From owner-freebsd-questions Thu Mar 6 15:49:56 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7DA5737B401 for ; Thu, 6 Mar 2003 15:49:53 -0800 (PST) Received: from web10106.mail.yahoo.com (web10106.mail.yahoo.com [216.136.130.56]) by mx1.FreeBSD.org (Postfix) with SMTP id 02F5543FBD for ; Thu, 6 Mar 2003 15:49:53 -0800 (PST) (envelope-from twigles@yahoo.com) Message-ID: <20030306234952.51661.qmail@web10106.mail.yahoo.com> Received: from [68.5.49.41] by web10106.mail.yahoo.com via HTTP; Thu, 06 Mar 2003 15:49:52 PST Date: Thu, 6 Mar 2003 15:49:52 -0800 (PST) From: twig les Subject: Re: TCPDump version in base? To: freebsd-questions@freebsd.org In-Reply-To: <20030307122620.L59121@a2.scoop.co.nz> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG This is a good point. Do I have to upgrade? The team hasn't put out an advisory but we actively use a few FreeBSD boxes for sniffing so pardon my impatience. > Since tcpdump has moved into the freebsd core distribution > it's doubtful > whether the tcpdump version number as such is all that > meaningful anyway. > > Andrew > > > > On Thu, 6 Mar 2003, twig les wrote: > > > Date: Thu, 6 Mar 2003 14:53:41 -0800 (PST) > > From: twig les > > To: freebsd-security@FreeBSD.ORG > > Subject: TCPDump version in base? > > > > Hey all, maybe I'm missing something but I can't seem to > find > > the version of tcpdump that I'm running. After searching > the > > massive man page and doing a quick "pkg_info | grep tcpdump" > to > > make sure no info was available before posting, I don't know > if > > I'm vulnerable. Does anyone know how to glean the version > > number from tcpdump? > > > > For those who are wondering wth I'm blathering about > regarding > > tcpdump's vulnerability, this SANS blurb should clarify: > > > > > > Tcpdump versions prior to 3.7.2 contain a denial of service > in > > the > > decoding of ISAKMP packets. This allows a remote attacker to > > spoof > > a malicious UDP packet that, when read by a vulnerable > tcpdump > > application, will cause tcpdump to enter an infinite loop. > > > > This vulnerability is confirmed and fixed in version 3.7.2, > > available > > from: > > http://www.tcpdump.org/ > > > > > > ===== > > ----------------------------------------------------------- > > Know yourself and know your enemy and you will never fear > defeat. > > ----------------------------------------------------------- > > > > __________________________________________________ > > Do you Yahoo!? > > Yahoo! Tax Center - forms, calculators, tips, more > > http://taxes.yahoo.com/ > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the > message > > > > ------------------------------------------------------------------ > Andrew McNaughton In Sydney and looking for > work > andrew@scoop.co.nz > http://staff.scoop.co.nz/andrew/cv.doc > Mobile: +61 422 753 792 > > ===== ----------------------------------------------------------- Know yourself and know your enemy and you will never fear defeat. ----------------------------------------------------------- __________________________________________________ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message