Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 95349

Summary: net-analyzer/tcpdump BGP infinite loop vulnerability (CAN-2005-1267)
Product: Gentoo Security Reporter: Thierry Carrez (RETIRED) <koon>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: adirab, netmon
Priority: High    
Version: unspecified   
Hardware: All   
OS: Other   
Whiteboard: B3 [glsa]
Package list:
Runtime testing required: ---
Attachments:
Description Flags
tcpdump-bgp-infinite-loop2.patch none

Description Thierry Carrez (RETIRED) gentoo-dev 2005-06-07 07:56:24 UTC 
While working on the recent tcpdump issues (CAN-2005-1278, CAN-2005-1279, and CAN-2005-1280) Simon L. Nielsen from FreeBSD Security Team discovered that there is another similar infinite loop DoS vulnerability in the BGP handling code.
Comment 1 Thierry Carrez (RETIRED) gentoo-dev 2005-06-07 07:57:58 UTC 
Created attachment 60774 [details, diff]
tcpdump-bgp-infinite-loop2.patch
Comment 2 Thierry Carrez (RETIRED) gentoo-dev 2005-06-07 08:02:42 UTC 
netmon: please bump with patch
Comment 3 Thierry Carrez (RETIRED) gentoo-dev 2005-06-09 10:29:47 UTC 
*** Bug 95578 has been marked as a duplicate of this bug. ***
Comment 4 Marcelo Goes (RETIRED) gentoo-dev 2005-06-09 14:47:06 UTC 
Bumped -r3 with patch.
Comment 5 Thierry Carrez (RETIRED) gentoo-dev 2005-06-10 00:36:44 UTC 
Target KEYWORDS="x86 ppc sparc mips alpha arm hppa ia64 amd64 ppc64"
Arches, please test and mark stable
Comment 6 Jan Brinkmann (RETIRED) gentoo-dev 2005-06-10 09:14:13 UTC 
stable on amd64
Comment 7 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-06-10 12:14:13 UTC 
Stable on ppc.
Comment 8 René Nussbaumer (RETIRED) gentoo-dev 2005-06-10 13:23:13 UTC 
Stable on hppa.
Comment 9 Aron Griffis (RETIRED) gentoo-dev 2005-06-10 13:31:01 UTC 
stable on alpha ia64
Comment 10 SpanKY gentoo-dev 2005-06-10 23:44:29 UTC 
arm stable
Comment 11 Yuta SATOH (RETIRED) gentoo-dev 2005-06-11 01:18:08 UTC 
Stable on ppc64.
Comment 12 Thierry Carrez (RETIRED) gentoo-dev 2005-06-11 01:28:52 UTC 
Ready for GLSA vote.
I would say YES, perhaps as an update to GLSA 200505-06 ?
Comment 13 Matthias Geerdsen (RETIRED) gentoo-dev 2005-06-11 08:50:27 UTC 
/me votes yes too
An update to 200505-06 sounds good since it already mentions BGP etc. anyways.
Comment 14 Thierry Carrez (RETIRED) gentoo-dev 2005-06-13 14:06:24 UTC 
sent as GLSA 200505-06 update
mips: remember to mark stable to benefit from GLSA
Comment 15 Hardave Riar (RETIRED) gentoo-dev 2005-07-02 13:35:42 UTC 
Stable on mips.