VUPEN Security - Mandriva Security Update Fixes Tcpdump Remote Code Execution Vulnerability / Exploit (Security Advisories)

	Contact \| Site en Français

VUPEN VNS v4.0

Features and Options

Free 14-Day Trial

Partner Program

Receive More Information

Latest Intelligence

VUPEN Security Advisories

Virus and Malware Alerts

VUPEN Security Research

Threat Watch Blog

Zero-Day Monitor

Search Engine

Mailing List & RSS

>> Mandriva Security Update Fixes Tcpdump Remote Code Execution Vulnerability

Title : Mandriva Security Update Fixes Tcpdump Remote Code Execution Vulnerability
VUPEN ID : VUPEN/ADV-2007-2648
CVE ID : CVE-2007-3798
CWE ID : VUPEN VNS Only

CVSS V2 : VUPEN VNS Only

Rated as : High Risk

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-07-26

Technical Description

Receive VUPEN Security alerts in a Text format

Receive VUPEN Security alerts in a PDF format

Receive VUPEN Security alerts in an XML format

A vulnerability has been identified in Mandriva, which could be exploited by attackers to execute arbitrary code. This issue is caused by an error in Tcpdump. For additional information, see : VUPEN/ADV-2007-2578

Affected Products

Mandriva Linux 2007.0
Mandriva Linux 2007.1
Mandriva Corporate 3.0
Mandriva Corporate 4.0

Solution

Upgrade the affected packages :

Mandriva Linux 2007.0:
73a03979bbb0fef6ecca9cfea8c15293 2007.0/i586/tcpdump-3.9.4-1.2mdv2007.0.i586.rpm
767f8fbcc96602d5e85c1131ca789323 2007.0/SRPMS/tcpdump-3.9.4-1.2mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
043b7ecea174ab02b651b78a4d163249 2007.0/x86_64/tcpdump-3.9.4-1.2mdv2007.0.x86_64.rpm
767f8fbcc96602d5e85c1131ca789323 2007.0/SRPMS/tcpdump-3.9.4-1.2mdv2007.0.src.rpm

Mandriva Linux 2007.1:
2d152372297a0797eb2f91d5eea15d31 2007.1/i586/tcpdump-3.9.5-1.1mdv2007.1.i586.rpm
15ded4bd5c5d5dfce05348c7eed0a456 2007.1/SRPMS/tcpdump-3.9.5-1.1mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
0d2602af49e234dbff3cc1cb4f782981 2007.1/x86_64/tcpdump-3.9.5-1.1mdv2007.1.x86_64.rpm
15ded4bd5c5d5dfce05348c7eed0a456 2007.1/SRPMS/tcpdump-3.9.5-1.1mdv2007.1.src.rpm

Corporate 3.0:
3649b10b9d8b03982e40d461bf5f8733 corporate/3.0/i586/tcpdump-3.8.1-1.4.C30mdk.i586.rpm
ec63bb0a8bc2ea06f5f2218c5e0528b7 corporate/3.0/SRPMS/tcpdump-3.8.1-1.4.C30mdk.src.rpm

Corporate 3.0/X86_64:
254d9a3f816f759bacc42e5f24bbc895 corporate/3.0/x86_64/tcpdump-3.8.1-1.4.C30mdk.x86_64.rpm
ec63bb0a8bc2ea06f5f2218c5e0528b7 corporate/3.0/SRPMS/tcpdump-3.8.1-1.4.C30mdk.src.rpm

Corporate 4.0:
51de8a617eeb1ee78dc0c86999911e20 corporate/4.0/i586/tcpdump-3.9.3-1.4.20060mlcs4.i586.rpm
7228692328e815bdd36c34c9c205fd0a corporate/4.0/SRPMS/tcpdump-3.9.3-1.4.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
28924494741b88fd6b3dfdd924e08a96 corporate/4.0/x86_64/tcpdump-3.9.3-1.4.20060mlcs4.x86_64.rpm
7228692328e815bdd36c34c9c205fd0a corporate/4.0/SRPMS/tcpdump-3.9.3-1.4.20060mlcs4.src.rpm

References

http://www.vupen.com/english/advisories/2007/2648
http://archives.mandrivalinux.com/security-announce/2007-07/msg00018.php

ChangeLog

2007-07-26 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts with CVE, CWE, and CVSS when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.

VUPEN Vulnerability
Notification Service

Latest Advisories

>> 2010-03-17

F5 BIG-IP SAM Active Template Library Code Execution Vulnerabilities

>> 2010-03-17

F5 FirePass Active Template Library Code Execution Vulnerabilities

>> 2010-03-17

SAP MaxDB Handshake Request Remote Buffer Overflow Vulnerability

>> 2010-03-17

Windisc Banzhaf File Processing Buffer Overflow Vulnerability

>> 2010-03-17

Redhat Security Update Fixes Kernel Multiple Vulnerabilities

More Informations