Synopsis: Moderate: tcpdump security and bug fix update CVE Names: CVE-2007-1218 CVE-2007-3798 Problem description: Moritz Jodeit discovered a denial of service bug in the tcpdump IEEE 802.11 processing code. If a certain link type was explicitly specified, an attacker could inject a carefully crafted frame onto the IEEE 802.11 network that could crash a running tcpdump session. (CVE-2007-1218) An integer overflow flaw was found in tcpdump's BGP processing code. An attacker could execute arbitrary code with the privilege of the pcap user by injecting a crafted frame onto the network. (CVE-2007-3798) In addition, the following bugs have been addressed: * The arpwatch service initialization script would exit prematurely, returning an incorrect successful exit status and preventing the status command from running in case networking is not available. * Tcpdump would not drop root privileges completely when launched with the - -C option. This might have been abused by an attacker to gain root privileges in case a security problem was found in tcpdump. Users of tcpdump are encouraged to specify meaningful arguments to the -Z option in case they want tcpdump to write files with privileges other than of the pcap user. SL5.x SRPMS: tcpdump-3.9.4-11.el5.src.rpm i386: arpwatch-2.1a13-18.el5.i386.rpm libpcap-0.9.4-11.el5.i386.rpm tcpdump-3.9.4-11.el5.i386.rpm x86_64: arpwatch-2.1a13-18.el5.x86_64.rpm libpcap-0.9.4-11.el5.i386.rpm libpcap-0.9.4-11.el5.x86_64.rpm tcpdump-3.9.4-11.el5.x86_64.rpm -Connie Sieh -Troy Dawson