Joined: 12 May 2004
|Posted: Tue Sep 20, 2005 2:09 pm Post subject: [ GLSA 200509-14 ] Zebedee: Denial of Service vulnerability
|Gentoo Linux Security Advisory
Title: Zebedee: Denial of Service vulnerability (GLSA 200509-14)
Date: September 20, 2005
Updated: May 22, 2006
A bug in Zebedee allows a remote attacker to perform a Denial of Service
Zebedee is an application that establishes an encrypted, compressed
tunnel for TCP/IP or UDP data transfer between two systems.
Vulnerable: < 2.5.3
Unaffected: >= 2.4.1-r1 < 2.4.2
Unaffected: >= 2.5.3
Architectures: All supported architectures
"Shiraishi.M" reported that Zebedee crashes when "0" is received as the
port number in the protocol option header.
By performing malformed requests a remote attacker could cause Zebedee
There is no known workaround at this time.
All Zebedee users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose net-misc/zebedee
BugTraq ID 14796
Last edited by GLSA on Sun Jan 10, 2010 4:20 am; edited 6 times in total