Bug 250275 (CVE-2007-3798)

Summary: CVE-2007-3798 tcpdump BGP integer overflow
Product: [Other] Security Response Reporter: Josh Bressers <bressers>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: kreilly
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-01-15 14:53:53 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 250289, 250290, 250291, 250293, 250294    
Bug Blocks:    

Description Josh Bressers 2007-07-31 16:00:18 UTC 
An integer overflow flaw was found in tcpdump's BGP protocol dissector.  This
could potentially allow an attacker to execute arbitrary code as the user
running tcpdump.


The upstream patch is here:
http://cvs.tcpdump.org/cgi-bin/cvsweb/tcpdump/print-bgp.c?r1=1.91.2.11&r2=1.91.2.12

The Gentoo bug has more information
http://bugs.gentoo.org/show_bug.cgi?id=184815
Comment 2 Josh Bressers 2007-07-31 17:03:20 UTC 
This flaw does not affect the version of tcpdump shipped in Red Hat Enterprise
Linux 2.1 or 3.
Comment 5 Red Hat Product Security 2008-01-15 14:53:53 UTC 
This issue was addressed in:

Red Hat Enterprise Linux:
  http://rhn.redhat.com/errata/RHSA-2007-0368.html
  http://rhn.redhat.com/errata/RHSA-2007-0387.html

Fedora:
  https://admin.fedoraproject.org/updates/F7/FEDORA-2007-1361