|
 |
|
tcpdump / libpcap trojan horse versions
|
|
|
|
|
Secunia Advisory:
|
SA7511
|
|
|
Release Date:
|
2002-11-14
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | libpcap 0.x
tcpdump 3.x
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
tcpdump and libpcap files which has been downloaded from tcpdump.org and mirrors from 11th November till 13th November may contain a trojan horse.
The trojaned files where named:
tcpdump-3.6.2.tar.gz
tcpdump-3.7.1.tar.gz
libpcap-0.7.1.tar.gz
The trojan contacts a specific host, downloads some code and opens a shell for the malicious host on request.
Solution:
We recommend that you verify the tcpdump and libpcap files you have downloaded, the md5sums are as follows:
md5sum tcpdump-3.7.1.tar.gz
03e5eac68c65b7e6ce8da03b0b0b225e
md5sum libpcap-0.7.1.tar.gz
0597c23e3496a5c108097b2a0f1bd0c7
If you do not have md5sum installed on your system you ought to get it from your vendor, it is an easy and fast way to verify the integrity of downloaded files.
Fresh non trojaned versions may be found here:
http://sourceforge.net/projects/tcpdump/
http://sourceforge.net/projects/libpcap/
If your system has had a trojaned version you ought to reinstall, see also:
http://www.cert.org/tech_tips/root_compromise.html
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
7 Related Secunia Security Advisories
|
|
|
1. tcpdump print-bgp.c Buffer Overflow Vulnerability
|
|
2. tcpdump 802.11 "parse_elements()" Off-By-One Vulnerability
|
|
3. tcpdump BGP Denial of Service Vulnerability
|
|
4. tcpdump Multiple Denial of Service Vulnerabilities
|
|
5. TCPDUMP ISAKMP Payload Handling Denial of Service Vulnerabilities
|
|
6. tcpdump ISAKMP and RADIUS Packet Handling Vulnerabilities
|
|
7. tcpdump Denial of Service
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
|
|
Secunia PSI
Scan | Patch | Track
Free Download
|
|
|
Secunia Poll
|
|
|
|
|
 |
|
|
Most Popular Advisories
|
|
|
|
|
|
