Multiple Vulnerabilities in tcpdump, (Tue, Jan 31st)

A Debian security update for tcpdump 32 different vulnerabilities in tcpdump that are addressed by this update [1]. While there are not a lot of details available yet, some of the vulnerabilities can apparently be used to execute arbitrary code. 

This is in particular worrying if you use tcpdump to look at live attack traffic. Of course, remember that you can have tcpdump relinquish its root privileges after you start it up (-Z userid) , but it would still have the ability to execute code as the user running tcpdump.

All tcpdump versions prior to 4.9.0 may be vulnerable. (again, not a lot of details yet)




Johannes B. Ullrich, Ph.D.


Source: SANS Internet Storm Center, InfoCON: green @ January 31, 2017 at 04:36PM