CVE-2005-1280
published 2005-05-02CVE-2005-1280: The rsvp_print function in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted RSVP packet of length 4.
PriorityP426medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
10.19%
95.1th percentile
The rsvp_print function in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted RSVP packet of length 4.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | tcpdump | < tcpdump 3.8.3-4 (bookworm) | tcpdump 3.8.3-4 (bookworm) |
| lbl | tcpdump | <= 3.9.1 | — |
| tcpdump | tcpdump | >= 0 < 3.8.3-4 | 3.8.3-4 |
| tcpdump | tcpdump | >= 0 < 3.8.3-4 | 3.8.3-4 |
| tcpdump | tcpdump | >= 0 < 3.8.3-4 | 3.8.3-4 |
| tcpdump | tcpdump | >= 0 < 3.8.3-4 | 3.8.3-4 |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0MEDIUM
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-325r-4m7w-pcqf: The rsvp_print function in tcpdump 3
ghsa_unreviewed·2022-05-03
CVE-2005-1280 [MEDIUM] GHSA-325r-4m7w-pcqf: The rsvp_print function in tcpdump 3
The rsvp_print function in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted RSVP packet of length 4.
OSV
CVE-2005-1280: The rsvp_print function in tcpdump 3
osv·2005-05-02·CVSS 5.0
CVE-2005-1280 [MEDIUM] CVE-2005-1280: The rsvp_print function in tcpdump 3
The rsvp_print function in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted RSVP packet of length 4.
Ubuntu
tcpdump vulnerabilities
vendor_ubuntu·2005-05-06
CVE-2005-1278 tcpdump vulnerabilities
Title: tcpdump vulnerabilities
Summary: tcpdump vulnerabilities
It was discovered that certain invalid GRE, LDP, BGP, and RSVP packets
triggered infinite loops in tcpdump, which caused tcpdump to stop
working. This could be abused by a remote attacker to bypass tcpdump
analysis of network traffic.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
security flaw
vendor_redhat·2005-04-26·CVSS 5.0
CVE-2005-1280 [MEDIUM] security flaw
security flaw
The rsvp_print function in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted RSVP packet of length 4.
Debian
CVE-2005-1280: tcpdump - The rsvp_print function in tcpdump 3.9.1 and earlier allows remote attackers to ...
vendor_debian·2005·CVSS 5.0
CVE-2005-1280 [MEDIUM] CVE-2005-1280: tcpdump - The rsvp_print function in tcpdump 3.9.1 and earlier allows remote attackers to ...
The rsvp_print function in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted RSVP packet of length 4.
Scope: local
bookworm: resolved (fixed in 3.8.3-4)
bullseye: resolved (fixed in 3.8.3-4)
forky: resolved (fixed in 3.8.3-4)
sid: resolved (fixed in 3.8.3-4)
trixie: resolved (fixed in 3.8.3-4)
No detection rules found.
Exploit-DB
MWChat 6.8 - 'chat.php' SQL Injection
exploitdb·2005-05-21
CVE-2005-3324 MWChat 6.8 - 'chat.php' SQL Injection
MWChat 6.8 - 'chat.php' SQL Injection
---
source: https://www.securityfocus.com/bid/15198/info
MWChat is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
http://www.example.com/mwchat/chat.php?Username='UNION%20SELECT%200,0,0,0,'',0,0,0%20INTO%20OUTFILE%20'../../www/mwchat/shell.php'%20FROM%20chat_text/*&Sequence_Check=&Lang=en&Resolution=1280&Room=prova
Exploit-DB
Ethereal 0.10.10 / tcpdump 3.9.1 - 'rsvp_print' Infinite Loop Denial of Service
exploitdb·2005-04-26
CVE-2005-1280 Ethereal 0.10.10 / tcpdump 3.9.1 - 'rsvp_print' Infinite Loop Denial of Service
Ethereal 0.10.10 / tcpdump 3.9.1 - 'rsvp_print' Infinite Loop Denial of Service
---
/*[ tcpdump(/ethereal)[]: (RSVP) rsvp_print() infinite loop DOS. ]*
* *
* by: vade79/v9 [email protected] (fakehalo/realhalo) *
* *
* compile: *
* gcc xtcpdump+ethr-rsvp-dos.c -o xtcpdump+ethr-rsvp-dos *
* *
* tcpdump homepage/URL: *
* http://www.tcpdump.org *
* *
* ethereal homepage/URL: *
* http://www.ethereal.com *
* *
* effected versions: *
* tcpdump: v3.8.x/v3.9.1/CVS (didn't check below 3.8.x) *
* ethereal: v0.10.10 (appears to be fixed in 0.10.10 SVN>14167) *
* *
* tcpdump(v3.9.1 and earlier versions) contains a remote denial *
* of service vulnerability in the form of a single (RSVP) packet *
* causing an infinite loop. *
* *
* this bug also effects ethereal[v0.10.10] in a similar way, i *
* did not
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.60/SCOSA-2005.60.txthttp://secunia.com/advisories/15125http://secunia.com/advisories/18146http://www.redhat.com/support/errata/RHSA-2005-417.htmlhttp://www.redhat.com/support/errata/RHSA-2005-421.htmlhttp://www.securityfocus.com/archive/1/396930http://www.securityfocus.com/archive/1/430292/100/0/threadedhttp://www.securityfocus.com/bid/13390https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10732ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.60/SCOSA-2005.60.txthttp://secunia.com/advisories/15125http://secunia.com/advisories/18146http://www.redhat.com/support/errata/RHSA-2005-417.htmlhttp://www.redhat.com/support/errata/RHSA-2005-421.htmlhttp://www.securityfocus.com/archive/1/396930http://www.securityfocus.com/archive/1/430292/100/0/threadedhttp://www.securityfocus.com/bid/13390https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10732
2005-05-02
Published