virus logo Intrusion Prevention

Tcpdump.Print.Bgp.C.Integer.Underflow

description-logoDescription

This indicates an attack attempt against an integer-overflow vulnerability in tcpdump.
The vulnerability is caused by an error in print-bgp.c in the BGP dissector when the vulnerable software pares a malformed BGP packet. It allows a remote attacker to execute arbitrary code via sending a crafted BGP UPDATE MESSAGE.

affected-products-logoAffected Products

tcpdump 3.9.6 and earlier

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the patch, available from the vendor's web site:
Debian Linux 4.0 amd64
* Debian tcpdump_3.9.5-2etch1_amd64.deb
Debian Linux 4.0 ia-32
* Debian tcpdump_3.9.5-2etch1_i386.deb
Debian Linux 4.0 arm
* Debian tcpdump_3.9.5-2etch1_arm.deb
Debian Linux 4.0 powerpc
* Debian tcpdump_3.9.5-2etch1_powerpc.deb
FreeBSD FreeBSD 6.2
* FreeBSD tcpdump.patch
http://security.freebsd.org/patches/SA-07:06/tcpdump.patch
Debian Linux 4.0 sparc
* Debian tcpdump_3.9.5-2etch1_sparc.deb
Apple Mac OS X 10.4.11
* Apple Security Update 2007-009 (10.4.11 Universal)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16521&cat= 1&platform=osx&method=sa/SecUpd2007-009Univ.dmg
* Apple Security Update 2007-009 (10.4.11 PPC)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16521&cat= 1&platform=osx&method=sa/SecUpd2007-009Univ.dmg
Apple Mac OS X Server 10.4.11
* Apple Security Update 2007-009 (10.4.11 Universal)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16521&cat= 1&platform=osx&method=sa/SecUpd2007-009Univ.dmg
* Apple Security Update 2007-009 (10.4.11 PPC)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16521&cat= 1&platform=osx&method=sa/SecUpd2007-009Univ.dmg
Debian Linux 3.1 arm
* Debian tcpdump_3.8.3-5sarge3_arm.deb
Debian Linux 3.1 mips
* Debian tcpdump_3.8.3-5sarge3_mips.deb
Debian Linux 3.1 s/390
* Debian tcpdump_3.8.3-5sarge3_s390.deb

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2022-03-03 20.269 Sig Added
2021-04-19 18.061 Sig Added
ID 25112
Created Mar 29, 2011
Updated Feb 13, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
CVE ID CVE-2007-3798
Exploit Prediction Score 68.66%
Default Action drop
Active
Affected OS Linux
Affected App Other