TCPDump: Decoding routines Denial of Service vulnerability — GLSA 200505-06

A flaw in the decoding of network packets renders TCPDump vulnerable to a remote Denial of Service attack.

Affected Packages

net-analyzer/tcpdump on all architectures
Affected versions < 3.8.3-r3
Unaffected versions >= 3.8.3-r3

Background

TCPDump is a tool for network monitoring and data acquisition.

Description

TCPDump improperly handles and decodes ISIS (CAN-2005-1278), BGP (CAN-2005-1267, CAN-2005-1279), LDP (CAN-2005-1279) and RSVP (CAN-2005-1280) packets. TCPDump might loop endlessly after receiving malformed packets.

Impact

A malicious remote attacker can exploit the decoding issues for a Denial of Service attack by sending specially crafted packets, possibly causing TCPDump to loop endlessly.

Workaround

There is no known workaround at this time.

Resolution

All TCPDump users should upgrade to the latest available version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-analyzer/tcpdump-3.8.3-r3"

References

Release Date
May 09, 2005

Latest Revision
June 12, 2005: 02

Severity
normal

Exploitable
remote

Bugzilla entries