The Security team is scanning our ESX servers and getting a hit entitled: "tcpdump print-bgp.c Buffer Overflow Vulnerability"
It has bugtraq id 115598 and says "tcpdump is prone to a vulnerability which potentially can be exploited by malicious people to compromise a user's system."
To resolve it I am thinking of removing the tcpdump rpm. Any thoughts on this plan? I assume the rpm is just there for troubleshooting purposes.
Sean
i`d wonder if tcpdump on esx would have any purpose besides making troubleshooting easier - but - anyway - it`s not a security problem if you don`t use it. the vulnerability only may hit you if you run tcpdump and some malicious packet hit`s the nic you´re sniffing
i`d wonder if tcpdump on esx would have any purpose besides making troubleshooting easier - but - anyway - it`s not a security problem if you don`t use it. the vulnerability only may hit you if you run tcpdump and some malicious packet hit`s the nic you´re sniffing