Tcpdump Boundary Checking Error in 'print-isakmp.c' Lets Remote Users Crash Tcpdump - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Generic) > Tcpdump

Vendors: Tcpdump.org

Tcpdump Boundary Checking Error in 'print-isakmp.c' Lets Remote Users Crash Tcpdump

SecurityTracker Alert ID: 1009593

SecurityTracker URL: http://securitytracker.com/id/1009593

CVE Reference: CAN-2004-0183, CAN-2004-0184 (Links to External Site)

Updated: Mar 30 2004

Original Entry Date: Mar 30 2004

Impact: Denial of service via network

Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes

Version(s): prior to 3.8.2

Description: Two vulnerabilities were reported in tcpdump. A remote user can cause tcpdump to crash when in a certain configuration.

The tcpdump vendor reported that 'print-isakmp.c' does not properly validate user-supplied input in ISAKMP packets. A remote user can send a specially crafted packet to trigger the flaw.

Rapid7 subsequently issued an advisory [see the Message History] that provided additional details. The advisory indicated that the vulnerability applies only in the verbose packet display (-v) mode.

A remote user can send a specially crafted ISAKMP Delete payload with a large number of Security Protocol Identifiers (SPIs) to cause the tcpdump application to crash [CVE: CAN-2004-0183] due to a buffer overflow.

It is also reported that a remote user can send an ISAKMP Identification payload with a specially crafted payload length value that is less than 8 to cause tcpdump to crash [CVE: CAN-2004-0184].

The Rapid7 advisory provides additional details and is available at:

http://www.rapid7.com/advisories/R7-0017.html

Impact: A remote user can cause tcpdump to crash.

Solution: The vendor has released a fixed version (3.8.3), available at:

http://tcpdump.org/release/tcpdump-3.8.3.tar.gz
http://tcpdump.org/

[Editor's note: The vendor states that version 3.8.3 is identical to 3.8.2, but the version number was incremented to match the libpcap version number.]

Vendor URL: tcpdump.org/tcpdump-changes.txt (Links to External Site)

Cause: Boundary error

Underlying OS: Linux (Any), UNIX (Any)

Message History: This archive entry has one or more follow-up message(s) listed below.

Mar 30 2004	(Trustix Issues Fix) Tcpdump Boundary Checking Error in 'print-isakmp.c' Lets Remote Users Crash Tcpdump (Trustix Security Advisor <tsl@trustix.org>) Trustix has released a fix.
Mar 30 2004	(Advisory is Available) Tcpdump Boundary Checking Error in 'print-isakmp.c' Lets Remote Users Crash Tcpdump (advisory@rapid7.com) Rapid7 has released their advisory.
Apr 7 2004	(Debian Issues Fix) Tcpdump Boundary Checking Error in 'print-isakmp.c' Lets Remote Users Crash Tcpdump (Matt Zimmerman <mdz@debian.org>) Debian has released a fix.
Apr 15 2004	(Mandrake Issues Fix) Tcpdump Boundary Checking Error in 'print-isakmp.c' Lets Remote Users Crash Tcpdump (Mandrake Linux Security Team <security@linux-mandrake.com>) Mandrake has released a fix.
May 19 2004	(Fedora Issues Fix) Tcpdump Boundary Checking Error in 'print-isakmp.c' Lets Remote Users Crash Tcpdump (Harald Hoyer <harald@redhat.com>) Fedora has released a fix.
May 26 2004	(Red Hat Issues Fix for RH Enterprise Linux) Tcpdump Boundary Checking Error in 'print-isakmp.c' Lets Remote Users Crash Tcpdump (bugzilla@redhat.com) Red Hat has released a fix for Red Hat Enterprise Linux 2.1 and 3.
Sep 8 2004	(Apple Issues Fix) Tcpdump Boundary Checking Error in 'print-isakmp.c' Lets Remote Users Crash Tcpdump (Apple Product Security <product-security@apple.com>) Apple has released a fix for Mac OS X.
Sep 29 2004	(Red Hat Issues Fix for Red Hat Linux) Tcpdump Boundary Checking Error in 'print-isakmp.c' Lets Remote Users Crash Tcpdump (Dominic Hargreaves <dom@earth.li>) Red Hat issues fix for Red Hat Linux 7.3 and 9.

Source Message Contents

Date: Tue, 30 Mar 2004 10:54:14 -0500
Subject: http://tcpdump.org/tcpdump-changes.txt


http://tcpdump.org/tcpdump-changes.txt

 > Mon.   March 29, 2004. mcr@sandelman.ottawa.on.ca. Summary for 3.8.2 release

 >	Fixes for print-isakmp.c      CVE:    CAN-2004-0183, CAN-2004-0184
 >	  		     http://www.rapid7.com/advisories/R7-0017.html

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC