CVE-2005-1267

tcpdump 3.x - Denial of Service via BGP Packet Handling

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-1267. PoCs published by simon.

AI-analyzed exploit summary This exploit code crafts a malformed BGP4 update message to trigger an infinite loop vulnerability in tcpdump (CVE-2005-1267). It uses libnet to construct a TCP packet with a BGP4 header and payload, designed to cause a denial-of-service condition.

Description

The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the decode_prefix4 function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted BGP packet.

Exploits (1)

exploitdb WORKING POC VERIFIED
by simon · cdosmultiple
https://www.exploit-db.com/exploits/1037

This exploit code crafts a malformed BGP4 update message to trigger an infinite loop vulnerability in tcpdump (CVE-2005-1267). It uses libnet to construct a TCP packet with a BGP4 header and payload, designed to cause a denial-of-service condition.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: tcpdump (versions prior to fix for CVE-2005-1267)
No auth needed
Prerequisites: libnet library · root privileges for raw packet injection
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (10)

Core 10
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/13906
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17118
Patch, Vendor Advisory vendor-advisory x_refsource_trustix
http://www.trustix.org/errata/2005/0028/
Patch, Vendor Advisory x_refsource_misc
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=159208
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/15634/
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2005-505.html
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11148
Patch, Vendor Advisory vendor-advisory x_refsource_fedora
http://www.redhat.com/archives/fedora-announce-list/2005-June/msg00007.html
Third Party Advisory, VDB Entry vendor-advisory x_refsource_fedora
http://www.securityfocus.com/archive/1/430292/100/0/threaded
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2005/dsa-854

Scores

EPSS 0.1350
EPSS Percentile 96.0%

Details

Status published
Products (23)
gentoo/linux
lbl/tcpdump 3.4
lbl/tcpdump 3.4a6
lbl/tcpdump 3.5
lbl/tcpdump 3.5.2
lbl/tcpdump 3.5_alpha
lbl/tcpdump 3.6.2
lbl/tcpdump 3.6.3
lbl/tcpdump 3.7
lbl/tcpdump 3.7.1
... and 13 more
Published Jun 10, 2005
Tracked Since Feb 18, 2026