[14805] in bugtraq
Re: Denial of service attack against tcpdump
daemon@ATHENA.MIT.EDU (Gerald Combs)
Sat May 6 16:04:39 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.10.10005032204250.5606-100000@pow.zing.org>
Date: Wed, 3 May 2000 22:15:13 -0500
Reply-To: Gerald Combs <gerald@ZING.ORG>
From: Gerald Combs <gerald@ZING.ORG>
X-To: bretonh@PARANOIA.PGCI.CA
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.SOL.4.10.10005021942380.2077-100000@paranoia.pgci.ca>
On Tue, 2 May 2000 bretonh@PARANOIA.PGCI.CA wrote:
> Greetings.
>
> There is a way to disable tcpdump running on a remote host. By sending a
> carefully crafted UDP packet on the network which tcpdump monitors, it is
> possible, under certain circonstances, to make tcpdump fall into an infinite
> loop.
A fix for this is in the current tcpdump CVS tree at www.tcpdump.org, but
it doesn't appear to be in the 3.5 alpha release. This has also been
fixed in the latest version of Ethereal (0.8.7).
