[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: weird tcpdump dependency on libaviplaydha

* martin f krafft (madduck@debian.org) [030704 03:59]:
> also sprach Vineet Kumar <debian-user@virtual.doorstop.net> [2003.07.03.2026 +0200]:
> > My next suspicion is that although tcpdump itself is fine, libpcap
> > may be screwy.  I have libpcap0.7 0.7.2-1 here.
> You got it. Now either my libpcap got trojaned, or corrupted. How
> can I find out? The MD5sum is different, the size is identical.

Not sure.  The only libpcap vulnerability I remember hearing about was a
compile-time trojan (IIRC).  It sounds very strange, though, that a
corrupted file would still be a valid and that ldd would give sane
results instead of crapping out completely.  Although, I guess if the
magic numbers and some headers are correct, ldd could do its thing.
It could have somehow gotten crossed up with another library which does
depend on libaviplaydha.so?

> And to be honest: I highly doubt that someone got into this system.
> It's not on a network and locked in my office...

Not on a network?  So what do you need tcpdump for? ;-)

good times,
"Extremism in the defense of liberty is no vice.
Moderation in the pursuit of justice is no virtue."  -- Barry Goldwater 

Attachment: signature.asc
Description: Digital signature

Reply to: