Solved: Re: tcpdump ::: Can I remove it?

sharvey2 · ‎01-21-2008

The Security team is scanning our ESX servers and getting a hit entitled: "tcpdump print-bgp.c Buffer Overflow Vulnerability"

It has bugtraq id 115598 and says "tcpdump is prone to a vulnerability which potentially can be exploited by malicious people to compromise a user's system."

To resolve it I am thinking of removing the tcpdump rpm. Any thoughts on this plan? I assume the rpm is just there for troubleshooting purposes.

Sean

devzero · ‎01-21-2008

i`d wonder if tcpdump on esx would have any purpose besides making troubleshooting easier - but - anyway - it`s not a security problem if you don`t use it. the vulnerability only may hit you if you run tcpdump and some malicious packet hit`s the nic you´re sniffing

View solution in original post

devzero · ‎01-21-2008

i`d wonder if tcpdump on esx would have any purpose besides making troubleshooting easier - but - anyway - it`s not a security problem if you don`t use it. the vulnerability only may hit you if you run tcpdump and some malicious packet hit`s the nic you´re sniffing

All

tcpdump ::: Can I remove it?