CVE-2005-1267
NONE EPSS 96.0%
Published Jun 10, 200521y ago · Modified Jun 16, 20262w ago
Published Jun 10, 2005 21y ago
Last Modified Jun 16, 2026 2w ago
Description
The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the decode_prefix4 function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted BGP packet.
Threat Intelligence
EPSS Exploit Probability
96.0% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Affected Products 25
| Vendor | Product | Version | Range |
|---|---|---|---|
| lbl | tcpdump | 3.4 | any |
| lbl | tcpdump | 3.4a6 | any |
| lbl | tcpdump | 3.5 | any |
| lbl | tcpdump | 3.5.2 | any |
| lbl | tcpdump | 3.5_alpha | any |
| lbl | tcpdump | 3.6.2 | any |
| lbl | tcpdump | 3.6.3 | any |
| lbl | tcpdump | 3.7 | any |
| lbl | tcpdump | 3.7.1 | any |
| lbl | tcpdump | 3.7.2 | any |
| lbl | tcpdump | 3.8.1 | any |
| lbl | tcpdump | 3.8.2 | any |
| lbl | tcpdump | 3.8.3 | any |
| lbl | tcpdump | 3.9 | any |
| lbl | tcpdump | 3.9.1 | any |
| gentoo | linux | * | any |
| mandrakesoft | mandrake_linux | 10.1 | any |
| mandrakesoft | mandrake_linux | 10.1 | any |
| mandrakesoft | mandrake_linux | 10.2 | any |
| mandrakesoft | mandrake_linux | 10.2 | any |
| redhat | fedora_core | core_3.0 | any |
| redhat | fedora_core | core_4.0 | any |
| trustix | secure_linux | 2.0 | any |
| trustix | secure_linux | 2.1 | any |
| trustix | secure_linux | 2.2 | any |
References 10
- secunia.com http://secunia.com/advisories/15634/
- secunia.com http://secunia.com/advisories/17118
- debian.org http://www.debian.org/security/2005/dsa-854
- redhat.com http://www.redhat.com/archives/fedora-announce-list/2005-June/msg00007.html
- redhat.com http://www.redhat.com/support/errata/RHSA-2005-505.html
- securityfocus.com http://www.securityfocus.com/archive/1/430292/100/0/threaded
- securityfocus.com http://www.securityfocus.com/bid/13906
- trustix.org http://www.trustix.org/errata/2005/0028/
- bugzilla.redhat.com https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=159208
- oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11148
Remediation
- secunia.com http://secunia.com/advisories/15634/
- redhat.com http://www.redhat.com/archives/fedora-announce-list/2005-June/msg00007.html
- trustix.org http://www.trustix.org/errata/2005/0028/
- bugzilla.redhat.com https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=159208