RHSA-2003:151: tcpdump security update
Description
Updated tcpdump packages that fix an infinite loop vulnerability and drop privileges on startup are now available.
Tcpdump is a command-line tool for monitoring network traffic. A vulnerability exists in tcpdump before 3.7.2 and is related to an inability to handle unknown RADIUS attributes properly. This vulnerability allows remote attackers to cause a denial of service (infinite loop). The Red Hat tcpdump packages advertise that, by default, tcpdump will drop privileges to user 'pcap'. Due to a compilation error this did not happen, and tcpdump would run as root unless the '-U' flag was specified. Users of tcpdump are advised to upgrade to these errata packages, which contain a patch correcting the RADIUS issue and are compiled so that by default tcpdump will drop privileges to the 'pcap' user.
Solution(s)
- redhat-upgrade-arpwatch
- redhat-upgrade-libpcap
- redhat-upgrade-tcpdump
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center