Multiple tcpdump / ethereal sniffers vulnerabilities updated since 28.04.2005
Published:		21.06.2005
Source:		BUGTRAQ
SecurityVulns ID:		4735
Type:		remote
Level:		6/10
Description:		Endless loops during handling RSVP, ISIS, BGP, LDP protocols, buffer overflows in ANSI A, GSM MAP, AIM, DISTCC, FCELS, SIP, KINK, LMP, Telnet, TZSP, WSP, BER, SMB, H.245, Bittorrent, Fibre Channel and many others.

Affected:		ETHEREAL : Ethereal 0.10
		TCPDUMP : tcpdump 3.9

Original document		Simon L. Nielsen, Another tcpdump BGP infinite loop vulnerability (CAN-2005-1267) (21.06.2005)
		advisories, remote root security bug in ethereal 0.9.13 >= and <= 0.10.10 (11.05.2005)
		Ejovi Nuwere, [Full-disclosure] [SecurityLab] Ethereal 0.10.10 SIP Dissector Overflow (10.05.2005)
		Ejovi Nuwere, [SecurityLab] Ethereal 0.10.10 SIP Dissector Overflow (10.05.2005)
		SECURITEAM, [NEWS] Ethereal Protocol Dissectors Buffer Overflow Vulnerabilities (06.05.2005)
		Vade 79, tcpdump(/ethereal)[]: (RSVP) rsvp_print() infinite loop DOS. (28.04.2005)
		Vade 79, tcpdump[v3.8.x/v3.9.1]: ISIS, BGP, and LDP infinite loop DOS exploits. (28.04.2005)

Files:		tcpdump(/ethereal)[]: (RSVP) rsvp_print() infinite loop DOS
		tcpdump[3.8.x/3.9.1]: (ISIS) isis_print() infinite loop DOS
		tcpdump[3.8.x]: (BGP) RT_ROUTING_INFO infinite loop DOS
		tcpdump[3.8.x]: (LDP) ldp_print() infinite loop DOS
		Tcpdump Remote Denial of Service Exploit (bgp_update_print)
		Build a BGP4 update message with what you want as payload
		Ethereal <= 0.10.10 dissect_ipc_state() DoS
Discuss:		Read or add your comments to this news (0 comments)