Info

Disclosure

Mar 01, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Tcpdump contains a flaw that may allow a remote denial of service. The issue is triggered due to a off-by-one heap overflow in the 'parse_elements()' function. By sending a malformed 802.11 frame, a remote attacker could cause a denial of service resulting in a loss of availability.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service, Input Manipulation
Impact: Loss of Integrity, Loss of Availability
Exploit: Exploit Unknown
Disclosure: OSVDB Verified, Vendor Verified

Solution

Upgrade to version CVS-Current or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Tcpdump	tcpdump	3.9.5
		3.9.4
		3.9.3
		3.9.2
		3.9.1
		3.9.0

References

CVE ID: 2007-1218 (see also: NVD)
Bugtraq ID: 22772
Secunia Advisory ID: 24318 24354 24423 24451 24583 24610 27580 28136 35555
VUPEN Advisory: ADV-2007-0793
Vendor Specific Advisory URL: ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-002.txt.asc http://docs.info.apple.com/article.html?artnum=307179
http://docs.info.apple.com/article.html?artnum=307224
Vendor Specific News/Changelog Entry: http://cvs.tcpdump.org/cgi-bin/cvsweb/tcpdump/print-802_11.c?r1=1.42&r2=1.43
https://bugs.gentoo.org/show_bug.cgi?id=168916
https://issues.rpath.com/browse/RPL-1100
Other Advisory URL: http://fedoranews.org/cms/node/2798
http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00027.html
http://lists.rpath.com/pipermail/security-announce/2007-March/000155.html
http://www.mandriva.com/security/advisories?name=MDKSA-2007:056
http://www.ubuntu.com/usn/usn-429-1
Mail List Post: http://seclists.org/fulldisclosure/2007/Mar/0003.html
Vendor Specific Solution URL: http://www.apple.com/support/downloads/securityupdate20070091110411ppc.html
http://www.apple.com/support/downloads/securityupdate20070091110411universal.html
http://www.apple.com/support/downloads/securityupdate2007009111051.html
RedHat RHSA: RHSA-2007:0368

Credit

Moritz Jodeit - moritzjodeit.org - http://www.jodeit.org/

Direct URL: http://osvdb.org/32427