---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_vacancies/ Secunia is looking for new researchers with a reversing background and experience in writing exploit code: http://secunia.com/hardcore_disassembler_and_reverse_engineer/ http://secunia.com/Disassembling_og_Reversing/ ---------------------------------------------------------------------- TITLE: tcpdump 802.11 "parse_elements()" Off-By-One Vulnerability SECUNIA ADVISORY ID: SA24318 VERIFY ADVISORY: http://secunia.com/advisories/24318/ CRITICAL: Less critical IMPACT: DoS WHERE: >From remote SOFTWARE: tcpdump 3.x http://secunia.com/product/749/ DESCRIPTION: Moritz Jodeit has reported a vulnerability in tcpdump, which potentially can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an off-by-one error within the "parse_elements()" function in print-802.11.c. This can be exploited to cause a one byte buffer overflow via a specially crafted 802.11 frame. The vulnerability is reported in version 3.9.5. Other versions may also be affected. SOLUTION: Fixed in the CVS repository. PROVIDED AND/OR DISCOVERED BY: Moritz Jodeit ORIGINAL ADVISORY: http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/052739.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------