Snort TCPDUMP security issue

ska007 · Jul 20, 2007, 11:44 AM

Hello,

there might be a security risk in tcpdump which is shown below:

http://cvs.tcpdump.org/cgi-bin/cvsweb/tcpdump/print-bgp.c?r1=1.91.2.11&r2=1.91.2.12

http://www.digit-labs.org/files/exploits/private/tcpdump-bgp.c

Is the bsd system (pfsense) affected by this problem with the tcpdump interface ?

Thanks in advance.

SKA

sullrich · Jul 21, 2007, 7:15 PM

Doubt it. That exploit appears to target bgp and it is geared against linux? The exploit will not even compile on a FreeBSD box so I cannot check it (and I do not use linux).

ska007 · Aug 1, 2007, 9:55 PM

So please have a look:

http://security.freebsd.org/advisories/FreeBSD-SA-07:06.tcpdump.asc

I already mentioned it, now there is an entry in freebsd-sec list.

Can you please comment ?

SKA

sullrich · Aug 2, 2007, 12:20 AM

We will create a new fix as soon as FreeBSD commits the fix to the security branches.

sullrich · Aug 2, 2007, 12:52 AM

Please test this fix by uploading to System -> Firmware update

http://www.pfsense.com/~sullrich/1.0.1-tcpdumpfix.tgz

If it works okay for you I will release the update ASAP. PS: after installation please verify that your filter logs show up in Diagnostics -> System Logs