Updated tcpdump, libpcap, and arpwatch packages are available for Red Hat Linux 6.2 and 7.x. These updates close a buffer overflow when handling NFS packets. [Update 3 October 2002] Replacement packages have been added for Red Hat Linux 6.2 as the previous packages could not be installed with the version of RPM that shipped with Red Hat Linux 6.2. Replacement packages have also been added for Red Hat Linux 7.0 as the previous packages were not built correctly.
tcpdump is a command-line tool for monitoring network traffic. Versions of tcpdump up to and including 3.6.2 have a buffer overflow that can be triggered when tracing the network by a bad NFS packet. We are not yet aware if this issue is fully exploitable; however, users of tcpdump are advised to upgrade to these errata packages which contain a patch for this issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0380 to this issue. This issue was found by David Woodhouse of Red Hat.