SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Tcpdump Vendors:   Tcpdump.org
(Fedora Issues Fix) Tcpdump Boundary Checking Error in 'print-isakmp.c' Lets Remote Users Crash Tcpdump
SecurityTracker Alert ID:  1010226
SecurityTracker URL:  http://securitytracker.com/id/1010226
CVE Reference:   CVE-2004-0183, CVE-2004-0184   (Links to External Site)
Date:  May 19 2004
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 3.7.2-8.fc1.2
Description:   Two vulnerabilities were reported in tcpdump. A remote user can cause tcpdump to crash when in a certain configuration.

The tcpdump vendor reported that 'print-isakmp.c' does not properly validate user-supplied input in ISAKMP packets. A remote user can send a specially crafted packet to trigger the flaw.

Rapid7 subsequently issued an advisory [see the Message History] that provided additional details. The advisory indicated that the vulnerability applies only in the verbose packet display (-v) mode.

A remote user can send a specially crafted ISAKMP Delete payload with a large number of Security Protocol Identifiers (SPIs) to cause the tcpdump application to crash [CVE: CVE-2004-0183] due to a buffer overflow.

It is also reported that a remote user can send an ISAKMP Identification payload with a specially crafted payload length value that is less than 8 to cause tcpdump to crash [CVE: CVE-2004-0184].

The Rapid7 advisory provides additional details and is available at:

http://www.rapid7.com/advisories/R7-0017.html

Impact:   A remote user can cause tcpdump to crash.
Solution:   Fedora has released a fix, available at:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/

c11dc7a9af4766ca018405339f6e8b0d SRPMS/tcpdump-3.7.2-8.fc1.2.src.rpm
f7de913568498b8b38788d2fc673162e i386/tcpdump-3.7.2-8.fc1.2.i386.rpm
13f09fefc188bfa47b0dc993eadabcd7 i386/libpcap-0.7.2-8.fc1.2.i386.rpm
5bdc0b8f388497e475b7091b5175c6c6 i386/arpwatch-2.1a11-8.fc1.2.i386.rpm
2545161afba66a197a54233349bc0285 x86_64/tcpdump-3.7.2-8.fc1.2.x86_64.rpm
343dea7f180e95f86b436fc42ce34c21 x86_64/libpcap-0.7.2-8.fc1.2.x86_64.rpm
1e50e97307551fabb2aba8f8c4cf635d x86_64/arpwatch-2.1a11-8.fc1.2.x86_64.rpm

Vendor URL:  tcpdump.org/tcpdump-changes.txt (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Red Hat Fedora)
Underlying OS Comments:  FC1

Message History:   This archive entry is a follow-up to the message listed below.
Mar 30 2004 Tcpdump Boundary Checking Error in 'print-isakmp.c' Lets Remote Users Crash Tcpdump



 Source Message Contents

Subject:  [SECURITY] Fedora Core 1 Update: tcpdump-3.7.2-8.fc1.2


---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-120
2004-05-13
---------------------------------------------------------------------

Name        : tcpdump
Version     : 3.7.2
Release     : 8.fc1.2
Summary     : A network traffic monitoring tool.
Description :
Tcpdump is a command-line tool for monitoring network traffic.
Tcpdump can capture and display the packet headers on a particular
network interface or on all interfaces.  Tcpdump can display all of
the packet headers, or just the ones that match particular criteria.

Install tcpdump if you need a program to monitor network traffic.

---------------------------------------------------------------------
Update Information:

Tcpdump is a command-line tool for monitoring network traffic.

Tcpdump v3.8.1 and earlier versions contained multiple flaws in the
packet display functions for the ISAKMP protocol. Upon receiving
specially crafted ISAKMP packets, TCPDUMP would try to read beyond
the end of the packet capture buffer and subsequently crash.

Users of tcpdump are advised to upgrade to these erratum packages, which
contain backported security patches and are not vulnerable to these issues.
---------------------------------------------------------------------
* Wed May 12 2004 Harald Hoyer <harald@redhat.com> - 14:3.7.2-8.fc1.2

- CAN-2004-0183/0184 fixed


---------------------------------------------------------------------
This update can be downloaded from:
   http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/

c11dc7a9af4766ca018405339f6e8b0d  SRPMS/tcpdump-3.7.2-8.fc1.2.src.rpm
f7de913568498b8b38788d2fc673162e  i386/tcpdump-3.7.2-8.fc1.2.i386.rpm
13f09fefc188bfa47b0dc993eadabcd7  i386/libpcap-0.7.2-8.fc1.2.i386.rpm
5bdc0b8f388497e475b7091b5175c6c6  i386/arpwatch-2.1a11-8.fc1.2.i386.rpm
2545161afba66a197a54233349bc0285  x86_64/tcpdump-3.7.2-8.fc1.2.x86_64.rpm
343dea7f180e95f86b436fc42ce34c21  x86_64/libpcap-0.7.2-8.fc1.2.x86_64.rpm
1e50e97307551fabb2aba8f8c4cf635d  x86_64/arpwatch-2.1a11-8.fc1.2.x86_64.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------


--
fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC