tcpdump contains a flaw that may allow a remote denial of service. The issue is triggered when a specially-crafted RSVP packet causes tcpdump to enter an infinite loop and stop responding. This will result in loss of availability for the service.

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

• Security Tracker: 1013948
• Secunia Advisory ID: 15144 15174 15309 15646 16050 18146 35555
• Related OSVDB ID: 15856
• CVE ID: 2005-1280 (see also: NVD)
• ISS X-Force ID: 20291
• Milw0rm: 956
• Exploit Database: 956
• Vendor Specific Advisory URL: ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-002.txt.asc http://archives.mandrivalinux.com/security-announce/2005-05/msg00008.php
  http://rhn.redhat.com/errata/RHSA-2005-417.html
  http://www.ipcop.org/modules.php?op=modload&name=News&file=article&sid=21&mode=thread&order=0&thold=0
• Other Advisory URL: ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.60/SCOSA-2005.60.txt http://lists.suse.com/archive/suse-security-announce/2005-Jul/0004.html
  http://www.gentoo.org/security/en/glsa/glsa-200505-06.xml
  http://www.ubuntulinux.org/support/documentation/usn/usn-119-1
• Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-04/0449.html
  http://archives.neohapsis.com/archives/bugtraq/2005-04/0481.html
• Generic Exploit URL: http://fakehalo.us/xtcpdump+ethr-rsvp-dos.c
• Vendor URL: http://www.ethereal.com/
  http://www.tcpdump.org/

• Vade79 - v9realhalo.org -