Vulnerability in TCPDUMP network sniffer
Using TCPDUMP to sniff the network might cause problems. Attackers might exploit a vulnerability in the sniffing software using crafted packets to inject arbitrary code. Security researcher mu-b of digit-labs.org has detected this hole and has published a code demo to illustrate the bug.
Based on an unfiltered integer overflow in the print-bgp.c file, specially crafted border gateway protocol (BGP) packets may cause a buffer overflow in a snprintf() function which can crash the software or execute injected arbitrary code.
The bug affects TCPDUMP 3.9.6 and older versions. While no updates have been provided yet, the developers have already fixed the bug in the version management system. Users of the software may patch their source code themselves and recompile the software. Linux distributors can be expected to distribute updated packages soon.
- Source code patch in the TCPDUMP version management system
- Vulnerability demonstration by mu-b of digit-labs.org