16503 – tcpdump DOS security vulnerability CAN-2003-0108

Bug 16503 - tcpdump DOS security vulnerability CAN-2003-0108

Summary: tcpdump DOS security vulnerability CAN-2003-0108

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	High critical (vote)
Assignee:	Gentoo Security

URL:	http://www.idefense.com/advisory/02.2...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2003-02-27 16:59 UTC by Bug Hunter
Modified:	2003-03-05 05:20 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Bug Hunter 2003-02-27 16:59:48 UTC

From the advisory:
=======================================================

A vulnerability exists in the parsing of ISAKMP packets (UDP port 500)
that allows an attacker to force TCPDUMP into an infinite loop upon
receipt of a specially crafted packet. 

Solution:

This vulnerability was already closed by Guy Harris during routine
development; users of the CVS version downloaded since September 6, 2002
(revision 1.34 of print-isakmp.c) are not vulerable.  The new 3.7.2
tcpdump release includes this and a couple of additional security
fixes; the 0.7.2 libpcap release includes new functionality but no
security fixes.

The following packages are available:

http://www.tcpdump.org/release/tcpdump-3.7.2.tar.gz
http://www.tcpdump.org/release/libpcap-0.7.2.tar.gz


Reproducible: Always
Steps to Reproduce:

Comment 1 Daniel Ahlberg (RETIRED) gentoo-dev

2003-03-05 05:20:47 UTC

glsa sent