Summary: | net-analyzer/tcpdump off-by-one heap overflow in 802.11 printer (CVE-2007-1218) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Executioner <keith> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | netmon |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://seclists.org/fulldisclosure/2007/Mar/0003.html | ||
Whiteboard: | B3 [noglsa] Executioner | ||
Package list: | Runtime testing required: | --- |
Description
Executioner
2007-03-01 18:07:38 UTC
Thanks, patch in 3.9.5-r2! amd64 stabl e Stable for HPPA. Is there a CVE for this issue? What is the potential effect (DoS, crash, system subversion?)? If there isn't already a CVE, could we try to get one so other distros could fix it as well? CVE is a good idea, x86 stable. (In reply to comment #4) > Is there a CVE for this issue? What is the potential effect (DoS, crash, system > subversion?)? > > If there isn't already a CVE, could we try to get one so other distros could > fix it as well? "minor tcpdump 4-byte stack overflow" Michael K. Johnson [johnsonm->rpath.com] has requested a CVE for this. He also reviewed the code and claims at best this is only a DoS. SPARC stable ====================================================== Name: CVE-2007-1218 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1218 Reference: FULDISC:20070301 tcpdump: off-by-one heap overflow in 802.11 printer Reference: URL:http://seclists.org/fulldisclosure/2007/Mar/0003.html Reference: CONFIRM:https://issues.rpath.com/browse/RPL-1100 Reference: MISC:https://bugs.gentoo.org/show_bug.cgi?id=168916 Off-by-one buffer overflow in the parse_elements function in the 802.11 printer code (print-802_11.c) for tcpdump 3.9.5 and earlier allows remote attackers to cause a denial of service (crash) via a crafted 802.11 frame. NOTE: this was originally referred to as heap-based, but it might be stack-based. this issue has been assigned CVE-2007-1218 ppc stable Last comment should have been: "stable on alpha" (Mental note) Don't use bugzilla too early in the morning. Don't use bugzilla too early in the morning. ... Sorry. net-analyzer/tcpdump-3.9.5-r2 stable on ppc64 Stable on MIPS. it seems to be commonly accepted that this is DoS only (i.e. see comment #6), so this should be B3. Voting no just a DoS? -> voting no arm/ia64/s390/sh done |