CVE-2007-3798: Integer Overflow
First published: Mon Jul 16 2007(Updated: )
Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tcpdump Tcpdump | <=3.9.6 | |
| Canonical Ubuntu Linux | =6.06 | |
| Canonical Ubuntu Linux | =6.10 | |
| Canonical Ubuntu Linux | =7.04 | |
| Debian Debian Linux | =3.1 | |
| Debian Debian Linux | =4.0 | |
| Slackware Slackware | =9.0 | |
| Slackware Slackware | =9.1 | |
| Slackware Slackware | =10.0 | |
| Slackware Slackware | =10.1 | |
| Slackware Slackware | =10.2 | |
| Slackware Slackware | =11.0 | |
| Slackware Slackware | =12.0 | |
| FreeBSD FreeBSD | >=5.0<5.5 | |
| FreeBSD FreeBSD | >=6.0<6.1 | |
| FreeBSD FreeBSD | =5.5 | |
| FreeBSD FreeBSD | =5.5-p1 | |
| FreeBSD FreeBSD | =5.5-p11 | |
| FreeBSD FreeBSD | =5.5-p12 | |
| FreeBSD FreeBSD | =5.5-p13 | |
| FreeBSD FreeBSD | =5.5-p14 | |
| FreeBSD FreeBSD | =5.5-p2 | |
| FreeBSD FreeBSD | =5.5-p3 | |
| FreeBSD FreeBSD | =5.5-p4 | |
| FreeBSD FreeBSD | =5.5-p5 | |
| FreeBSD FreeBSD | =5.5-p7 | |
| FreeBSD FreeBSD | =5.5-p8 | |
| FreeBSD FreeBSD | =5.5-p9 | |
| FreeBSD FreeBSD | =6.1 | |
| FreeBSD FreeBSD | =6.1-p1 | |
| FreeBSD FreeBSD | =6.1-p10 | |
| FreeBSD FreeBSD | =6.1-p11 | |
| FreeBSD FreeBSD | =6.1-p12 | |
| FreeBSD FreeBSD | =6.1-p13 | |
| FreeBSD FreeBSD | =6.1-p16 | |
| FreeBSD FreeBSD | =6.1-p17 | |
| FreeBSD FreeBSD | =6.1-p18 | |
| FreeBSD FreeBSD | =6.1-p2 | |
| FreeBSD FreeBSD | =6.1-p4 | |
| FreeBSD FreeBSD | =6.1-p6 | |
| FreeBSD FreeBSD | =6.1-p7 | |
| FreeBSD FreeBSD | =6.1-p9 | |
| FreeBSD FreeBSD | =6.2 | |
| FreeBSD FreeBSD | =6.2-p1 | |
| FreeBSD FreeBSD | =6.2-p4 | |
| FreeBSD FreeBSD | =6.2-p5 | |
| FreeBSD FreeBSD | =6.2-p6 | |
| Apple Mac OS X | >=10.0.0<10.4.11 | |
| Apple Mac OS X Server | >=10.0.0<10.4.11 |
Remedy
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.449313
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://bugs.gentoo.org/show_bug.cgi?id=184815
- http://cvs.tcpdump.org/cgi-bin/cvsweb/tcpdump/print-bgp.c?r1=1.91.2.11&r2=1.91.2.12
- http://docs.info.apple.com/article.html?artnum=307179
- http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
- http://secunia.com/advisories/26135
- http://secunia.com/advisories/26168
- http://secunia.com/advisories/26223
- http://secunia.com/advisories/26231
- http://secunia.com/advisories/26263
- http://secunia.com/advisories/26266
- http://secunia.com/advisories/26286
- http://secunia.com/advisories/26395
- http://secunia.com/advisories/26404
- http://secunia.com/advisories/26521
- http://secunia.com/advisories/27580
- http://secunia.com/advisories/28136
- http://security.freebsd.org/advisories/FreeBSD-SA-07:06.tcpdump.asc
- http://security.gentoo.org/glsa/glsa-200707-14.xml
- http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.449313
- http://www.debian.org/security/2007/dsa-1353
- http://www.digit-labs.org/files/exploits/private/tcpdump-bgp.c
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:148
- http://www.novell.com/linux/security/advisories/2007_16_sr.html
- http://www.redhat.com/support/errata/RHSA-2007-0368.html
- http://www.redhat.com/support/errata/RHSA-2007-0387.html
- http://www.securityfocus.com/archive/1/474225/100/0/threaded
- http://www.securityfocus.com/bid/24965
- http://www.securitytracker.com/id?1018434
- http://www.trustix.org/errata/2007/0023/
- http://www.turbolinux.com/security/2007/TLSA-2007-46.txt
- http://www.ubuntu.com/usn/usn-492-1
- http://www.us-cert.gov/cas/techalerts/TA07-352A.html
- http://www.vupen.com/english/advisories/2007/2578
- http://www.vupen.com/english/advisories/2007/4238
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9771
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/author
- agent/remedy
- agent/severity
- agent/weakness
- agent/description
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/softwarecombine
- agent/tags
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/tcpdump
- canonical/tcpdump tcpdump
- version/tcpdump tcpdump/3.9.6
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/6.06
- version/canonical ubuntu linux/6.10
- version/canonical ubuntu linux/7.04
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/3.1
- version/debian debian linux/4.0
- vendor/slackware
- canonical/slackware slackware
- version/slackware slackware/9.0
- version/slackware slackware/9.1
- version/slackware slackware/10.0
- version/slackware slackware/10.1
- version/slackware slackware/10.2
- version/slackware slackware/11.0
- version/slackware slackware/12.0
- vendor/freebsd
- canonical/freebsd freebsd
- version/freebsd freebsd/5.0
- version/freebsd freebsd/6.0
- version/freebsd freebsd/5.5
- version/freebsd freebsd/5.5-p1
- version/freebsd freebsd/5.5-p11
- version/freebsd freebsd/5.5-p12
- version/freebsd freebsd/5.5-p13
- version/freebsd freebsd/5.5-p14
- version/freebsd freebsd/5.5-p2
- version/freebsd freebsd/5.5-p3
- version/freebsd freebsd/5.5-p4
- version/freebsd freebsd/5.5-p5
- version/freebsd freebsd/5.5-p7
- version/freebsd freebsd/5.5-p8
- version/freebsd freebsd/5.5-p9
- version/freebsd freebsd/6.1
- version/freebsd freebsd/6.1-p1
- version/freebsd freebsd/6.1-p10
- version/freebsd freebsd/6.1-p11
- version/freebsd freebsd/6.1-p12
- version/freebsd freebsd/6.1-p13
- version/freebsd freebsd/6.1-p16
- version/freebsd freebsd/6.1-p17
- version/freebsd freebsd/6.1-p18
- version/freebsd freebsd/6.1-p2
- version/freebsd freebsd/6.1-p4
- version/freebsd freebsd/6.1-p6
- version/freebsd freebsd/6.1-p7
- version/freebsd freebsd/6.1-p9
- version/freebsd freebsd/6.2
- version/freebsd freebsd/6.2-p1
- version/freebsd freebsd/6.2-p4
- version/freebsd freebsd/6.2-p5
- version/freebsd freebsd/6.2-p6
- vendor/apple
- canonical/apple mac os x
- version/apple mac os x/10.0.0
- canonical/apple mac os x server
- version/apple mac os x server/10.0.0