CVE-2005-1280

tcpdump < 3.9.1 - Denial of Service via RSVP Packet Length 4

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-1280. PoCs published by vade79.

AI-analyzed exploit summary This exploit targets a denial-of-service vulnerability in tcpdump and Ethereal (now Wireshark) by sending a malformed RSVP packet that triggers an infinite loop in the rsvp_print() function. The payload is crafted to exploit a zero-length condition in RSVP_OBJ_ERO/RRO handling.

Description

The rsvp_print function in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted RSVP packet of length 4.

Exploits (1)

exploitdb WORKING POC VERIFIED

by vade79 · cdosmultiple

https://www.exploit-db.com/exploits/956

View Code ZIP pw:eip

This exploit targets a denial-of-service vulnerability in tcpdump and Ethereal (now Wireshark) by sending a malformed RSVP packet that triggers an infinite loop in the rsvp_print() function. The payload is crafted to exploit a zero-length condition in RSVP_OBJ_ERO/RRO handling.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: tcpdump (v3.8.x, v3.9.1, CVS), Ethereal (v0.10.10)

No auth needed

Prerequisites: Raw socket permissions · Network access to target

MITRE ATT&CK