libpcap

Carsten Gehrke carsten at rollinghorse.com
Mon Nov 25 09:36:09 PST 2002


At 06:43 25-11-02, you wrote:
>On Mon, 25 Nov 2002 14:34:19 -0000
>"Matthew Burgess" <ca9mbu at eos.sunderland.ac.uk> wrote:
>
> >
> > Either of these any good for you Ian?  Hint
> > 
> http://www.google.com/search?q=libpcap&hl=en&lr=&ie=UTF-8&oe=UTF-8&start=10&
> > sa=N :)
>
>Im just a little worried about the recent tcpdump? trojan...

As you should be.  I narrowly escaped getting that trojan because I did not 
trust the MD5 fingerprint that was available from the tcpdump.org 
site.  Check with CERT for the details, but here is a relevant excerpt from 
their advisory which I received a few hours after I downloaded tcpdump from 
the main site:

    Where to get libpcap and tcpdump

    While the compromise of these distributions is being investigated, the
    tcpdump   and   libpcap  maintainers  recommend  using  the  following
    distribution sites:

           http://sourceforge.net/projects/tcpdump/
           http://sourceforge.net/projects/libpcap/

    Sites  that  mirror  the  source  code  are  encouraged  to verify the
    integrity of their sources. We also encourage users to inspect any and
    all  other software that may have been downloaded from the compromised
    site.  Note  that  it  is  not sufficient to rely on the timestamps or
    sizes  of  the file when trying to determine whether or not you have a
    copy of the Trojan horse version.

    Verifying checksums

    The MD5 hashes of the vendor suggested updates for libpcap and tcpdump
    are as follows:

      tcpdump

        md5sum 03e5eac68c65b7e6ce8da03b0b0b225e tcpdump-3.7.1.tar.gz

      libpcap

        md5sum 0597c23e3496a5c108097b2a0f1bd0c7 libpcap-0.7.1.tar.gz

Remember, this is not the full message, but I think it includes what you 
need.  Of course, why would you trust some guy on a mailing list...

-- 
Carsten Gehrke     LFS No.: 190    using Linux since kernel 0.98
carsten at gehrke.org

-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe blfs-support' in the subject header of the message



More information about the blfs-support mailing list