CVE - CVE-2007-1218

CVE-ID
CVE-2007-1218	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Off-by-one buffer overflow in the parse_elements function in the 802.11 printer code (print-802_11.c) for tcpdump 3.9.5 and earlier allows remote attackers to cause a denial of service (crash) via a crafted 802.11 frame. NOTE: this was originally referred to as heap-based, but it might be stack-based.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
FULLDISC:20070301 tcpdump: off-by-one heap overflow in 802.11 printer URL:http://seclists.org/fulldisclosure/2007/Mar/0003.html MISC:http://cvs.tcpdump.org/cgi-bin/cvsweb/tcpdump/print-802_11.c?r1=1.31.2.11&r2=1.31.2.12 CONFIRM:https://issues.rpath.com/browse/RPL-1100 MISC:https://bugs.gentoo.org/show_bug.cgi?id=168916 CONFIRM:http://cvs.tcpdump.org/cgi-bin/cvsweb/tcpdump/print-802_11.c CONFIRM:http://docs.info.apple.com/article.html?artnum=307179 APPLE:APPLE-SA-2007-12-17 URL:http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html DEBIAN:DSA-1272 URL:http://www.debian.org/security/2007/dsa-1272 FEDORA:FEDORA-2007-347 URL:http://fedoranews.org/cms/node/2798 FEDORA:FEDORA-2007-348 URL:http://fedoranews.org/cms/node/2799 MANDRIVA:MDKSA-2007:056 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:056 MANDRIVA:MDKSA-2007:155 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:155 REDHAT:RHSA-2007:0368 URL:http://www.redhat.com/support/errata/RHSA-2007-0368.html REDHAT:RHSA-2007:0387 URL:http://www.redhat.com/support/errata/RHSA-2007-0387.html TURBO:TLSA-2007-46 URL:http://www.turbolinux.com/security/2007/TLSA-2007-46.txt UBUNTU:USN-429-1 URL:http://www.ubuntu.com/usn/usn-429-1 CERT:TA07-352A URL:http://www.us-cert.gov/cas/techalerts/TA07-352A.html BID:22772 URL:http://www.securityfocus.com/bid/22772 OVAL:oval:org.mitre.oval:def:9520 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9520 VUPEN:ADV-2007-0793 URL:http://www.vupen.com/english/advisories/2007/0793 VUPEN:ADV-2007-4238 URL:http://www.vupen.com/english/advisories/2007/4238 OSVDB:32427 URL:http://www.osvdb.org/32427 SECTRACK:1017717 URL:http://www.securitytracker.com/id?1017717 SECUNIA:24318 URL:http://secunia.com/advisories/24318 SECUNIA:24354 URL:http://secunia.com/advisories/24354 SECUNIA:24423 URL:http://secunia.com/advisories/24423 SECUNIA:24451 URL:http://secunia.com/advisories/24451 SECUNIA:24583 URL:http://secunia.com/advisories/24583 SECUNIA:24610 URL:http://secunia.com/advisories/24610 SECUNIA:27580 URL:http://secunia.com/advisories/27580 SECUNIA:28136 URL:http://secunia.com/advisories/28136 XF:tcpdump-print80211c-bo(32749) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/32749
Assigning CNA
N/A
Date Entry Created
20070302	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20070302)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org

Use of the Common Vulnerabilities and Exposures (CVE®) List and the associated references from this website are subject to the terms of use. CVE is sponsored by US-CERT in the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. Copyright © 1999–2018, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation. For more information, please contact us.