a9af4766ca018405339f6e8b0d SRPMS/tcpdump-3.7.2-8.fc1.2.src.rpm f7de913568498b8b38788d2fc673162e i386/tcpdump-3.7.2-8.fc1.2.i386.rpm 13f09fefc188bfa47b0dc993eadabcd7 i386/libpcap-0.7.2-8.fc1.2.i386.rpm 5bdc0b8f388497e475b7091b5175c6c6 i386/arpwatch-2.1a11-8.fc1.2.i386.rpm 2545161afba66a197a54233349bc0285 x86_64/tcpdump-3.7.2-8.fc1.2.x86_64.rpm 343dea7f180e95f86b436fc42ce34c21 x86_64/libpcap-0.7.2-8.fc1.2.x86_64.rpm 1e50e97307551fabb2aba8f8c4cf635d x86_64/arpwatch-2.1a11-8.fc1.2.x86_64.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. fedora-announce-list mailing list fedora-announce-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-announce-list

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Gentoo Linux

Updated:  August 26, 2004

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

More information can be found in Gentoo Linux Security Advisory GLSA 200404-03. Users are encouraged to review this advisory and apply the patches it refers to.

MandrakeSoft

Updated:  August 26, 2004

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

More information can be found in Mandrakelinux Security Update Advisory MDKSA-2004:030. Users are encouraged to review this advisory and apply the patches it refers to.

OpenPKG

Updated:  August 26, 2004

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

More information is available in OpenPKG Security Advisory OpenPKG-SA-2004.010. Users are encouraged to review this advisory and apply the patches it refers to.

Red Hat Inc.

Updated:  August 26, 2004

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

More information can be found in Red Hat Security Advisory RHSA-2004:219. Users are encouraged to review this advisory and apply the patches it refers to.

SGI

Updated:  August 26, 2004

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

More information can be found in SGI Advanced Linux Environment 2.4 security update #21and SGI Advanced Linux Environment 3 Security Update #3. Users are encouraged to review these advisories and apply the patches they refer to.

Slackware

Updated:  August 26, 2004

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The Slackware Security team has published Slackware Security Advisory SSA:2004-108 in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.

SuSE Inc.

Updated:  August 26, 2004

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

More information can be found in SuSE Security Announcement SuSE-SA:2004:011. Users are encouraged to review this advisory and apply the patches it refers to.

Trustix Secure Linux

Updated:  August 26, 2004

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

More information can be found in Trustix Secure Linux Security Advisory TSLSA-2004-0015. Users are encouraged to review this advisory and apply the patches it refers to.