View Full Version : USN-492-1: tcpdump vulnerability

July 31st, 2007, 10:10 AM
Referenced CVEs:

================================================== ========= Ubuntu Security Notice USN-492-1 July 30, 2007 tcpdump vulnerability CVE-2007-3798 ================================================== ========= A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: tcpdump 3.9.4-2ubuntu0.2 Ubuntu 6.10: tcpdump 3.9.4-4ubuntu0.2 Ubuntu 7.04: tcpdump 3.9.5-2ubuntu1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: A flaw was discovered in the BGP dissector of tcpdump. Remote attackers could send specially crafted packets and execute arbitrary code with user privileges.

More... (http://www.ubuntu.com/usn/usn-492-1)