Simon L. Nielsen

Name of the Vulnerable Software and Affected Versions: tcpdump versions 3.x Description: The issue arises from the bgp update print function not properly handling a -1 return value from the decode prefix4 function. This allows remote attackers to cause a denial of service, resulting in an infinite loop, via a crafted BGP packet. Recommendations: For tcpdump versions 3.x, consider disabling the bgp update print function as a temporary workaround until a patch is available. Restrict access to the decode prefix4 function to minimize the risk of exploitation. Avoid processing crafted BGP packets in the affected tcpdump versions until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** portupgrade versions prior to 20041226 2 **Description** The issue allows local users to overwrite arbitrary files, possibly replacing packages to execute arbitrary code via `pkg fetch`, or create arbitrary zero-byte files via the `pkgdb.fixme` temporary file. Additionally, it enables overwriting arbitrary files via temporary files when portupgrade upgrades a port or package. **Recommendations** For versions prior to 20041226 2, update to version 20041226 2 or later to resolve the issue. As a temporary workaround, consider restricting access to the `pkg fetch` function and limiting the creation of temporary files during port or package upgrades. Avoid using the `pkgdb.fixme` temporary file until the issue is resolved.