Intrusion Prevention

Tcpdump.Print.Bgp.C.Integer.Underflow

Description

This indicates an attack attempt against an integer-overflow vulnerability in tcpdump.
The vulnerability is caused by an error in print-bgp.c in the BGP dissector when the vulnerable software pares a malformed BGP packet. It allows a remote attacker to execute arbitrary code via sending a crafted BGP UPDATE MESSAGE.

Affected Products

tcpdump 3.9.6 and earlier

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the patch, available from the vendor's web site:
Debian Linux 4.0 amd64
* Debian tcpdump_3.9.5-2etch1_amd64.deb
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.9.5-2 etch1_amd64.deb
Debian Linux 4.0 ia-32
* Debian tcpdump_3.9.5-2etch1_i386.deb
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.9.5-2 etch1_i386.deb
Debian Linux 4.0 arm
* Debian tcpdump_3.9.5-2etch1_arm.deb
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.9.5-2 etch1_arm.deb
Debian Linux 4.0 powerpc
* Debian tcpdump_3.9.5-2etch1_powerpc.deb
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.9.5-2 etch1_powerpc.deb
FreeBSD FreeBSD 6.2
* FreeBSD tcpdump.patch
http://security.freebsd.org/patches/SA-07:06/tcpdump.patch
Debian Linux 4.0 sparc
* Debian tcpdump_3.9.5-2etch1_sparc.deb
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.9.5-2 etch1_sparc.deb
Apple Mac OS X 10.4.11
* Apple Security Update 2007-009 (10.4.11 Universal)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16521&cat= 1&platform=osx&method=sa/SecUpd2007-009Univ.dmg
* Apple Security Update 2007-009 (10.4.11 PPC)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16521&cat= 1&platform=osx&method=sa/SecUpd2007-009Univ.dmg
Apple Mac OS X Server 10.4.11
* Apple Security Update 2007-009 (10.4.11 Universal)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16521&cat= 1&platform=osx&method=sa/SecUpd2007-009Univ.dmg
* Apple Security Update 2007-009 (10.4.11 PPC)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16521&cat= 1&platform=osx&method=sa/SecUpd2007-009Univ.dmg
Debian Linux 3.1 arm
* Debian tcpdump_3.8.3-5sarge3_arm.deb
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.8.3-5 sarge3_arm.deb
Debian Linux 3.1 mips
* Debian tcpdump_3.8.3-5sarge3_mips.deb
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.8.3-5 sarge3_mips.deb
Debian Linux 3.1 s/390
* Debian tcpdump_3.8.3-5sarge3_s390.deb
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.8.3-5 sarge3_s390.deb

CVE References

CVE-2007-3798