• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

TCPDump AFS Signed Integer Buffer Overflow Vulnerability

tcpdump is a freely available software package designed for analyzing network traffic in real-time.

A problem with tcpdump makes it possible for a remote user to execute arbitrary code. Due to a problem in the handling of input, AFS packet headers are handled as a signed integer. They're later passed through functions as unsigned integers, making it possible to overflow a buffer within the tcpdump program. This could result in a stack-based overflow, the overwriting of stack variables, and execution of arbitrary code. Since tcpdump is run by root or with SUID privileges, this could lead to the execution of code as root.