Gentoo Logo

Zebedee: Denial of Service vulnerability

Content:

1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200509-14 / zebedee
Release Date September 20, 2005
Latest Revision May 22, 2006: 02
Impact normal
Exploitable remote
Package Vulnerable versions Unaffected versions Architecture(s)
net-misc/zebedee < 2.5.3 revision >= 2.4.1-r1, >= 2.5.3 All supported architectures

Related bugreports: #105115

Synopsis

A bug in Zebedee allows a remote attacker to perform a Denial of Service attack.

2.  Impact Information

Background

Zebedee is an application that establishes an encrypted, compressed tunnel for TCP/IP or UDP data transfer between two systems.

Description

"Shiraishi.M" reported that Zebedee crashes when "0" is received as the port number in the protocol option header.

Impact

By performing malformed requests a remote attacker could cause Zebedee to crash.

3.  Resolution Information

Workaround

There is no known workaround at this time.

Resolution

All Zebedee users should upgrade to the latest version:

Code Listing 3.1: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose net-misc/zebedee

4.  References

Print

Page updated September 20, 2005

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.