lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Wed, 27 Apr 2005 22:21:42 +0200
From: Romain Francoise <rfrancoise@...ian.org>
To: Vade 79 <v9@...ehalo.us>
Cc: bugtraq@...urityfocus.com
Subject: Re: tcpdump[v3.8.x/v3.9.1]: ISIS, BGP, and LDP infinite loop DOS exploits.


Vade 79 <v9@...ehalo.us> writes:

> the ISIS bug is in 3.8.x/3.9.1/CVS. (did not check below 3.8.x)

I don't know about 3.7 but at least tcpdump 3.6 isn't vulnerable to this
one.

> the BGP and LDP bugs seem to be only in 3.8.x. (did not check below
> 3.8.x)

The LDP one isn't in tcpdump 3.6 either (no LDP dissector) but the BGP
one is.  A security update for Debian stable (tcpdump 3.6.2) is pending.

Thanks,

-- 
  ,''`.
 : :' :        Romain Francoise <rfrancoise@...ian.org>
 `. `'         http://people.debian.org/~rfrancoise/
   `-

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ