[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: tcpdump[v3.8.x/v3.9.1]: ISIS, BGP, and LDP infinite loop DOS exploits.

To: Vade 79 <v9@xxxxxxxxxxx>
Subject: Re: tcpdump[v3.8.x/v3.9.1]: ISIS, BGP, and LDP infinite loop DOS exploits.
From: Romain Francoise <rfrancoise@xxxxxxxxxx>
Date: Wed, 27 Apr 2005 22:21:42 +0200

Vade 79 <v9@xxxxxxxxxxx> writes:

> the ISIS bug is in 3.8.x/3.9.1/CVS. (did not check below 3.8.x)

I don't know about 3.7 but at least tcpdump 3.6 isn't vulnerable to this
one.

> the BGP and LDP bugs seem to be only in 3.8.x. (did not check below
> 3.8.x)

The LDP one isn't in tcpdump 3.6 either (no LDP dissector) but the BGP
one is.  A security update for Debian stable (tcpdump 3.6.2) is pending.

Thanks,

-- 
  ,''`.
 : :' :        Romain Francoise <rfrancoise@xxxxxxxxxx>
 `. `'         http://people.debian.org/~rfrancoise/
   `-

References:
- tcpdump[v3.8.x/v3.9.1]: ISIS, BGP, and LDP infinite loop DOS exploits.
  - From: Vade 79

Prev by Date: Re: tcpdump(/ethereal)[]: (RSVP) rsvp_print() infinite loop DOS.
Next by Date: OT: Two Factor Authentication on Linux / Mac / Windows
Previous by thread: tcpdump[v3.8.x/v3.9.1]: ISIS, BGP, and LDP infinite loop DOS exploits.
Next by thread: [PLSN-0007] new libcdaudio package available
Index(es):
- Date
- Thread