Gentoo Logo

Zebedee: Denial of Service vulnerability


1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200509-14 / zebedee
Release Date September 20, 2005
Latest Revision May 22, 2006: 02
Impact normal
Exploitable remote
Package Vulnerable versions Unaffected versions Architecture(s)
net-misc/zebedee < 2.5.3 revision >= 2.4.1-r1, >= 2.5.3 All supported architectures

Related bugreports: #105115


A bug in Zebedee allows a remote attacker to perform a Denial of Service attack.

2.  Impact Information


Zebedee is an application that establishes an encrypted, compressed tunnel for TCP/IP or UDP data transfer between two systems.


"Shiraishi.M" reported that Zebedee crashes when "0" is received as the port number in the protocol option header.


By performing malformed requests a remote attacker could cause Zebedee to crash.

3.  Resolution Information


There is no known workaround at this time.


All Zebedee users should upgrade to the latest version:

Code Listing 3.1: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose net-misc/zebedee

4.  References


Page updated September 20, 2005

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2015 Gentoo Foundation, Inc. Questions, Comments? Contact us.