An integer overflow flaw was found in tcpdump's BGP protocol dissector. This could potentially allow an attacker to execute arbitrary code as the user running tcpdump. The upstream patch is here: http://cvs.tcpdump.org/cgi-bin/cvsweb/tcpdump/print-bgp.c?r1=1.91.2.11&r2=1.91.2.12 The Gentoo bug has more information http://bugs.gentoo.org/show_bug.cgi?id=184815
This flaw does not affect the version of tcpdump shipped in Red Hat Enterprise Linux 2.1 or 3.
This issue was addressed in: Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2007-0368.html http://rhn.redhat.com/errata/RHSA-2007-0387.html Fedora: https://admin.fedoraproject.org/updates/F7/FEDORA-2007-1361