SecurityTracker.com Archives - Tcpdump Buffer Overflow in 'print-bgp.c' Lets Remote Users Execute Arbitrary Code

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us | Help |

SecurityTracker
Archives

Click to Sign Up

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Sign Up!

Category: Application (Generic) > Tcpdump

Vendors: Tcpdump.org

Tcpdump Buffer Overflow in 'print-bgp.c' Lets Remote Users Execute Arbitrary Code

SecurityTracker Alert ID: 1018434

SecurityTracker URL: http://securitytracker.com/id?1018434

CVE Reference: CVE-2007-3798 (Links to External Site)

Date: Jul 19 2007

Impact: Execution of arbitrary code via network, User access via network

Exploit Included: Yes

Version(s): 3.9.6, possibly other versions

Description: A vulnerability was reported in Tcpdump. A remote user can execute arbitrary code on the target system.

A remote user can send specially crafted BGP data to trigger a buffer overflow and execute arbitrary code on the target system. The code will run with the privileges of the target service.

The vulnerability resides in 'print-bgp.c'.

mu-b reported this vulnerability.

A demonstration exploit is available at:

http://www.digit-labs.org/files/exploits/private/tcpdump-bgp.c

Impact: A remote user can execute arbitrary code on the target system.

Solution: No solution was available at the time of this entry.

Vendor URL: www.tcpdump.org/ (Links to External Site)

Cause: Boundary error

Underlying OS: Linux (Any), UNIX (Any)

Message History: This archive entry has one or more follow-up message(s) listed below.

Aug 2 2007	(FreeBSD Issues Fix) Tcpdump Buffer Overflow in 'print-bgp.c' Lets Remote Users Execute Arbitrary Code (FreeBSD Security Advisories <security-advisories@freebsd.org>) FreeBSD has released a fix.
Nov 7 2007	(Red Hat Issues Fix) Tcpdump Buffer Overflow in 'print-bgp.c' Lets Remote Users Execute Arbitrary Code (bugzilla@redhat.com) Red Hat has released a fix for Red Hat Enterprise Linux 5.
Nov 16 2007	(Red Hat Issues Fix) Tcpdump Buffer Overflow in 'print-bgp.c' Lets Remote Users Execute Arbitrary Code (bugzilla@redhat.com) Red Hat has released a fix for Red Hat Enterprise Linux 4.
Jun 26 2009	(NetBSD Issues Fix) Tcpdump Buffer Overflow in 'print-bgp.c' Lets Remote Users Execute Arbitrary Code NetBSD has issued a fix for NetBSD 4.0.

Source Message Contents

Date: Thu, 19 Jul 2007 16:33:58 -0400
Subject: tcpdump

 
 
CVE-2007-3798

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us | Help
Copyright 2007, SecurityGlobal.net LLC