CVE - CVE-2007-3798

CVE-ID
CVE-2007-3798	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20070720 rPSA-2007-0147-1 tcpdump URL:http://www.securityfocus.com/archive/1/474225/100/0/threaded MISC:http://cvs.tcpdump.org/cgi-bin/cvsweb/tcpdump/print-bgp.c?r1=1.91.2.11&r2=1.91.2.12 MISC:http://www.digit-labs.org/files/exploits/private/tcpdump-bgp.c CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=184815 CONFIRM:http://docs.info.apple.com/article.html?artnum=307179 APPLE:APPLE-SA-2007-12-17 URL:http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html DEBIAN:DSA-1353 URL:http://www.debian.org/security/2007/dsa-1353 FREEBSD:FreeBSD-SA-07:06 URL:http://security.freebsd.org/advisories/FreeBSD-SA-07:06.tcpdump.asc GENTOO:GLSA-200707-14 URL:http://security.gentoo.org/glsa/glsa-200707-14.xml MANDRIVA:MDKSA-2007:148 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:148 REDHAT:RHSA-2007:0368 URL:http://www.redhat.com/support/errata/RHSA-2007-0368.html REDHAT:RHSA-2007:0387 URL:http://www.redhat.com/support/errata/RHSA-2007-0387.html SLACKWARE:SSA:2007-230-01 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.449313 SUSE:SUSE-SR:2007:016 URL:http://www.novell.com/linux/security/advisories/2007_16_sr.html TRUSTIX:2007-0023 URL:http://www.trustix.org/errata/2007/0023/ TURBO:TLSA-2007-46 URL:http://www.turbolinux.com/security/2007/TLSA-2007-46.txt UBUNTU:USN-492-1 URL:http://www.ubuntu.com/usn/usn-492-1 CERT:TA07-352A URL:http://www.us-cert.gov/cas/techalerts/TA07-352A.html BID:24965 URL:http://www.securityfocus.com/bid/24965 OVAL:oval:org.mitre.oval:def:9771 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9771 VUPEN:ADV-2007-2578 URL:http://www.vupen.com/english/advisories/2007/2578 VUPEN:ADV-2007-4238 URL:http://www.vupen.com/english/advisories/2007/4238 SECTRACK:1018434 URL:http://www.securitytracker.com/id?1018434 SECUNIA:26135 URL:http://secunia.com/advisories/26135 SECUNIA:26168 URL:http://secunia.com/advisories/26168 SECUNIA:26223 URL:http://secunia.com/advisories/26223 SECUNIA:26266 URL:http://secunia.com/advisories/26266 SECUNIA:26231 URL:http://secunia.com/advisories/26231 SECUNIA:26286 URL:http://secunia.com/advisories/26286 SECUNIA:26263 URL:http://secunia.com/advisories/26263 SECUNIA:26404 URL:http://secunia.com/advisories/26404 SECUNIA:26395 URL:http://secunia.com/advisories/26395 SECUNIA:26521 URL:http://secunia.com/advisories/26521 SECUNIA:27580 URL:http://secunia.com/advisories/27580 SECUNIA:28136 URL:http://secunia.com/advisories/28136
Assigning CNA
N/A
Date Entry Created
20070716	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20070716)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org

Use of the Common Vulnerabilities and Exposures (CVE®) List and the associated references from this website are subject to the terms of use. CVE is sponsored by US-CERT in the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. Copyright © 1999–2018, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation. For more information, please contact us.