ID CVE-2007-3798
Summary Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value.
References
Vulnerable Configurations
  • cpe:2.3:a:tcpdump:tcpdump:3.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:tcpdump:tcpdump:3.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:tcpdump:tcpdump:3.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:tcpdump:tcpdump:3.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:tcpdump:tcpdump:3.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:tcpdump:tcpdump:3.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:tcpdump:tcpdump:3.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:tcpdump:tcpdump:3.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:tcpdump:tcpdump:3.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:tcpdump:tcpdump:3.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:tcpdump:tcpdump:3.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:tcpdump:tcpdump:3.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:tcpdump:tcpdump:3.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:tcpdump:tcpdump:3.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:tcpdump:tcpdump:3.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:tcpdump:tcpdump:3.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:tcpdump:tcpdump:3.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:tcpdump:tcpdump:3.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:tcpdump:tcpdump:3.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:tcpdump:tcpdump:3.8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:tcpdump:tcpdump:3.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:tcpdump:tcpdump:3.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:tcpdump:tcpdump:3.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:tcpdump:tcpdump:3.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:tcpdump:tcpdump:3.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:tcpdump:tcpdump:3.9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:tcpdump:tcpdump:3.9.5:*:*:*:*:*:*:*
    cpe:2.3:a:tcpdump:tcpdump:3.9.5:*:*:*:*:*:*:*
  • cpe:2.3:a:tcpdump:tcpdump:3.9.6:*:*:*:*:*:*:*
    cpe:2.3:a:tcpdump:tcpdump:3.9.6:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 15-10-2018 - 21:30)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
oval via4
accepted 2013-04-29T04:22:02.123-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value.
family unix
id oval:org.mitre.oval:def:9771
status accepted
submitted 2010-07-09T03:56:16-04:00
title Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value.
version 24
redhat via4
advisories
  • bugzilla
    id 250275
    title CVE-2007-3798 tcpdump BGP integer overflow
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • OR
      • AND
        • comment arpwatch is earlier than 14:2.1a13-18.el5
          oval oval:com.redhat.rhsa:tst:20070368004
        • comment arpwatch is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070368005
      • AND
        • comment libpcap is earlier than 14:0.9.4-11.el5
          oval oval:com.redhat.rhsa:tst:20070368006
        • comment libpcap is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070368007
      • AND
        • comment libpcap-devel is earlier than 14:0.9.4-11.el5
          oval oval:com.redhat.rhsa:tst:20070368008
        • comment libpcap-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070368009
      • AND
        • comment tcpdump is earlier than 14:3.9.4-11.el5
          oval oval:com.redhat.rhsa:tst:20070368002
        • comment tcpdump is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070368003
    rhsa
    id RHSA-2007:0368
    released 2007-11-07
    severity Moderate
    title RHSA-2007:0368: tcpdump security and bug fix update (Moderate)
  • bugzilla
    id 250275
    title CVE-2007-3798 tcpdump BGP integer overflow
    oval
    AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhba:tst:20070304001
    • OR
      • AND
        • comment arpwatch is earlier than 14:2.1a13-12.el4
          oval oval:com.redhat.rhsa:tst:20070387004
        • comment arpwatch is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070387005
      • AND
        • comment libpcap is earlier than 14:0.8.3-12.el4
          oval oval:com.redhat.rhsa:tst:20070387006
        • comment libpcap is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070387007
      • AND
        • comment tcpdump is earlier than 14:3.8.2-12.el4
          oval oval:com.redhat.rhsa:tst:20070387002
        • comment tcpdump is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070387003
    rhsa
    id RHSA-2007:0387
    released 2007-11-15
    severity Moderate
    title RHSA-2007:0387: tcpdump security and bug fix update (Moderate)
rpms
  • arpwatch-14:2.1a13-18.el5
  • libpcap-14:0.9.4-11.el5
  • libpcap-devel-14:0.9.4-11.el5
  • tcpdump-14:3.9.4-11.el5
  • arpwatch-14:2.1a13-12.el4
  • libpcap-14:0.8.3-12.el4
  • tcpdump-14:3.8.2-12.el4
refmap via4
apple APPLE-SA-2007-12-17
bid 24965
bugtraq 20070720 rPSA-2007-0147-1 tcpdump
cert TA07-352A
confirm
debian DSA-1353
freebsd FreeBSD-SA-07:06
gentoo GLSA-200707-14
mandriva MDKSA-2007:148
misc
sectrack 1018434
secunia
  • 26135
  • 26168
  • 26223
  • 26231
  • 26263
  • 26266
  • 26286
  • 26395
  • 26404
  • 26521
  • 27580
  • 28136
slackware SSA:2007-230-01
suse SUSE-SR:2007:016
trustix 2007-0023
turbo TLSA-2007-46
ubuntu USN-492-1
vupen
  • ADV-2007-2578
  • ADV-2007-4238
statements via4
contributor Joshua Bressers
lastmodified 2007-07-31
organization Red Hat
statement This issue does not affect the version of tcpdump shipped in Red Hat Enterprise Linux 2.1 or 3. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=250275 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
Last major update 15-10-2018 - 21:30
Published 16-07-2007 - 22:30
Back to Top