Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 95349 - net-analyzer/tcpdump BGP infinite loop vulnerability (CAN-2005-1267)
Summary: net-analyzer/tcpdump BGP infinite loop vulnerability (CAN-2005-1267)
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Other
: High minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [glsa]
: 95578 (view as bug list)
Depends on:
Reported: 2005-06-07 07:56 UTC by Thierry Carrez (RETIRED)
Modified: 2005-07-02 13:35 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

tcpdump-bgp-infinite-loop2.patch (tcpdump-bgp-infinite-loop2.patch,423 bytes, patch)
2005-06-07 07:57 UTC, Thierry Carrez (RETIRED)
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Thierry Carrez (RETIRED) gentoo-dev 2005-06-07 07:56:24 UTC
While working on the recent tcpdump issues (CAN-2005-1278, CAN-2005-1279, and CAN-2005-1280) Simon L. Nielsen from FreeBSD Security Team discovered that there is another similar infinite loop DoS vulnerability in the BGP handling code.
Comment 1 Thierry Carrez (RETIRED) gentoo-dev 2005-06-07 07:57:58 UTC
Created attachment 60774 [details, diff]
Comment 2 Thierry Carrez (RETIRED) gentoo-dev 2005-06-07 08:02:42 UTC
netmon: please bump with patch
Comment 3 Thierry Carrez (RETIRED) gentoo-dev 2005-06-09 10:29:47 UTC
*** Bug 95578 has been marked as a duplicate of this bug. ***
Comment 4 Marcelo Goes (RETIRED) gentoo-dev 2005-06-09 14:47:06 UTC
Bumped -r3 with patch.
Comment 5 Thierry Carrez (RETIRED) gentoo-dev 2005-06-10 00:36:44 UTC
Target KEYWORDS="x86 ppc sparc mips alpha arm hppa ia64 amd64 ppc64"
Arches, please test and mark stable
Comment 6 Jan Brinkmann (RETIRED) gentoo-dev 2005-06-10 09:14:13 UTC
stable on amd64
Comment 7 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-06-10 12:14:13 UTC
Stable on ppc.
Comment 8 René Nussbaumer (RETIRED) gentoo-dev 2005-06-10 13:23:13 UTC
Stable on hppa.
Comment 9 Aron Griffis (RETIRED) gentoo-dev 2005-06-10 13:31:01 UTC
stable on alpha ia64
Comment 10 SpanKY gentoo-dev 2005-06-10 23:44:29 UTC
arm stable
Comment 11 Yuta SATOH (RETIRED) gentoo-dev 2005-06-11 01:18:08 UTC
Stable on ppc64.
Comment 12 Thierry Carrez (RETIRED) gentoo-dev 2005-06-11 01:28:52 UTC
Ready for GLSA vote.
I would say YES, perhaps as an update to GLSA 200505-06 ?
Comment 13 Matthias Geerdsen (RETIRED) gentoo-dev 2005-06-11 08:50:27 UTC
/me votes yes too
An update to 200505-06 sounds good since it already mentions BGP etc. anyways.
Comment 14 Thierry Carrez (RETIRED) gentoo-dev 2005-06-13 14:06:24 UTC
sent as GLSA 200505-06 update
mips: remember to mark stable to benefit from GLSA
Comment 15 Hardave Riar (RETIRED) gentoo-dev 2005-07-02 13:35:42 UTC
Stable on mips.