freebsd security - Dec 2003 - Heads up: Does this affect FreeBSD's tcpdump?

Subject: user/3610: repetable tcpdump remote crash
Resent-Date: Sat, 20 Dec 2003 08:55:02 -0700 (MST)
Resent-From: gnats@cvs.openbsd.org (GNATS Filer)
Resent-To: bugs@cvs.openbsd.org
Date: Sat, 20 Dec 2003 16:42:25 +0100 (CET)
From: venglin@freebsd.lublin.pl
Reply-To: venglin@freebsd.lublin.pl
To: gnats@openbsd.org
>Number:         3610
>Category:       user
>Synopsis:       repetable tcpdump remote crash
>Confidential:   yes
>Severity:       critical
>Priority:       high
>Responsible:    bugs
>State:          open
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Dec 20 15:50:02 GMT 2003
>Closed-Date:
>Last-Modified:
>Originator:     Przemyslaw Frasunek
>Release:        3.3-RELEASE
>Organization:
net
>Environment:
	System      : OpenBSD 3.3
	Architecture: OpenBSD.i386
	Machine     : i386
>Description:
	Sending a packet containg 0xff,0x02 bytes to port 1701/udp causes
	a L2TP protocol parser in tcpdump to enter an infinite loop, eating
	all available memory and then segfaulting.

	This bug also affects tcpdump in -CURRENT.
>How-To-Repeat:
	tcpdump -i lo0 -n udp and dst port 1701 &
	perl -e 'print "\xff\x02"' | nc -u localhost
1701
>Fix:
	Unknown, recent versions of tcpdump are immune to this problem.

>Release-Note:
>Audit-Trail:
>Unformatted:
`

At 13:07 27/12/2003 -0700, Brett Glass wrote:
>Subject: user/3610: repetable tcpdump remote crash
>Date: Sat, 20 Dec 2003 16:42:25 +0100 (CET)
>From: venglin@freebsd.lublin.pl
>Reply-To: venglin@freebsd.lublin.pl
>To: gnats@openbsd.org
   I'm not sure, but I think this was fixed in tcpdump 3.7.1, which
was imported (and MFCed) 18 months ago.

Colin Percival