ID CVE-2005-1279
Summary tcpdump 3.8.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted (1) BGP packet, which is not properly handled by RT_ROUTING_INFO, or (2) LDP packet, which is not properly handled by the ldp_print function.
References
Vulnerable Configurations
  • cpe:2.3:a:lbl:tcpdump:3.8.3
    cpe:2.3:a:lbl:tcpdump:3.8.3
CVSS
Base: 5.0 (as of 10-05-2005 - 15:55)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
exploit-db via4
  • description Tcpdump 3.8.x (rt_routing_info) Infinite Loop Denial of Service Exploit. CVE-2005-1279. Dos exploit for linux platform
    id EDB-ID:958
    last seen 2016-01-31
    modified 2005-04-26
    published 2005-04-26
    reporter vade79
    source https://www.exploit-db.com/download/958/
    title Tcpdump 3.8.x rt_routing_info Infinite Loop Denial of Service Exploit
  • description Tcpdump 3.8.x (ldp_print) Infinite Loop Denial of Service Exploit. CVE-2005-1279. Dos exploit for linux platform
    id EDB-ID:957
    last seen 2016-01-31
    modified 2005-04-26
    published 2005-04-26
    reporter vade79
    source https://www.exploit-db.com/download/957/
    title Tcpdump 3.8.x ldp_print Infinite Loop Denial of Service Exploit
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200505-06.NASL
    description The remote host is affected by the vulnerability described in GLSA-200505-06 (TCPDump: Decoding routines Denial of Service vulnerability) TCPDump improperly handles and decodes ISIS (CAN-2005-1278), BGP (CAN-2005-1267, CAN-2005-1279), LDP (CAN-2005-1279) and RSVP (CAN-2005-1280) packets. TCPDump might loop endlessly after receiving malformed packets. Impact : A malicious remote attacker can exploit the decoding issues for a Denial of Service attack by sending specially crafted packets, possibly causing TCPDump to loop endlessly. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 18232
    published 2005-05-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18232
    title GLSA-200505-06 : TCPDump: Decoding routines Denial of Service vulnerability
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-850.NASL
    description 'Vade 79' discovered that the BGP dissector in tcpdump, a powerful tool for network monitoring and data acquisition, does not properly handle RT_ROUTING_INFO. A specially crafted BGP packet can cause a denial of service via an infinite loop.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 19958
    published 2005-10-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19958
    title Debian DSA-850-1 : tcpdump - infinite loop
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2005-087.NASL
    description A number of Denial of Service vulnerabilities were discovered in the way that tcpdump processes certain network packets. If abused, these flaws can allow a remote attacker to inject a carefully crafted packet onto the network, crashing tcpdump. The provided packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 18276
    published 2005-05-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18276
    title Mandrake Linux Security Advisory : tcpdump (MDKSA-2005:087)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-417.NASL
    description Updated tcpdump packages that fix several security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. This updated package also adds support for output files larger than 2 GB. Tcpdump is a command-line tool for monitoring network traffic. Several denial of service bugs were found in the way tcpdump processes certain network packets. It is possible for an attacker to inject a carefully crafted packet onto the network, crashing a running tcpdump session. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2005-1278, CVE-2005-1279, and CVE-2005-1280 to these issues. The tcpdump utility can now write a file larger than 2 GB. Users of tcpdump are advised to upgrade to these erratum packages, which contain backported security patches and are not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 18238
    published 2005-05-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18238
    title RHEL 4 : tcpdump (RHSA-2005:417)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-119-1.NASL
    description It was discovered that certain invalid GRE, LDP, BGP, and RSVP packets triggered infinite loops in tcpdump, which caused tcpdump to stop working. This could be abused by a remote attacker to bypass tcpdump analysis of network traffic. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 20507
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20507
    title Ubuntu 4.10 / 5.04 : tcpdump vulnerabilities (USN-119-1)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2005-421.NASL
    description Updated tcpdump packages that fix several security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. These updated packages also add support for output files larger than 2 GB, add support for some new VLAN IDs, and fix message parsing on 64bit architectures. Tcpdump is a command-line tool for monitoring network traffic. Several denial of service bugs were found in the way tcpdump processes certain network packets. It is possible for an attacker to inject a carefully crafted packet onto the network, crashing a running tcpdump session. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2005-1278, CVE-2005-1279, and CVE-2005-1280 to these issues. Additionally, the tcpdump utility can now write a file larger than 2 GB, parse some new VLAN IDs, and parse messages on 64bit architectures. Users of tcpdump are advised to upgrade to these erratum packages, which contain backported security patches and are not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 21823
    published 2006-07-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21823
    title CentOS 3 : tcpdump (CESA-2005:421)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-421.NASL
    description Updated tcpdump packages that fix several security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. These updated packages also add support for output files larger than 2 GB, add support for some new VLAN IDs, and fix message parsing on 64bit architectures. Tcpdump is a command-line tool for monitoring network traffic. Several denial of service bugs were found in the way tcpdump processes certain network packets. It is possible for an attacker to inject a carefully crafted packet onto the network, crashing a running tcpdump session. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2005-1278, CVE-2005-1279, and CVE-2005-1280 to these issues. Additionally, the tcpdump utility can now write a file larger than 2 GB, parse some new VLAN IDs, and parse messages on 64bit architectures. Users of tcpdump are advised to upgrade to these erratum packages, which contain backported security patches and are not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 18239
    published 2005-05-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18239
    title RHEL 3 : tcpdump (RHSA-2005:421)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2005-417.NASL
    description Updated tcpdump packages that fix several security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. This updated package also adds support for output files larger than 2 GB. Tcpdump is a command-line tool for monitoring network traffic. Several denial of service bugs were found in the way tcpdump processes certain network packets. It is possible for an attacker to inject a carefully crafted packet onto the network, crashing a running tcpdump session. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2005-1278, CVE-2005-1279, and CVE-2005-1280 to these issues. The tcpdump utility can now write a file larger than 2 GB. Users of tcpdump are advised to upgrade to these erratum packages, which contain backported security patches and are not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 21936
    published 2006-07-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21936
    title CentOS 3 / 4 : tcpdump (CESA-2005:417)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_9FAE0F1FDF8211D9B8750001020EED82.NASL
    description Problem Description Several tcpdump protocol decoders contain programming errors which can cause them to go into infinite loops. Impact An attacker can inject specially crafted packets into the network which, when processed by tcpdump, could lead to a denial-of-service. After the attack, tcpdump would no longer capture traffic, and would potentially use all available processor time.
    last seen 2019-02-21
    modified 2018-11-21
    plugin id 19052
    published 2005-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19052
    title FreeBSD : tcpdump -- infinite loops in protocol decoding (9fae0f1f-df82-11d9-b875-0001020eed82)
oval via4
accepted 2013-04-29T04:20:34.728-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description tcpdump 3.8.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted (1) BGP packet, which is not properly handled by RT_ROUTING_INFO, or (2) LDP packet, which is not properly handled by the ldp_print function.
family unix
id oval:org.mitre.oval:def:9601
status accepted
submitted 2010-07-09T03:56:16-04:00
title tcpdump 3.8.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted (1) BGP packet, which is not properly handled by RT_ROUTING_INFO, or (2) LDP packet, which is not properly handled by the ldp_print function.
version 23
redhat via4
advisories
  • rhsa
    id RHSA-2005:417
  • rhsa
    id RHSA-2005:421
refmap via4
bid 13389
bugtraq 20050426 tcpdump[v3.8.x/v3.9.1]: ISIS, BGP, and LDP infinite loop DOS exploits.
debian DSA-850
fedora FLSA:156139
sco SCOSA-2005.60
secunia
  • 15125
  • 17101
  • 18146
Last major update 19-08-2013 - 00:40
Published 02-05-2005 - 00:00
Last modified 19-10-2018 - 11:31
Back to Top