FreeBSD -- Buffer overflow in tcpdump(1)
An un-checked return value in the BGP dissector code can
result in an integer overflow. This value is used in
subsequent buffer management operations, resulting in a stack
based buffer overflow under certain circumstances.
By crafting malicious BGP packets, an attacker could exploit
this vulnerability to execute code or crash the tcpdump
process on the target system. This code would be executed in
the context of the user running tcpdump(1). It should be
noted that tcpdump(1) requires privileges in order to open live
No workaround is available.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright