similar to: FreeBSD Security Advisory: FreeBSD-SA-00:61.tcpdump

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:61 Security Advisory FreeBSD, Inc. Topic: tcpdump contains remote vulnerabilities [REISSUED] Category: core Module: tcpdump Announced:

On Sun, 13 Apr 2003, Guy Harris gharris-at-sonic.net |TCPdump Workers| wrote: > It is probably not impossible to add a "pcap_dump_open_append()" > function to libpcap that would do that, and, given that function, one > could probably add a new command-line flag to get tcpdump to append to > a capture file rather than truncating and overwriting it. That would be very handy,

Did the latest Centos4.x kernel break the ability to tcpdump with any amount of traffic? Machines that used to be able to keep up now show a few packets and stop - if you hit ^C they take a minute or so to do anything, then show something like: 54 packets captured 18188 packets received by filter 18070 packets dropped by kernel Before recent updates I almost never saw packets 'dropped

Okey, this might be considered slightly off topic, but I thought this would be a good place to ask. I've been having some problems on my workstation, where I see the disk being pounded away at, however I don't know whats causing it. No large disk transfers are (should) be happening during these times, no database reconstructs, not the dreaded "locatedb" updater, just X, a

CentOS Errata and Security Advisory 2007:0387 https://rhn.redhat.com/errata/RHSA-2007-0387.html The following updated files have been uploaded and are currently syncing to the mirrors: ia64: updates/ia64/RPMS/arpwatch-2.1a13-12.el4.ia64.rpm updates/ia64/RPMS/libpcap-0.8.3-12.el4.ia64.rpm updates/ia64/RPMS/tcpdump-3.8.2-12.el4.ia64.rpm -- Pasi Pirhonen - upi@iki.fi - http://pasi.pirhonen.eu/

CentOS Errata and Security Advisory 2007:0387 https://rhn.redhat.com/errata/RHSA-2007-0387.html The following updated files have been uploaded and are currently syncing to the mirrors: s390: updates/s390/RPMS/arpwatch-2.1a13-12.el4.s390.rpm updates/s390/RPMS/libpcap-0.8.3-12.el4.s390.rpm updates/s390/RPMS/tcpdump-3.8.2-12.el4.s390.rpm s390x: updates/s390x/RPMS/arpwatch-2.1a13-12.el4.s390x.rpm

CentOS Errata and Security Advisory 2005:505 https://rhn.redhat.com/errata/RHSA-2005-505.html The following updated files have been uploaded and are currently syncing to the mirrors for both CentOS 4.0 and 4.1: i386: arpwatch-2.1a13-10.RHEL4.i386.rpm libpcap-0.8.3-10.RHEL4.i386.rpm tcpdump-3.8.2-10.RHEL4.i386.rpm src: tcpdump-3.8.2-10.RHEL4.src.rpm -------------- next part -------------- A

CentOS Errata and Security Advisory 2005:505 https://rhn.redhat.com/errata/RHSA-2005-505.html The following updated files have been uploaded and are currently syncing to the mirrors: x86_64: arpwatch-2.1a13-10.RHEL4.x86_64.rpm libpcap-0.8.3-10.RHEL4.x86_64.rpm tcpdump-3.8.2-10.RHEL4.x86_64.rpm tcpdump-3.8.2-10.RHEL4.i386.rpm src: tcpdump-3.8.2-10.RHEL4.src.rpm -------------- next part

CentOS Errata and Security Advisory 2005:505 https://rhn.redhat.com/errata/RHSA-2005-505.html The following updated files have been uploaded and are currently syncing to the mirrors: files: updates/ia64/RPMS/arpwatch-2.1a13-10.RHEL4.ia64.rpm updates/ia64/RPMS/libpcap-0.8.3-10.RHEL4.ia64.rpm updates/ia64/RPMS/tcpdump-3.8.2-10.RHEL4.ia64.rpm -- Pasi Pirhonen - upi@iki.fi -

Dear list, About a week ago, right after 5.4-RELEASE was released, I received a mail from Gentoo Linux's security announcement list about a flaw in tcpdump and gzip. Since none of them are operating system related, I assumed a -p1 and -p2 of the 5.4-RELEASE. Instead, we got a patch for the HTT security issue so I wonder, is the FreeBSD version of tcpdump and/or gzip are secured or simply

Hi, I have a FreeBSD 4.8 box connected to the net which until recently hasn't had any problems. Today DNS lookups mysteriously stopped working (the box has tinydns & dnscache installed to handle dns requests). I noticed some strange things while checking the problem with tcpdump. Tcpdump appears not to show any traffic whatsoever on either my external interface or internal lan interface,

Subject: user/3610: repetable tcpdump remote crash Resent-Date: Sat, 20 Dec 2003 08:55:02 -0700 (MST) Resent-From: gnats@cvs.openbsd.org (GNATS Filer) Resent-To: bugs@cvs.openbsd.org Date: Sat, 20 Dec 2003 16:42:25 +0100 (CET) From: venglin@freebsd.lublin.pl Reply-To: venglin@freebsd.lublin.pl To: gnats@openbsd.org >Number: 3610 >Category: user >Synopsis: repetable

Dagmar d'Surreal wrote: > Original text cut My fault is that the instructions were for SlackwareLinux 3.3 andI *did not* mention that! Please, accept my appologies ... But also you can read from the INSTALL of tcpdump, that *if* you want you can leave it under the structure of tcpdump source tree, especially if you have any problems. On my system it wouldn't want to compile

Whenever tcpdump fills a savefile to capacity (-C option) and tries to open a new one, I get the following AVC denial: kernel: audit(1204485464.409:106): avc: denied { search } for pid=2702 comm="tcpdump" name="/" dev=hdb1 ino=2 scontext=system_u:system_r:netutils_t:s0 t context=system_u:object_r:default_t:s0 tclass=dir Any suggestions as the the proper fix to make this

Hi Guys, OK, I figured out the problem, It would seem that Comcast spelling my DNS entry wrong would do it! I have done this a zillion times, I was totally stumped as to what I would be missing this time. Thanks everyone for their help. -Jason ----- Original Message ----- From: "Kai Schaetzl" <maillists at conactive.com> To: centos at centos.org Sent: Tuesday, December 22,

Dear Sir, I have point-point ethernet connections to my linux boxes on which I am running Zebra OSPFD. I am unable to understand the output of the tcpdump. Please clarify the terms in the output. The output of the command tcpdump on BOX 1 is as follows: I have also shown a part of my network below. 14:0831.849801 eth0 M 192.168.2.2 > 224.0.0.5: OSPF v2-hello 48: rtrid 192.168.4.2 backbone

Dear All I have put tcpdump trace on port 4957 on my CentOS server , as the following : #tcpdump port 4957 I want to obtain the payload data to see what is realy being exchanged between my CentOS server and the outside network element . Can you please let me know how I can modify my command ? Thank you _________________________________________________________________ Your

Dear Ladies and Gentlemen, I am writing about to say that tcpdump-smb on our multi protocol network (IP, NetBEUI, and SNA) occasionally reports hyperlong packets that look to contain the data of other packets (see previous posting about this). When Mr Tridgells patches are applied to the latest tcpdump (3.4a6, the one on ftp.ee.lbl.gov) the results are the same. The one reply to my letter about

I've written a very simple utility that can convert from tcpdump capture format to microsoft network monitor (netmon) format. We are using this to help us get the new NT domain controller code working. Some people may find this useful for other things. It's available at ftp://samba.anu.edu.au/pub/samba/tcpdump-smb/capconvert.c Andrew

I got a packet capture of one of the SSH2 sessions trying to log in as a couple of illegal usernames. The contents of one packet suggests an attempt to buffer overflow the SSH server; ethereal's SSH decoding says "overly large value". It didn't seem to work against my system (I see no strange processes running; all files changed in past ten days look normal). I am