File: 100000134.txt

package info (click to toggle)
snort 2.7.0-20.4
  • links: PTS
  • area: main
  • in suites: lenny
  • size: 34,512 kB
  • ctags: 18,772
  • sloc: ansic: 115,404; sh: 10,893; makefile: 1,372; perl: 487; sql: 213
file content (65 lines) | stat: -rw-r--r-- 1,447 bytes parent folder | download | duplicates (4)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
Rule:

--
Sid: 
100000134

-- 
Summary: 
This event is generated when an attempt is made to exploit a known 
vulnerability in Tcpdump. In particular, this event indicates that the exploit 
was attempted via a malformed Resource Reservation Protocol (RSVP) packet.

-- 
Impact: 
Serious. Denial of Service (DoS). Code execution may be possible.

--
Detailed Information:
Tcpdump is a packet capture utility used on various BSD, Linux and UNIX style 
operating systems.

An error in the processing of the payload length in an RSVP packet may prevent 
an attacker with the opportunity to overflow a fixed length buffer and execute 
code of their choosing in the context of the user running tcpdump. This is 
normally the super-user or administrator when tcpdump is used to sniff data 
directly from a network interface.

--
Affected Systems:
Tcpdump 3.9.1 and prior
Ethereal 0.10.10 and prior

--
Attack Scenarios: 
An attacker need to craft an RSVP packet with a packet payload length of 0 to 
cause the overflow to manifest itself.

-- 
Ease of Attack: 
Simple. Exploit code exists.

-- 
False Positives:
None Known

--
False Negatives:
None Known

-- 
Corrective Action: 
Apply the appropriate vendor supplied patch

Upgrade to the latest non-affected version of the software.

--
Contributors: 
Sourcefire Vulnerability Research Team
Alex Kirk <akirk@sourcefire.com>
Nigel Houghton <nigel.houghton@sourcefire.com>

-- 
Additional References:

--