Re: tcpdump[v3.8.x/v3.9.1]: ISIS, BGP, and LDP infinite loop DOS exploits.

To: Vade 79 <v9@xxxxxxxxxxx>
Subject: Re: tcpdump[v3.8.x/v3.9.1]: ISIS, BGP, and LDP infinite loop DOS exploits.
From: Romain Francoise <rfrancoise@xxxxxxxxxx>
Date: Wed, 27 Apr 2005 22:21:42 +0200
Cc: bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <20050426100057.1748.qmail@xxxxxxxxxxxxxxxxxxxxx> (Vade's message of "26 Apr 2005 10:00:57 -0000")
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mail-copies-to: nobody
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Organization: The Debian Project
References: <20050426100057.1748.qmail@xxxxxxxxxxxxxxxxxxxxx>

Vade 79 <v9@xxxxxxxxxxx> writes:

> the ISIS bug is in 3.8.x/3.9.1/CVS. (did not check below 3.8.x)

I don't know about 3.7 but at least tcpdump 3.6 isn't vulnerable to this
one.

> the BGP and LDP bugs seem to be only in 3.8.x. (did not check below
> 3.8.x)

The LDP one isn't in tcpdump 3.6 either (no LDP dissector) but the BGP
one is.  A security update for Debian stable (tcpdump 3.6.2) is pending.

Thanks,

-- 
  ,''`.
 : :' :        Romain Francoise <rfrancoise@xxxxxxxxxx>
 `. `'         http://people.debian.org/~rfrancoise/
   `-

References:
- tcpdump[v3.8.x/v3.9.1]: ISIS, BGP, and LDP infinite loop DOS exploits.
  - From: Vade 79

Prev by Date: Re: tcpdump(/ethereal)[]: (RSVP) rsvp_print() infinite loop DOS.
Next by Date: OT: Two Factor Authentication on Linux / Mac / Windows
Previous by thread: tcpdump[v3.8.x/v3.9.1]: ISIS, BGP, and LDP infinite loop DOS exploits.
Next by thread: [PLSN-0007] new libcdaudio package available
Index(es):
- Date
- Thread