sharvey2
Contributor
Contributor

tcpdump ::: Can I remove it?

Jump to solution

The Security team is scanning our ESX servers and getting a hit entitled: "tcpdump print-bgp.c Buffer Overflow Vulnerability"

It has bugtraq id 115598 and says "tcpdump is prone to a vulnerability which potentially can be exploited by malicious people to compromise a user's system."

To resolve it I am thinking of removing the tcpdump rpm. Any thoughts on this plan? I assume the rpm is just there for troubleshooting purposes.

Sean

0 Kudos
1 Solution

Accepted Solutions
devzero
Expert
Expert

i`d wonder if tcpdump on esx would have any purpose besides making troubleshooting easier - but - anyway - it`s not a security problem if you don`t use it. the vulnerability only may hit you if you run tcpdump and some malicious packet hit`s the nic you´re sniffing

View solution in original post

0 Kudos
1 Reply
devzero
Expert
Expert

i`d wonder if tcpdump on esx would have any purpose besides making troubleshooting easier - but - anyway - it`s not a security problem if you don`t use it. the vulnerability only may hit you if you run tcpdump and some malicious packet hit`s the nic you´re sniffing

View solution in original post

0 Kudos