Description
The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the decode_prefix4 function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted BGP packet.
Affected products
- gentoo / linux
- lbl / tcpdump3.4a6 – 3.4a6
- lbl / tcpdump3.5 – 3.5
- lbl / tcpdump3.5.2 – 3.5.2
- lbl / tcpdump3.5_alpha – 3.5_alpha
- lbl / tcpdump3.6.2 – 3.6.2
- lbl / tcpdump3.6.3 – 3.6.3
- lbl / tcpdump3.7 – 3.7
- lbl / tcpdump3.7.1 – 3.7.1
- lbl / tcpdump3.7.2 – 3.7.2
- lbl / tcpdump3.8.1 – 3.8.1
- lbl / tcpdump3.8.2 – 3.8.2
- lbl / tcpdump3.8.3 – 3.8.3
- lbl / tcpdump3.9 – 3.9
- lbl / tcpdump3.9.1 – 3.9.1
- lbl / tcpdump3.4 – 3.4
- mandrakesoft / mandrake_linux10.1 – 10.1
- mandrakesoft / mandrake_linux10.1 – 10.1
- mandrakesoft / mandrake_linux10.2 – 10.2
- mandrakesoft / mandrake_linux10.2 – 10.2
- RedHat / fedora_corecore_3.0 – core_3.0
- RedHat / fedora_corecore_4.0 – core_4.0
- trustix / secure_linux2.0 – 2.0
- trustix / secure_linux2.1 – 2.1
- trustix / secure_linux2.2 – 2.2
References
- MISChttp://www.securityfocus.com/bid/13906
- VENDOR_ADVISORYhttp://secunia.com/advisories/17118
- MISChttp://www.trustix.org/errata/2005/0028/
- MISChttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=159208
- VENDOR_ADVISORYhttp://secunia.com/advisories/15634/
- MISChttp://www.redhat.com/support/errata/RHSA-2005-505.html
- MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11148
- MISChttp://www.redhat.com/archives/fedora-announce-list/2005-June/msg00007.html
- MISChttp://www.securityfocus.com/archive/1/430292/100/0/threaded
- VENDOR_ADVISORYhttp://www.debian.org/security/2005/dsa-854