95349 – net-analyzer/tcpdump BGP infinite loop vulnerability (CAN-2005-1267)

Bug 95349 - net-analyzer/tcpdump BGP infinite loop vulnerability (CAN-2005-1267)

Summary: net-analyzer/tcpdump BGP infinite loop vulnerability (CAN-2005-1267)

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Other

Importance:	High minor (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B3 [glsa]
Keywords:

Duplicates (1):	95578 (view as bug list)
Depends on:
Blocks:

Reported:	2005-06-07 07:56 UTC by Thierry Carrez (RETIRED)
Modified:	2005-07-02 13:35 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
tcpdump-bgp-infinite-loop2.patch (tcpdump-bgp-infinite-loop2.patch,423 bytes, patch) 2005-06-07 07:57 UTC, Thierry Carrez (RETIRED)	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thierry Carrez (RETIRED) gentoo-dev

2005-06-07 07:56:24 UTC

While working on the recent tcpdump issues (CAN-2005-1278, CAN-2005-1279, and CAN-2005-1280) Simon L. Nielsen from FreeBSD Security Team discovered that there is another similar infinite loop DoS vulnerability in the BGP handling code.

Comment 1 Thierry Carrez (RETIRED) gentoo-dev

2005-06-07 07:57:58 UTC

Created attachment 60774 [details, diff]
tcpdump-bgp-infinite-loop2.patch

Comment 2 Thierry Carrez (RETIRED) gentoo-dev

2005-06-07 08:02:42 UTC

netmon: please bump with patch

Comment 3 Thierry Carrez (RETIRED) gentoo-dev

2005-06-09 10:29:47 UTC

*** Bug 95578 has been marked as a duplicate of this bug. ***

Comment 4 Marcelo Goes (RETIRED) gentoo-dev

2005-06-09 14:47:06 UTC

Bumped -r3 with patch.

Comment 5 Thierry Carrez (RETIRED) gentoo-dev

2005-06-10 00:36:44 UTC

Target KEYWORDS="x86 ppc sparc mips alpha arm hppa ia64 amd64 ppc64"
Arches, please test and mark stable

Comment 6 Jan Brinkmann (RETIRED) gentoo-dev

2005-06-10 09:14:13 UTC

stable on amd64

Comment 7 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev

2005-06-10 12:14:13 UTC

Stable on ppc.

Comment 8 René Nussbaumer (RETIRED) gentoo-dev

2005-06-10 13:23:13 UTC

Stable on hppa.

Comment 9 Aron Griffis (RETIRED) gentoo-dev

2005-06-10 13:31:01 UTC

stable on alpha ia64

Comment 10 SpanKY gentoo-dev

2005-06-10 23:44:29 UTC

arm stable

Comment 11 Yuta SATOH (RETIRED) gentoo-dev

2005-06-11 01:18:08 UTC

Stable on ppc64.

Comment 12 Thierry Carrez (RETIRED) gentoo-dev

2005-06-11 01:28:52 UTC

Ready for GLSA vote.
I would say YES, perhaps as an update to GLSA 200505-06 ?

Comment 13 Matthias Geerdsen (RETIRED) gentoo-dev

2005-06-11 08:50:27 UTC

/me votes yes too
An update to 200505-06 sounds good since it already mentions BGP etc. anyways.

Comment 14 Thierry Carrez (RETIRED) gentoo-dev

2005-06-13 14:06:24 UTC

sent as GLSA 200505-06 update
mips: remember to mark stable to benefit from GLSA

Comment 15 Hardave Riar (RETIRED) gentoo-dev

2005-07-02 13:35:42 UTC

Stable on mips.