GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Tue Sep 20, 2005 2:09 pm Post subject: [ GLSA 200509-14 ] Zebedee: Denial of Service vulnerability |
 |
|
Gentoo Linux Security Advisory
Title: Zebedee: Denial of Service vulnerability (GLSA 200509-14)
Severity: normal
Exploitable: remote
Date: September 20, 2005
Updated: May 22, 2006
Bug(s): #105115
ID: 200509-14
Synopsis
A bug in Zebedee allows a remote attacker to perform a Denial of Service
attack.
Background
Zebedee is an application that establishes an encrypted, compressed
tunnel for TCP/IP or UDP data transfer between two systems.
Affected Packages
Package: net-misc/zebedee
Vulnerable: < 2.5.3
Unaffected: >= 2.4.1-r1 < 2.4.2
Unaffected: >= 2.5.3
Architectures: All supported architectures
Description
"Shiraishi.M" reported that Zebedee crashes when "0" is received as the
port number in the protocol option header.
Impact
By performing malformed requests a remote attacker could cause Zebedee
to crash.
Workaround
There is no known workaround at this time.
Resolution
All Zebedee users should upgrade to the latest version:
| Code: | # emerge --sync
# emerge --ask --oneshot --verbose net-misc/zebedee |
References
BugTraq ID 14796
CVE-2005-2904
Last edited by GLSA on Sun Jan 10, 2010 4:20 am; edited 6 times in total |
|
News & Announcements
