First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 95349
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Thierry Carrez (RETIRED) <koon@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
tcpdump-bgp-infinite-loop2.patch tcpdump-bgp-infinite-loop2.patch patch Thierry Carrez (RETIRED) 2005-06-07 07:57 0000 423 bytes Details | Diff
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 95349 depends on: Show dependency tree
Bug 95349 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2005-06-07 07:56 0000 
While working on the recent tcpdump issues (CAN-2005-1278, CAN-2005-1279, and
CAN-2005-1280) Simon L. Nielsen from FreeBSD Security Team discovered that
there is another similar infinite loop DoS vulnerability in the BGP handling
code.

------- Comment #1 From Thierry Carrez (RETIRED) 2005-06-07 07:57:58 0000 ------- 
Created an attachment (id=60774) [details]
tcpdump-bgp-infinite-loop2.patch

------- Comment #2 From Thierry Carrez (RETIRED) 2005-06-07 08:02:42 0000 ------- 
netmon: please bump with patch

------- Comment #3 From Thierry Carrez (RETIRED) 2005-06-09 10:29:47 0000 ------- 
*** Bug 95578 has been marked as a duplicate of this bug. ***

------- Comment #4 From Marcelo Goes 2005-06-09 14:47:06 0000 ------- 
Bumped -r3 with patch.

------- Comment #5 From Thierry Carrez (RETIRED) 2005-06-10 00:36:44 0000 ------- 
Target KEYWORDS="x86 ppc sparc mips alpha arm hppa ia64 amd64 ppc64"
Arches, please test and mark stable

------- Comment #6 From Jan Brinkmann (RETIRED) 2005-06-10 09:14:13 0000 ------- 
stable on amd64

------- Comment #7 From Michael Hanselmann (hansmi) (RETIRED) 2005-06-10 12:14:13 0000 ------- 
Stable on ppc.

------- Comment #8 From René Nussbaumer 2005-06-10 13:23:13 0000 ------- 
Stable on hppa.

------- Comment #9 From Aron Griffis (RETIRED) 2005-06-10 13:31:01 0000 ------- 
stable on alpha ia64

------- Comment #10 From SpanKY 2005-06-10 23:44:29 0000 ------- 
arm stable

------- Comment #11 From Yuta SATOH (RETIRED) 2005-06-11 01:18:08 0000 ------- 
Stable on ppc64.

------- Comment #12 From Thierry Carrez (RETIRED) 2005-06-11 01:28:52 0000 ------- 
Ready for GLSA vote.
I would say YES, perhaps as an update to GLSA 200505-06 ?

------- Comment #13 From Matthias Geerdsen 2005-06-11 08:50:27 0000 ------- 
/me votes yes too
An update to 200505-06 sounds good since it already mentions BGP etc. anyways.

------- Comment #14 From Thierry Carrez (RETIRED) 2005-06-13 14:06:24 0000 ------- 
sent as GLSA 200505-06 update
mips: remember to mark stable to benefit from GLSA

------- Comment #15 From Hardave Riar (RETIRED) 2005-07-02 13:35:42 0000 ------- 
Stable on mips.
First Last Prev Next    No search results available      Search page      Enter new bug