Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 95578 - net-analyzer/tcpdump BGP Decoding Routines Denial Of Service Vulnerability
Summary: net-analyzer/tcpdump BGP Decoding Routines Denial Of Service Vulnerability
Status: RESOLVED DUPLICATE of bug 95349
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal
Assignee: Gentoo Security
URL: http://www.securityfocus.com/bid/13906
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-06-09 10:08 UTC by Adir Abraham
Modified: 2005-06-09 10:29 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Adir Abraham 2005-06-09 10:08:52 UTC
According to SecurityFocus.com:

tcpdump is prone to a vulnerability that may allow a remote attacker to cause a
denial of service condition in the software. The issue occurs due to the way
tcpdump decodes Border Gateway Protocol (BGP) packets. A remote attacker may
cause the software to enter an infinite loop by sending malformed ISIS packets
resulting in the software hanging.

Vulnerable:
LBL tcpdump 3.9.1
LBL tcpdump 3.9
LBL tcpdump 3.8.3 

Reproducible: Always
Steps to Reproduce:
Comment 1 Thierry Carrez (RETIRED) gentoo-dev 2005-06-09 10:29:46 UTC

*** This bug has been marked as a duplicate of 95349 ***