CVE-2005-1279
published 2005-05-02CVE-2005-1279: tcpdump 3.8.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted (1) BGP packet, which is not properly handled by…
PriorityP428medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
18.72%
96.9th percentile
tcpdump 3.8.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted (1) BGP packet, which is not properly handled by RT_ROUTING_INFO, or (2) LDP packet, which is not properly handled by the ldp_print function.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | tcpdump | < tcpdump 3.8.3-4 (bookworm) | tcpdump 3.8.3-4 (bookworm) |
| lbl | tcpdump | <= 3.8.3 | — |
| tcpdump | tcpdump | >= 0 < 3.8.3-4 | 3.8.3-4 |
| tcpdump | tcpdump | >= 0 < 3.8.3-4 | 3.8.3-4 |
| tcpdump | tcpdump | >= 0 < 3.8.3-4 | 3.8.3-4 |
| tcpdump | tcpdump | >= 0 < 3.8.3-4 | 3.8.3-4 |
Detection & IOCsextracted from sources · hover to see the quote
bytes↗
\x00\x01\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\xff\xff\xff\xff
bytes↗
\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x13\x02\x00\x01\x00\xff\x00\xff\x0e\x00\xff\x00\x01\x84\x00\x00\x00
- →tcpdump process consuming 100% CPU (infinite loop) after receiving a single malformed BGP or LDP packet is a strong indicator of exploitation. ↗
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0MEDIUM
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4cr9-2wh9-585g: tcpdump 3
ghsa_unreviewed·2022-05-03
CVE-2005-1279 [MEDIUM] GHSA-4cr9-2wh9-585g: tcpdump 3
tcpdump 3.8.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted (1) BGP packet, which is not properly handled by RT_ROUTING_INFO, or (2) LDP packet, which is not properly handled by the ldp_print function.
OSV
CVE-2005-1279: tcpdump 3
osv·2005-05-02·CVSS 5.0
CVE-2005-1279 [MEDIUM] CVE-2005-1279: tcpdump 3
tcpdump 3.8.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted (1) BGP packet, which is not properly handled by RT_ROUTING_INFO, or (2) LDP packet, which is not properly handled by the ldp_print function.
Ubuntu
tcpdump vulnerabilities
vendor_ubuntu·2005-05-06
CVE-2005-1278 tcpdump vulnerabilities
Title: tcpdump vulnerabilities
Summary: tcpdump vulnerabilities
It was discovered that certain invalid GRE, LDP, BGP, and RSVP packets
triggered infinite loops in tcpdump, which caused tcpdump to stop
working. This could be abused by a remote attacker to bypass tcpdump
analysis of network traffic.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
security flaw
vendor_redhat·2005-04-26·CVSS 5.0
CVE-2005-1279 [MEDIUM] security flaw
security flaw
tcpdump 3.8.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted (1) BGP packet, which is not properly handled by RT_ROUTING_INFO, or (2) LDP packet, which is not properly handled by the ldp_print function.
Debian
CVE-2005-1279: tcpdump - tcpdump 3.8.3 and earlier allows remote attackers to cause a denial of service (...
vendor_debian·2005·CVSS 5.0
CVE-2005-1279 [MEDIUM] CVE-2005-1279: tcpdump - tcpdump 3.8.3 and earlier allows remote attackers to cause a denial of service (...
tcpdump 3.8.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted (1) BGP packet, which is not properly handled by RT_ROUTING_INFO, or (2) LDP packet, which is not properly handled by the ldp_print function.
Scope: local
bookworm: resolved (fixed in 3.8.3-4)
bullseye: resolved (fixed in 3.8.3-4)
forky: resolved (fixed in 3.8.3-4)
sid: resolved (fixed in 3.8.3-4)
trixie: resolved (fixed in 3.8.3-4)
No detection rules found.
Exploit-DB
Tcpdump 3.8.x - 'ldp_print' Infinite Loop Denial of Service
exploitdb·2005-04-26
CVE-2005-1279 Tcpdump 3.8.x - 'ldp_print' Infinite Loop Denial of Service
Tcpdump 3.8.x - 'ldp_print' Infinite Loop Denial of Service
---
/*[ tcpdump[3.8.x]: (LDP) ldp_print() infinite loop DOS. ]*********
* *
* by: vade79/v9 [email protected] (fakehalo/realhalo) *
* *
* compile: *
* gcc xtcpdump-ldp-dos.c -o xtcpdump-ldp-dos *
* *
* tcpdump homepage/URL: *
* http://www.tcpdump.org *
* *
* fix: *
* this appears to have been fixed in the alpha 3.9.x / CVS *
* versions. although i found no direct mention of the issue *
* itself being resolved, the code has been changed in a way to *
* not allow this to happen. *
* *
* Tcpdump is a program that allows you to dump the traffic on a *
* network. It can be used to print out the headers of packets on *
* a network interface that matches a given expression. You can *
* use this tool to track down network problems, to dete
Exploit-DB
Tcpdump 3.8.x - 'rt_routing_info' Infinite Loop Denial of Service
exploitdb·2005-04-26
CVE-2005-1279 Tcpdump 3.8.x - 'rt_routing_info' Infinite Loop Denial of Service
Tcpdump 3.8.x - 'rt_routing_info' Infinite Loop Denial of Service
---
/*[ tcpdump[3.8.x]: (BGP) RT_ROUTING_INFO infinite loop DOS. ]*****
* *
* by: vade79/v9 [email protected] (fakehalo/realhalo) *
* *
* compile: *
* gcc xtcpdump-bgp-dos.c -o xtcpdump-bgp-dos *
* gcc xtcpdump-bgp-dos.c -o xtcpdump-bgp-dos -D_USE_SYN *
* *
* tcpdump homepage/URL: *
* http://www.tcpdump.org *
* *
* fix: *
* this appears to have been fixed in the alpha 3.9.x / CVS *
* versions. although i found no direct mention of the issue *
* itself being resolved, the code has been changed in a way to *
* not allow this to happen. *
* *
* Tcpdump is a program that allows you to dump the traffic on a *
* network. It can be used to print out the headers of packets on *
* a network interface that matches a given expression. Y
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.60/SCOSA-2005.60.txthttp://secunia.com/advisories/15125http://secunia.com/advisories/17101http://secunia.com/advisories/18146http://www.debian.org/security/2005/dsa-850http://www.redhat.com/support/errata/RHSA-2005-417.htmlhttp://www.redhat.com/support/errata/RHSA-2005-421.htmlhttp://www.securityfocus.com/archive/1/396932http://www.securityfocus.com/archive/1/430292/100/0/threadedhttp://www.securityfocus.com/bid/13389https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9601ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.60/SCOSA-2005.60.txthttp://secunia.com/advisories/15125http://secunia.com/advisories/17101http://secunia.com/advisories/18146http://www.debian.org/security/2005/dsa-850http://www.redhat.com/support/errata/RHSA-2005-417.htmlhttp://www.redhat.com/support/errata/RHSA-2005-421.htmlhttp://www.securityfocus.com/archive/1/396932http://www.securityfocus.com/archive/1/430292/100/0/threadedhttp://www.securityfocus.com/bid/13389https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9601
2005-05-02
Published