tcpdump mailing list archives
Re: CVE-2007-1218 applicable to tcpdump 3.9.4?
From: Guy Harris <guy () alum mit edu>
Date: Mon, 12 Mar 2007 11:54:56 -0700
Florian Weimer wrote:
Thanks for the clarification. Have you already requested a new CVE name?
Is one needed? The page at
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1218
says
Off-by-one buffer overflow in the parse_elements function in the 802.11
printer code (print-802_11.c) for tcpdump 3.9.5 *and earlier* allows
remote attackers to cause a denial of service (crash) via a crafted
802.11 frame. NOTE: this was originally referred to as heap-based, but
it might be stack-based.
(emphasis mine). - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- CVE-2007-1218 applicable to tcpdump 3.9.4? Albert Chin (Mar 06)
- Re: CVE-2007-1218 applicable to tcpdump 3.9.4? Guy Harris (Mar 10)
- Re: CVE-2007-1218 applicable to tcpdump 3.9.4? Florian Weimer (Mar 12)
- Re: CVE-2007-1218 applicable to tcpdump 3.9.4? Guy Harris (Mar 12)
- Re: CVE-2007-1218 applicable to tcpdump 3.9.4? Florian Weimer (Mar 12)
- Re: CVE-2007-1218 applicable to tcpdump 3.9.4? Guy Harris (Mar 10)