CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
87.2%
Tcpdump version 3.5 contains a buffer overflow vulnerability permitting unauthorized remote root access.
Tcpdump version 3.5 added support for handling AFS packets. Unfortunately the code responsible for printing AFS access control lists contains an unchecked buffer that can be overflowed by a remote attacker by sending a crafted AFS packet into the target network. Any machine on the target network that is running tcpdump with a large (> ~500) snaplen argument when the hostile packet arrives can be made to execute arbitrary code. Since tcpdump requires root privileges in order to run, the arbitrary code will also run with root privileges. Fixed in version 3.6.1.
Note that a program that successfully exploits this vulnerability was publicly released on the BugTraq mailing list on January 11, 2001.
Attackers can remotely execute arbitrary code with root privileges on a vulnerable host.
Upgrade to version 3.6.1 or greater.
Filter incoming dst UDP 7000 packets from untrusted networks. Exclude dst UDP 7000 packets from tcpdump capture, e.g. “tcpdump not udp dst port 7000”.
776781
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: June 21, 2001
Affected
See <ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:61,tcpdump.v1.1.asc>
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23776781 Feedback>).
Updated: June 21, 2001
Affected
See <http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-056.php3?dis=7.2>
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23776781 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
First public disclosure by [email protected] and the !Hispahack Research Team.
CVE IDs: | CVE-2000-1026 |
---|---|
Severity Metric: | 16.03 Date Public: |