Hello, welcome to the Thursday, February 2, 2017 edition of the Sandtonet Storm Center's Stormcast. My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Let me first start with a quick update on the TCP dump vulnerabilities that were announced yesterday. First of all, if you're running Linux, many Linux distributions do have an update

available, so apply that. FreePSD also has an update available. Now, there's nothing at tpdump.org

as of this time, I just checked before I started recording. Now, as far as workarounds go, the vulnerabilities all happen when packet data is being printed

to the screen.

So as long as you just write it to a file, you should be okay.

At least that sort of my read of the patches that were released to that, but I may have

been missing something here.

Secondly, well, of course, you don't want to be rude to limit the impact of the vulnerability.

And to do this, you can either have TCP dump relinquish root privileges after it starts listening

or better.

You don't even run it as rude.

Instead, you just assign the P-Cap capabilities to the user running TCPDump,

and that way you avoid all these pseudo-issues that you have with T-SprDump.

So get patching on this.

A little bit odd.

There isn't really a lot of talk about this vulnerability.

Maybe this one could have used a logo.

I see it as a little bit more severe than some of the other

logo vulnerabilities we had in the past. Maybe it's also lucky that as a result we don't really

have an exploit floating around the public yet. And we've got a great diary again from Xavier.

He's writing about what he found on a compromised server that was used to hand out malware.

...