forked from the-tcpdump-group/tcpdump-htdocs
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsecurity.html
More file actions
135 lines (126 loc) · 5.91 KB
/
Copy pathsecurity.html
File metadata and controls
135 lines (126 loc) · 5.91 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
<!DOCTYPE html>
<!--
Created by : Luis MartinGarcia <http://www.aldabaknocking.com>
Original design : "Collaboration" by Free CSS Templates (later "TEMPLATED")
Original license : Creative Commons Attribution 2.5 License
-->
<html lang="en">
<!-- HEAD -->
<head>
<meta charset="utf-8">
<title>Security | TCPDUMP & LIBPCAP</title>
<meta name="description" content="Web site of Tcpdump and Libpcap">
<link href="style.css" rel="stylesheet" type="text/css" media="screen">
<link href="images/T-32x32.png" rel="shortcut icon" type="image/png">
</head>
<!-- END OF HTML HEAD -->
<!-- BODY -->
<body>
<!-- TOP MENU -->
<div id="menu">
<ul>
<li><a href="index.html">Home</a></li>
<li class="current_page_item"><a href="security.html">Security</a></li>
<li><a href="faq.html">FAQ</a></li>
<li><a href="manpages/">Man Pages</a></li>
<li><a href="ci.html">CI</a></li>
<li><a href="linktypes.html">Link-Layer Header Types</a></li>
<li><a href="bpfexam/">BPF Exam</a></li>
<li><a href="related.html">See Also</a></li>
<li><a href="old_releases.html">Old Releases</a></li>
</ul>
</div>
<!-- END OF TOP MENU -->
<!-- PAGE HEADER -->
<div id="splash">
<br><img src="images/logo.png" alt="">
</div>
<div id="logo">
<hr>
</div>
<!-- END OF PAGE HEADER -->
<!-- PAGE CONTENTS -->
<div id="page">
<div class="post">
<h2 class="title">
CVE Numbering Authority
</h2>
<div class="entry">
<p>
The Tcpdump Group
<a class=away
href="https://www.cve.org/PartnerInformation/ListofPartners/partner/Tcpdump">
participates</a> in MITRE's CVE Program as a CNA (CVE
Numbering Authority) with the scope limited to tcpdump
and libpcap vulnerabilities. Any involvement with
vulnerabilities in other software can be considered on
a case by case basis only if the software is closely
related to packet capture and analysis and if the case
does not belong to the scope of another CNA.
</p>
</div>
</div>
<div class="post">
<h2 class="title">
Security Contacts and Vulnerability Disclosure Policy
</h2>
<div class="entry">
<p>
Vulnerabilities reported to The Tcpdump Group via
<a href="mailto:security@tcpdump.org">security@tcpdump.org</a>
will be disclosed to the
public at the next release of tcpdump.
</p>
<p>
As a volunteer run open source organization, The
Tcpdump Group can not promise to release within a set
period like 90 days.
</p>
<p>
The Tcpdump Group aims to release twice a year,
usually in March and November of each year. This
is a best effort commitment. We will attempt to
ship more often but this will depend upon
availability of volunteer time.
</p>
<p>
Each release will do its best to credit the
reporter with the identifying of the vulnerability.
Each reported issue will be given a CVE number at
the time of reporting. You can find a list of the most
recently processed CVEs <a href="public-cve-list.txt">here</a>.
</p>
<p>
Bug reports should include a sample pcap (or
pcapng) file that demonstrates the problem.
An effort will be made to keep the sample file
confidential until the bug has been fixed. Once
fixed, the sample file is expected to be released
publicly as part of a test case.
</p>
<p>
Vulnerabilities found in unreleased public branches
may be reported and patched publicly on GitHub.
Vulnerabilities found in released code <strong>should</strong> be
communicated with <a href="mailto:security@tcpdump.org">security@tcpdump.org</a>.
For reasons of <a class=away href="https://wiki.list.org/DEV/DMARC">DMARC</a>,
this is a moderated mailing list to which the
public can not subscribe, but submissions will be
moderated and responded to on weekly basis.
</p>
</div>
</div>
</div>
<!-- END OF PAGE CONTENTS -->
<!-- FOOTER -->
<div id="footer">
<p>
© 2010–2023 The Tcpdump Group. Designed by
<a class=away href="https://www.luismg.com/">Luis MartinGarcia</a>;
based on a template by TEMPLATED.
</p>
</div>
<!-- END OF FOOTER -->
</body>
<!-- END OF HTML BODY -->
</html>