Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-255
HistoryFeb 27, 2003 - 12:00 a.m.

tcpdump - infinite loop

2003-02-2700:00:00
Google
osv.dev
9

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Andrew Griffiths and iDEFENSE Labs discovered a problem in tcpdump, a
powerful tool for network monitoring and data acquisition. An
attacker is able to send a specially crafted network packet which
causes tcpdump to enter an infinite loop.

In addition to the above problem the tcpdump developers discovered a
potential infinite loop when parsing malformed BGP packets. They also
discovered a buffer overflow that can be exploited with certain
malformed NFS packets.

For the stable distribution (woody) these problems have been
fixed in version 3.6.2-2.3.

The old stable distribution (potato) does not seem to be affected
by these problems.

For the unstable distribution (sid) these problems have been fixed in
version 3.7.1-1.2.

We recommend that you upgrade your tcpdump packages.

Related

nessus 5
cve 2
debiancve 2
debian 2
suse 1
securityvulns 1
openvas 2
cert 1
redhat 1
ubuntucve 1
exploitpack 1
seebug 1
exploitdb 1
nessus
nessus
Debian DSA-255-1 : tcpdump - infinite loop
2004-09-29 00:00:00
RHEL 2.1 : tcpdump (RHSA-2002:121)
2004-07-06 00:00:00
SUSE-SA:2003:0015: tcpdump
2004-07-25 00:00:00
cve
cve
CVE-2002-0380
2002-06-18 04:00:00
CVE-2003-0108
2003-03-07 05:00:00
debiancve
debiancve
CVE-2002-0380
2002-06-18 04:00:00
CVE-2003-0108
2003-03-07 05:00:00
debian
debian
[SECURITY] [DSA 255-1] New tcpdump packages fix denial of service vulnerability
2003-02-27 20:35:06
[SECURITY] [DSA 255-1] New tcpdump packages fix denial of service vulnerability
2003-02-27 20:35:06
suse
suse
remote system compromise in tcpdump
2003-03-13 15:47:46
securityvulns
securityvulns
iDEFENSE Security Advisory 02.27.03: TCPDUMP Denial of Service Vulnerability in ISAKMP Packet Parsing
2003-02-28 00:00:00
openvas
openvas
Debian Security Advisory DSA 255-1 (tcpdump)
2008-01-17 00:00:00
Debian Security Advisory DSA 255-1 (tcpdump)
2008-01-17 00:00:00
cert
cert
tcpdump enters infinite loop when parsing crafted ISAKMP packets
2003-04-28 00:00:00
redhat
redhat
(RHSA-2003:085) tcpdump security update
2003-01-29 00:00:00
ubuntucve
ubuntucve
CVE-2003-0108
2003-03-07 00:00:00
exploitpack
exploitpack
tcpdump - ISAKMP Identification Payload Integer Overflow
2004-04-05 00:00:00
seebug
seebug
tcpdump ISAKMP Identification payload Integer Overflow Exploit
2004-04-05 00:00:00
exploitdb
exploitdb
tcpdump - ISAKMP Identification Payload Integer Overflow
2004-04-05 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON
Related for OSV:DSA-255
nessus5cve2debiancve2debian2suse1securityvulns1openvas2cert1redhat1ubuntucve1exploitpack1seebug1exploitdb1