ip_print procedure in Tcpdump 3.4a allows remote attackers to cause a denial of service via a packet with a zero length header, which causes an infinite loop and core dump when tcpdump prints the packet.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lbl | tcpdump | 3.4 |
tcpdump, Ethereal, and other sniffer packages allow remote attackers to cause a denial of service via malformed DNS packets in which a jump offset refers to itself, which causes tcpdump to enter an infinite loop while decompressing the packet.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lbl | tcpdump | 3.4 |
| ethereal_group | ethereal | 0.8.4 |
| lbl | tcpdump | 3.5a |
| ethereal_group | ethereal | 0.8.6 |
| ethereal_group | ethereal | 0.8.5 |
Heap overflow in savestr function in LBNL traceroute 1.4a5 and earlier allows a local user to execute arbitrary commands via the -g option.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lbl | lbl_traceroute | 1.4a5 |
| sun | sunos | 5.5.1 |
Multiple buffer overflows in LBNL tcpdump allow remote attackers to execute arbitrary commands.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lbl | tcpdump | 3.4 |
| lbl | tcpdump | 3.5_alpha |
| lbl | tcpdump | 3.5 |
| lbl | tcpdump | 3.4a6 |
Buffer overflow in print-rx.c of tcpdump 3.x (probably 3.6x) allows remote attackers to cause a denial of service and possibly execute arbitrary code via AFS RPC packets with invalid lengths that trigger an integer signedness error, a different vulnerability than CVE-2000-1026.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lbl | tcpdump | 3.6.2 |
Buffer overflow in tcpdump 3.6.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via an NFS packet.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lbl | tcpdump | * |
The BGP decoding routines in tcpdump 3.6.x before 3.7 do not properly copy data, which allows remote attackers to cause a denial of service (application crash).
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lbl | tcpdump | * |
The RADIUS decoder in tcpdump 3.6.2 and earlier allows remote attackers to cause a denial of service (crash) via an invalid RADIUS packet with a header length field of 0, which causes tcpdump to generate data within an infinite loop.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lbl | tcpdump | 3.4 |
| lbl | tcpdump | 3.5 |
| lbl | tcpdump | 3.6.2 |
| lbl | tcpdump | 3.4a6 |
| lbl | tcpdump | 3.5.2 |
isakmp_sub_print in tcpdump 3.6 through 3.7.1 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed ISAKMP packet to UDP port 500, which causes tcpdump to enter an infinite loop.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lbl | tcpdump | 3.6.2 |
| lbl | tcpdump | 3.5.2 |
| lbl | tcpdump | 3.7.1 |
| lbl | tcpdump | 3.7 |
Unknown vulnerability in tcpdump before 3.7.2 related to an inability to "Handle unknown RADIUS attributes properly," allows remote attackers to cause a denial of service (infinite loop), a different vulnerability than CAN-2003-0093.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lbl | tcpdump | 3.6.2 |
| lbl | tcpdump | 3.5.2 |
| lbl | tcpdump | 3.7.1 |
| lbl | tcpdump | 3.7 |
The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a packet with invalid data to UDP port 1701, which causes l2tp_avp_print to use a bad length value when calling print_octets.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lbl | tcpdump | 3.4 |
| lbl | tcpdump | 3.6.3 |
| lbl | tcpdump | 3.5 |
| lbl | tcpdump | 3.6.2 |
| lbl | tcpdump | 3.5.2 |
| lbl | tcpdump | 3.7 |
The print_attr_string function in print-radius.c for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a RADIUS attribute with a large length value.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lbl | tcpdump | 3.6.2 |
| lbl | tcpdump | 3.5.2 |
| lbl | tcpdump | 3.7.1 |
| lbl | tcpdump | 3.7 |
The rawprint function in the ISAKMP decoding routines (print-isakmp.c) for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via malformed ISAKMP packets that cause invalid "len" or "loc" values to be used in a loop, a different vulnerability than CVE-2003-0989.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lbl | tcpdump | * |
The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the decode_prefix4 function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted BGP packet.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| trustix | secure_linux | 2.1 |
| trustix | secure_linux | 2.2 |
| trustix | secure_linux | 2.0 |
| lbl | tcpdump | 3.5_alpha |
| lbl | tcpdump | 3.5 |
| mandrakesoft | mandrake_linux | 10.2 |
| lbl | tcpdump | 3.9 |
| gentoo | linux | * |
| lbl | tcpdump | 3.5.2 |
| lbl | tcpdump | 3.7.1 |
| lbl | tcpdump | 3.7 |
| mandrakesoft | mandrake_linux | 10.1 |
| lbl | tcpdump | 3.8.3 |
| redhat | fedora_core | core_4.0 |
| lbl | tcpdump | 3.4 |
| lbl | tcpdump | 3.7.2 |
| redhat | fedora_core | core_3.0 |
| lbl | tcpdump | 3.6.3 |
| lbl | tcpdump | 3.6.2 |
| lbl | tcpdump | 3.9.1 |
| lbl | tcpdump | 3.4a6 |
| lbl | tcpdump | 3.8.1 |
| lbl | tcpdump | 3.8.2 |
The isis_print function, as called by isoclns_print, in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a zero length, as demonstrated using a GRE packet.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lbl | tcpdump | * |
tcpdump 3.8.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted (1) BGP packet, which is not properly handled by RT_ROUTING_INFO, or (2) LDP packet, which is not properly handled by the ldp_print function.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lbl | tcpdump | * |
The rsvp_print function in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted RSVP packet of length 4.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lbl | tcpdump | * |