SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Generic)  >  Tcpdump Vendors:  Tcpdump.org
Tcpdump Boundary Checking Error in 'print-isakmp.c' Lets Remote Users Crash Tcpdump
SecurityTracker Alert ID:  1009593
SecurityTracker URL:  http://securitytracker.com/id?1009593
CVE Reference:  CAN-2004-0183 ,  CAN-2004-0184   (Links to External Site)
Updated:  Mar 30 2004
Original Entry Date:  Mar 30 2004
Impact:  Denial of service via network
Fix Available:  Yes   Exploit Included:  Yes   Vendor Confirmed:  Yes  
Version(s): prior to 3.8.2
Description:  Two vulnerabilities were reported in tcpdump. A remote user can cause tcpdump to crash when in a certain configuration.

The tcpdump vendor reported that 'print-isakmp.c' does not properly validate user-supplied input in ISAKMP packets. A remote user can send a specially crafted packet to trigger the flaw.

Rapid7 subsequently issued an advisory [see the Message History] that provided additional details. The advisory indicated that the vulnerability applies only in the verbose packet display (-v) mode.

A remote user can send a specially crafted ISAKMP Delete payload with a large number of Security Protocol Identifiers (SPIs) to cause the tcpdump application to crash [CVE: CAN-2004-0183] due to a buffer overflow.

It is also reported that a remote user can send an ISAKMP Identification payload with a specially crafted payload length value that is less than 8 to cause tcpdump to crash [CVE: CAN-2004-0184].

The Rapid7 advisory provides additional details and is available at:

http://www.rapid7.com/advisories/R7-0017.html
Impact:  A remote user can cause tcpdump to crash.
Solution:  The vendor has released a fixed version (3.8.3), available at:

http://tcpdump.org/release/tcpdump-3.8.3.tar.gz
http://tcpdump.org/

[Editor's note: The vendor states that version 3.8.3 is identical to 3.8.2, but the version number was incremented to match the libpcap version number.]
Vendor URL:  tcpdump.org/tcpdump-changes.txt (Links to External Site)
Cause:  Boundary error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Mar 30 2004 (Trustix Issues Fix) Tcpdump Boundary Checking Error in 'print-isakmp.c' Lets Remote Users Crash Tcpdump   (Trustix Security Advisor <tsl@trustix.org>)
Trustix has released a fix.
Mar 30 2004 (Advisory is Available) Tcpdump Boundary Checking Error in 'print-isakmp.c' Lets Remote Users Crash Tcpdump   (advisory@rapid7.com)
Rapid7 has released their advisory.
Apr 7 2004 (Debian Issues Fix) Tcpdump Boundary Checking Error in 'print-isakmp.c' Lets Remote Users Crash Tcpdump   (Matt Zimmerman <mdz@debian.org>)
Debian has released a fix.
Apr 15 2004 (Mandrake Issues Fix) Tcpdump Boundary Checking Error in 'print-isakmp.c' Lets Remote Users Crash Tcpdump   (Mandrake Linux Security Team <security@linux-mandrake.com>)
Mandrake has released a fix.
May 19 2004 (Fedora Issues Fix) Tcpdump Boundary Checking Error in 'print-isakmp.c' Lets Remote Users Crash Tcpdump   (Harald Hoyer <harald@redhat.com>)
Fedora has released a fix.
May 26 2004 (Red Hat Issues Fix for RH Enterprise Linux) Tcpdump Boundary Checking Error in 'print-isakmp.c' Lets Remote Users Crash Tcpdump   (bugzilla@redhat.com)
Red Hat has released a fix for Red Hat Enterprise Linux 2.1 and 3.
Sep 8 2004 (Apple Issues Fix) Tcpdump Boundary Checking Error in 'print-isakmp.c' Lets Remote Users Crash Tcpdump   (Apple Product Security <product-security@apple.com>)
Apple has released a fix for Mac OS X.
Sep 29 2004 (Red Hat Issues Fix for Red Hat Linux) Tcpdump Boundary Checking Error in 'print-isakmp.c' Lets Remote Users Crash Tcpdump   (Dominic Hargreaves <dom@earth.li>)
Red Hat issues fix for Red Hat Linux 7.3 and 9.


 Source Message Contents
Date:  Tue, 30 Mar 2004 10:54:14 -0500
Subject:  http://tcpdump.org/tcpdump-changes.txt

 

http://tcpdump.org/tcpdump-changes.txt

 > Mon.   March 29, 2004. mcr@sandelman.ottawa.on.ca. Summary for 3.8.2 release

 >	Fixes for print-isakmp.c      CVE:    CAN-2004-0183, CAN-2004-0184
 >	  		     http://www.rapid7.com/advisories/R7-0017.html


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2004, SecurityGlobal.net LLC