From owner-freebsd-security  Tue Oct 31 18:26:34 2000
Delivered-To: freebsd-security@freebsd.org
Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177])
	by hub.freebsd.org (Postfix) with ESMTP
	id 3EF2237B4CF; Tue, 31 Oct 2000 18:26:32 -0800 (PST)
Received: (from kris@localhost)
	by citusc17.usc.edu (8.11.1/8.11.1) id eA12SVd18211;
	Tue, 31 Oct 2000 18:28:31 -0800 (PST)
	(envelope-from kris)
Date: Tue, 31 Oct 2000 18:28:31 -0800
From: Kris Kennaway <kris@FreeBSD.ORG>
To: Borja Marcos <borjamar@sarenet.es>
Cc: security-advisories@FreeBSD.ORG, security@FreeBSD.ORG
Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-00:61.tcpdump
Message-ID: <20001031182831.B18164@citusc17.usc.edu>
References: <20001030231311.7642A37B680@hub.freebsd.org> <39FE7E95.60F46EB5@sarenet.es>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="QKdGvSO+nmPlgiQ/"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <39FE7E95.60F46EB5@sarenet.es>; from borjamar@sarenet.es on Tue, Oct 31, 2000 at 09:11:01AM +0100
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


--QKdGvSO+nmPlgiQ/
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Oct 31, 2000 at 09:11:01AM +0100, Borja Marcos wrote:
> FreeBSD Security Advisories wrote:
> >
> > Several overflowable buffers were discovered in the version of tcpdump
> > included in FreeBSD, during internal source code auditing.  Some
> > simply allow the remote attacker to crash the local tcpdump process,
> > but there is a more serious vulnerability in the decoding of AFS ACL
> > packets in the more recent version of tcpdump (tcpdump 3.5) included
> > in FreeBSD 4.0-RELEASE, 4.1-RELEASE and 4.1.1-RELEASE, which may allow
> > a remote attacker to execute arbitrary code on the local system
> > (usually root, since root privileges are required to run tcpdump).
>=20
> 	Something I love in FreeBSD: You don't need to be root.
> Just need permissions to access /dev/bpf?. Perhaps you could
> recommend running it as an ordinary user?

A non-root remote exploit is nearly as bad. Arguably better to just
fix it :-)

Kris

--QKdGvSO+nmPlgiQ/
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjn/f84ACgkQWry0BWjoQKVoeQCguXUdRX2kB0hA2pC58/vaTPch
j1UAoJ4t+dMg5/J9EZr5Z9PiS+Oo7Evs
=zedw
-----END PGP SIGNATURE-----

--QKdGvSO+nmPlgiQ/--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message