Test ID:	1.3.6.1.4.1.25623.1.0.55599
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-854-1)
Summary:	The remote host is missing an update for the Debian 'tcpdump' package(s) announced via the DSA-854-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'tcpdump' package(s) announced via the DSA-854-1 advisory. Vulnerability Insight: Simon Nielsen discovered that the BGP dissector in tcpdump, a powerful tool for network monitoring and data acquisition, does not properly handle a -1 return value from an internal function that decodes data packets. A specially crafted BGP packet can cause a denial of service via an infinite loop. The old stable distribution (woody) is not affected by this problem. For the stable distribution (sarge) this problem has been fixed in version 3.8.3-5sarge1. We recommend that you upgrade your tcpdump package. Affected Software/OS: 'tcpdump' package(s) on Debian 3.1. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2005-1267 13906 http://www.securityfocus.com/bid/13906 15634 http://secunia.com/advisories/15634/ 17118 http://secunia.com/advisories/17118 2005-0028 http://www.trustix.org/errata/2005/0028/ DSA-854 http://www.debian.org/security/2005/dsa-854 FEDORA-2005-406 http://www.redhat.com/archives/fedora-announce-list/2005-June/msg00007.html FLSA:156139 http://www.securityfocus.com/archive/1/430292/100/0/threaded RHSA-2005:505 http://www.redhat.com/support/errata/RHSA-2005-505.html https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=159208 oval:org.mitre.oval:def:11148 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11148
Copyright	Copyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.