Snort TCPDUMP security issue
-
Hello,
there might be a security risk in tcpdump which is shown below:
http://cvs.tcpdump.org/cgi-bin/cvsweb/tcpdump/print-bgp.c?r1=1.91.2.11&r2=1.91.2.12
http://www.digit-labs.org/files/exploits/private/tcpdump-bgp.c
Is the bsd system (pfsense) affected by this problem with the tcpdump interface ?
Thanks in advance.
SKA
-
Doubt it. That exploit appears to target bgp and it is geared against linux? The exploit will not even compile on a FreeBSD box so I cannot check it (and I do not use linux).
-
So please have a look:
http://security.freebsd.org/advisories/FreeBSD-SA-07:06.tcpdump.asc
I already mentioned it, now there is an entry in freebsd-sec list.
Can you please comment ?
SKA
-
We will create a new fix as soon as FreeBSD commits the fix to the security branches.
-
Please test this fix by uploading to System -> Firmware update
http://www.pfsense.com/~sullrich/1.0.1-tcpdumpfix.tgz
If it works okay for you I will release the update ASAP. PS: after installation please verify that your filter logs show up in Diagnostics -> System Logs