Vulnerability in Gentoo Linux

CVE-2005-1267

The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the decode_prefix4 function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted BGP packet.

EPSS: 0.135 (96.0th percentile) — read the EPSS interpretation.

Affected products

Gentoo Linux
Lbl Tcpdump — versions 3.4, 3.4a6, 3.5
Mandrakesoft Mandrake_linux — versions 10.1, 10.2
Trustix Secure_linux — versions 2.0, 2.1, 2.2
Redhat Fedora_core — versions core_3.0, core_4.0
N/a — versions n/a

References

secalert@redhat.com (vdb-entry, x_refsource_BID)
secalert@redhat.com (x_refsource_SECUNIA, third-party-advisory)
secalert@redhat.com (vendor-advisory, Patch, x_refsource_TRUSTIX, Vendor Advisory)
secalert@redhat.com (Patch, x_refsource_MISC, Vendor Advisory)
secalert@redhat.com (Patch, x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_OVAL, signature, vdb-entry)
secalert@redhat.com (x_refsource_FEDORA, vendor-advisory, Patch, Vendor Advisory)
secalert@redhat.com (x_refsource_FEDORA, vendor-advisory)
secalert@redhat.com (vendor-advisory, x_refsource_DEBIAN)