[38650] in bugtraq
Re: tcpdump[v3.8.x/v3.9.1]: ISIS, BGP, and LDP infinite loop DOS exploits.
daemon@ATHENA.MIT.EDU (Romain Francoise)
Thu Apr 28 15:55:44 2005
From: Romain Francoise <rfrancoise@debian.org>
To: Vade 79 <v9@fakehalo.us>
Cc: bugtraq@securityfocus.com
Mail-Copies-To: nobody
Date: Wed, 27 Apr 2005 22:21:42 +0200
In-Reply-To: <20050426100057.1748.qmail@www.securityfocus.com> (Vade's message
of "26 Apr 2005 10:00:57 -0000")
Message-ID: <8764y8otrd.fsf@orebokech.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Vade 79 <v9@fakehalo.us> writes:
> the ISIS bug is in 3.8.x/3.9.1/CVS. (did not check below 3.8.x)
I don't know about 3.7 but at least tcpdump 3.6 isn't vulnerable to this
one.
> the BGP and LDP bugs seem to be only in 3.8.x. (did not check below
> 3.8.x)
The LDP one isn't in tcpdump 3.6 either (no LDP dissector) but the BGP
one is. A security update for Debian stable (tcpdump 3.6.2) is pending.
Thanks,
--
,''`.
: :' : Romain Francoise <rfrancoise@debian.org>
`. `' http://people.debian.org/~rfrancoise/
`-
