J-Security Center

Title: tcpdump LDP Decoding Routines Denial Of Service Vulnerability

Severity: HIGH

Description:

The 'tcpdump' utility is a freely available, open-source, network-monitoring tool. It is available for UNIX, Linux, and Microsoft Windows operating systems.

The utility is prone to a vulnerability that may allow a remote attacker to cause a denial-of-service condition in the software. The issue occurs because of the way tcpdump decodes Label Distribution Protocol (LDP) datagrams. A remote attacker may send malformed LDP datagrams to cause the software to enter an infinite loop and hang, denying service for legitimate users.

This issue affects tcpdump 3.8.3 and earlier.

Affected Products:

  • Avaya Converged Communications Server 2.0.0
  • Avaya Intuity LX
  • Avaya MN100
  • Avaya Modular Messaging (MSS) 1.1.0
  • Avaya Modular Messaging (MSS) 2.0.0
  • Avaya S8300 R2.0.0
  • Avaya S8300 R2.0.1
  • Avaya S8500 R2.0.0
  • Avaya S8500 R2.0.1
  • Avaya S8700 R2.0.0
  • Avaya S8700 R2.0.1
  • Avaya S8710 R2.0.0
  • Avaya S8710 R2.0.1
  • Caldera OpenLinux Server 3.1.0
  • Caldera OpenLinux Server 3.1.1
  • Caldera OpenLinux Workstation 3.1.0
  • Caldera OpenLinux Workstation 3.1.1
  • Conectiva Linux 5.0.0
  • Conectiva Linux 5.1.0
  • Conectiva Linux 6.0.0
  • Conectiva Linux 7.0.0
  • Conectiva Linux 8.0.0
  • Conectiva Linux ecommerce
  • Conectiva Linux graficas
  • Debian Linux 2.2.0
  • Debian Linux 2.2.0 68k
  • Debian Linux 2.2.0 IA-32
  • Debian Linux 2.2.0 alpha
  • Debian Linux 2.2.0 arm
  • Debian Linux 2.2.0 powerpc
  • Debian Linux 2.2.0 sparc
  • Debian Linux 3.0.0
  • Debian Linux 3.0.0 alpha
  • Debian Linux 3.0.0 arm
  • Debian Linux 3.0.0 hppa
  • Debian Linux 3.0.0 ia-32
  • Debian Linux 3.0.0 ia-64
  • Debian Linux 3.0.0 m68k
  • Debian Linux 3.0.0 mips
  • Debian Linux 3.0.0 mipsel
  • Debian Linux 3.0.0 ppc
  • Debian Linux 3.0.0 s/390
  • Debian Linux 3.0.0 sparc
  • Debian Linux 3.1.0
  • Debian Linux 3.1.0 alpha
  • Debian Linux 3.1.0 amd64
  • Debian Linux 3.1.0 arm
  • Debian Linux 3.1.0 hppa
  • Debian Linux 3.1.0 ia-32
  • Debian Linux 3.1.0 ia-64
  • Debian Linux 3.1.0 m68k
  • Debian Linux 3.1.0 mips
  • Debian Linux 3.1.0 mipsel
  • Debian Linux 3.1.0 ppc
  • Debian Linux 3.1.0 s/390
  • Debian Linux 3.1.0 sparc
  • EnGarde Secure Community 1.0.1
  • EnGarde Secure Community 2.0.0
  • EnGarde Secure Professional 1.1.0
  • EnGarde Secure Professional 1.2.0
  • EnGarde Secure Professional 1.5.0
  • F5 3-DNS 4.2.0
  • F5 3-DNS 4.3.0
  • F5 3-DNS 4.4.0
  • F5 3-DNS 4.5.0
  • F5 3-DNS 4.5.11
  • F5 3-DNS 4.5.12
  • F5 3-DNS 4.6.0
  • F5 3-DNS 4.6.2
  • F5 3-DNS 4.6.3
  • F5 BigIP 4.0.0
  • F5 BigIP 4.2.0
  • F5 BigIP 4.3.0
  • F5 BigIP 4.4.0
  • F5 BigIP 4.5.0
  • F5 BigIP 4.5.10
  • F5 BigIP 4.5.11
  • F5 BigIP 4.5.12
  • F5 BigIP 4.5.6
  • F5 BigIP 4.5.9
  • F5 BigIP 4.6.0
  • F5 BigIP 4.6.2
  • F5 BigIP 4.6.3
  • F5 BigIP 4.6.5
  • FreeBSD FreeBSD 3.x
  • FreeBSD FreeBSD 4.0.0
  • FreeBSD FreeBSD 4.1.0
  • FreeBSD FreeBSD 4.1.1
  • FreeBSD FreeBSD 4.2.0
  • FreeBSD FreeBSD 4.2.0 -RELEASE
  • FreeBSD FreeBSD 4.2.0 -STABLE
  • FreeBSD FreeBSD 4.3.0
  • FreeBSD FreeBSD 4.3.0 -RELEASE
  • FreeBSD FreeBSD 4.3.0 -RELENG
  • FreeBSD FreeBSD 4.3.0 -STABLE
  • FreeBSD FreeBSD 4.4.0
  • FreeBSD FreeBSD 4.4.0 -RELENG
  • FreeBSD FreeBSD 4.4.0 -STABLE
  • FreeBSD FreeBSD 4.5.0
  • FreeBSD FreeBSD 4.5.0 -RELEASE
  • FreeBSD FreeBSD 4.5.0 -STABLE
  • FreeBSD FreeBSD 4.6.0
  • FreeBSD FreeBSD 4.6.0 -RELEASE
  • FreeBSD FreeBSD 4.7.0
  • FreeBSD FreeBSD 4.7.0 -RELEASE
  • FreeBSD FreeBSD 5.0.0
  • FreeBSD FreeBSD 5.0.0 -RELEASE-p14
  • FreeBSD FreeBSD 5.0.0 -RELENG
  • FreeBSD FreeBSD 5.0.0 alpha
  • FreeBSD FreeBSD 5.1.0
  • FreeBSD FreeBSD 5.1.0 -RELEASE
  • FreeBSD FreeBSD 5.1.0 -RELEASE-p5
  • FreeBSD FreeBSD 5.1.0 -RELEASE/Alpha
  • FreeBSD FreeBSD 5.1.0 -RELENG
  • FreeBSD FreeBSD 5.2.0
  • FreeBSD FreeBSD 5.2.0 -RELEASE
  • FreeBSD FreeBSD 5.2.0 -RELENG
  • FreeBSD FreeBSD 5.2.1 -RELEASE
  • FreeBSD FreeBSD 5.3.0
  • FreeBSD FreeBSD 5.3.0 -RELEASE
  • FreeBSD FreeBSD 5.3.0 -RELENG
  • FreeBSD FreeBSD 5.3.0 -STABLE
  • FreeBSD FreeBSD 5.4.0 -PRERELEASE
  • FreeBSD FreeBSD 5.4.0 -RELEASE
  • FreeBSD FreeBSD 5.4.0 -RELENG
  • Gentoo Linux
  • Gentoo Linux 1.4.0 _rc1
  • Gentoo Linux 1.4.0 _rc2
  • HP Secure OS software for Linux 1.0.0
  • IPCop IPCop 1.4.1
  • IPCop IPCop 1.4.2
  • IPCop IPCop 1.4.4
  • IPCop IPCop 1.4.5
  • LBL tcpdump 3.4.0
  • LBL tcpdump 3.4.0 a6
  • LBL tcpdump 3.5.0
  • LBL tcpdump 3.5.0 alpha
  • LBL tcpdump 3.5.2
  • LBL tcpdump 3.6.2
  • LBL tcpdump 3.6.3
  • LBL tcpdump 3.7.0
  • LBL tcpdump 3.7.1
  • LBL tcpdump 3.7.2
  • LBL tcpdump 3.8.1
  • LBL tcpdump 3.8.2
  • LBL tcpdump 3.8.3
  • Linux kernel 2.4.19
  • Linux kernel 2.4.21
  • Linux kernel 2.6.5
  • MandrakeSoft Corporate Server 1.0.1
  • MandrakeSoft Corporate Server 2.1.0
  • MandrakeSoft Corporate Server 2.1.0 x86_64
  • MandrakeSoft Corporate Server 3.0.0
  • MandrakeSoft Corporate Server 3.0.0 x86_64
  • MandrakeSoft Linux Mandrake 10.0.0
  • MandrakeSoft Linux Mandrake 10.0.0 amd64
  • MandrakeSoft Linux Mandrake 10.1.0
  • MandrakeSoft Linux Mandrake 10.1.0 x86_64
  • MandrakeSoft Linux Mandrake 10.2.0
  • MandrakeSoft Linux Mandrake 10.2.0 x86_64
  • MandrakeSoft Linux Mandrake 7.1.0
  • MandrakeSoft Linux Mandrake 7.2.0
  • MandrakeSoft Linux Mandrake 8.0.0
  • MandrakeSoft Linux Mandrake 8.1.0
  • MandrakeSoft Linux Mandrake 8.2.0
  • MandrakeSoft Linux Mandrake 9.1.0
  • MandrakeSoft Linux Mandrake 9.1.0 ppc
  • MandrakeSoft Linux Mandrake 9.2.0
  • MandrakeSoft Linux Mandrake 9.2.0 amd64
  • MandrakeSoft Multi Network Firewall 2.0.0
  • MandrakeSoft Single Network Firewall 7.2.0
  • NetBSD NetBSD 4.0
  • NetBSD NetBSD Current
  • RedHat Desktop 4.0.0
  • RedHat Enterprise Linux AS 4
  • RedHat Enterprise Linux ES 4
  • RedHat Enterprise Linux WS 4
  • RedHat Fedora Core1
  • RedHat Fedora Core2
  • RedHat Fedora Core3
  • RedHat Linux 6.2.0 alpha
  • RedHat Linux 6.2.0 i386
  • RedHat Linux 6.2.0 sparc
  • RedHat Linux 7.0.0 alpha
  • RedHat Linux 7.0.0 i386
  • RedHat Linux 7.1.0 alpha
  • RedHat Linux 7.1.0 i386
  • RedHat Linux 7.1.0 ia64
  • RedHat Linux 7.2.0 i386
  • RedHat Linux 7.2.0 ia64
  • RedHat Linux 9.0.0 i386
  • S.u.S.E. Firewall Adminhost VPN
  • S.u.S.E. Linux 6.4.0
  • S.u.S.E. Linux 7.0.0
  • S.u.S.E. Linux 7.1.0
  • S.u.S.E. Linux 7.2.0
  • S.u.S.E. Linux 7.3.0
  • S.u.S.E. Linux 8.0.0
  • S.u.S.E. Linux 8.1.0
  • S.u.S.E. Linux Admin-CD for Firewall
  • S.u.S.E. Linux Connectivity Server
  • S.u.S.E. Linux Database Server
  • S.u.S.E. Linux Desktop 1.0.0
  • S.u.S.E. Linux Enterprise Server 7
  • S.u.S.E. Linux Enterprise Server 8
  • S.u.S.E. Linux Enterprise Server 9
  • S.u.S.E. Linux Enterprise Server for S/390
  • S.u.S.E. Linux Live-CD for Firewall
  • S.u.S.E. Linux Personal 8.2.0
  • S.u.S.E. Linux Personal 9.0.0
  • S.u.S.E. Linux Personal 9.0.0 x86_64
  • S.u.S.E. Linux Personal 9.1.0
  • S.u.S.E. Linux Personal 9.1.0 x86_64
  • S.u.S.E. Linux Personal 9.2.0
  • S.u.S.E. Linux Personal 9.2.0 x86_64
  • S.u.S.E. Linux Personal 9.3.0
  • S.u.S.E. Linux Personal 9.3.0 x86_64
  • S.u.S.E. Linux Professional 8.2.0
  • S.u.S.E. Linux Professional 9.0.0
  • S.u.S.E. Linux Professional 9.0.0 x86_64
  • S.u.S.E. Linux Professional 9.1.0
  • S.u.S.E. Linux Professional 9.1.0 x86_64
  • S.u.S.E. Linux Professional 9.2.0
  • S.u.S.E. Linux Professional 9.2.0 x86_64
  • S.u.S.E. Linux Professional 9.3.0
  • S.u.S.E. Linux Professional 9.3.0 x86_64
  • S.u.S.E. Novell Linux Desktop 9.0.0
  • S.u.S.E. Open-Enterprise-Server 9.0.0
  • S.u.S.E. SUSE LINUX Retail Solution 8.0.0
  • S.u.S.E. SuSE Linux Openexchange Server 4.0.0
  • S.u.S.E. SuSE Linux School Server for i386
  • S.u.S.E. SuSE Linux Standard Server 8.0.0
  • S.u.S.E. SuSE eMail Server III
  • SCO Open Server 6.0.0
  • SCO Unixware 7.1.3
  • SCO Unixware 7.1.3 up
  • SCO Unixware 7.1.4
  • SGI ProPack 3.0.0
  • Trustix Secure Enterprise Linux 2.0.0
  • Trustix Secure Linux 1.1.0
  • Trustix Secure Linux 1.2.0
  • Trustix Secure Linux 1.5.0
  • Trustix Secure Linux 2.1.0
  • Trustix Secure Linux 2.2.0
  • Turbolinux Appliance Server 1.0.0 Hosting Edition
  • Turbolinux Appliance Server 1.0.0 Workgroup Edition
  • Turbolinux Appliance Server Hosting Edition 1.0.0
  • Turbolinux Appliance Server Workgroup Edition 1.0.0
  • Turbolinux Home
  • Turbolinux Turbolinux 10 F...
  • Turbolinux Turbolinux Advanced Server 6.0.0
  • Turbolinux Turbolinux Desktop 10.0.0
  • Turbolinux Turbolinux Server 10.0.0
  • Turbolinux Turbolinux Server 6.1.0
  • Turbolinux Turbolinux Server 6.5.0
  • Turbolinux Turbolinux Server 7.0.0
  • Turbolinux Turbolinux Server 8.0.0
  • Turbolinux Turbolinux Workstation 6.0.0
  • Turbolinux Turbolinux Workstation 6.1.0
  • Turbolinux Turbolinux Workstation 7.0.0
  • Turbolinux Turbolinux Workstation 8.0.0
  • Ubuntu Ubuntu Linux 4.1.0 ia32
  • Ubuntu Ubuntu Linux 4.1.0 ia64
  • Ubuntu Ubuntu Linux 4.1.0 ppc
  • Ubuntu Ubuntu Linux 5.0.0 4 amd64
  • Ubuntu Ubuntu Linux 5.0.0 4 i386
  • Ubuntu Ubuntu Linux 5.0.0 4 powerpc

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.