<<< Date Index >>>     <<< Thread Index >>>

Re: tcpdump[v3.8.x/v3.9.1]: ISIS, BGP, and LDP infinite loop DOS exploits.



Vade 79 <v9@xxxxxxxxxxx> writes:

> the ISIS bug is in 3.8.x/3.9.1/CVS. (did not check below 3.8.x)

I don't know about 3.7 but at least tcpdump 3.6 isn't vulnerable to this
one.

> the BGP and LDP bugs seem to be only in 3.8.x. (did not check below
> 3.8.x)

The LDP one isn't in tcpdump 3.6 either (no LDP dissector) but the BGP
one is.  A security update for Debian stable (tcpdump 3.6.2) is pending.

Thanks,

-- 
  ,''`.
 : :' :        Romain Francoise <rfrancoise@xxxxxxxxxx>
 `. `'         http://people.debian.org/~rfrancoise/
   `-