Re: [tcpdump-workers] Research on tcpdump
Specifically we are studying how versions fixed vulnerabilities by diffing the code functions where the CVE states the vulnerability was. We're also wondering why there are no listed CVEs after 2007 for tcpdump. http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=tcpdump Cellular (304) 276-8628 Raymond Borges MSCS/BSCpE SREB Fellow CS Ph.D. Student Lane Department of CS/EE West Virginia University CompTIA A+, Network+, Security+ CE On Fri, Mar 15, 2013 at 8:45 AM, Michael Richardson wrote: > > >>>>> "Raymond" == Raymond Borges writes: > Raymond> I'm doing research on tcpdump and I've been trying to > Raymond> locate the source code for versions previous to 3.5.0 but > Raymond> haven't had much luck. Do you know where I might find > Raymond> these? Thank you. > > hi, 3.5 was released in 2000. > That was the first release by the tcpdump.org group. > > Prior to that it would have been done by the LBL folks... the 3.4 > release was probably 3-4 years earlier.We have the CVS tree back to > the beginning, and it was imported into git, so there maybe some > evidence of what it looked like. > > What specific questions were you trying to answer in your research? > > -- > Michael Richardson > -on the road- > ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Re: [tcpdump-workers] Research on tcpdump
I just needed the versions before 3.x to compare with. The fact that there has been no CVE since 2007 is good. I'll give you an update if we are able to publish something involving tcpdump Thanks again. Cellular (304) 276-8628 Raymond Borges MSCS/BSCpE SREB Fellow CS Ph.D. Student Lane Department of CS/EE West Virginia University CompTIA A+, Network+, Security+ CE On Mon, Mar 18, 2013 at 2:13 PM, Michael Richardson wrote: > > >>>>> "Raymond" == Raymond Borges writes: > Raymond> Specifically we are studying how versions fixed > Raymond> vulnerabilities by diffing the code functions where the CVE > Raymond> states the vulnerability was. We're also wondering why > Raymond> there are no listed CVEs after 2007 for tcpdump. > Raymond> http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=tcpdump > > There would be no CVEs prior to 3.5, because CVEs didn't exist. > > I am unaware of a CVE against tcpdump since 2007. That's good, right? > > -- > ] Never tell me the odds! | ipv6 mesh > networks [ > ] Michael Richardson, Sandelman Software Works| network > architect [ > ] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails >[ > > ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
