tcpdump is prone to a vulnerability that may allow a remote attacker to cause a denial of service condition in the software. The issue occurs due to the way tcpdump decodes Intermediate System to Intermediate System (ISIS) packets. A remote attacker may cause the software to enter an infinite loop by sending malformed ISIS packets resulting in the software hanging.
tcpdump versions up to and including 3.9.x/CVS are reported prone to this issue.
Steps to Reproduce:
I suspect that it's a duplicate of http://www.securityfocus.com/bid/13391/info/
but I'm not sure (maybe bug #13391's solution depends on this bug's solution).
Anyway, an exploit for this specific security bug is available:
Correction: when I wrote "#13391", I was refering to securityfocus' number ofcourse.
Gentoo's bug number about that issue is 90539 ( http://bugs.gentoo.org/show_bug.cgi?id=90539 ). Sorry.
Patches are showing up in their CVS, see for example :
Given the scope of this (denying service to a packet logger), probably better to wait for their release.
It seems that Fedora released some updates that fix these problems. You might want to check http://secunia.com/advisories/15237/
Or in http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ check:
Ubuntu also released their fix. Netmon please provide an updated ebuild.
Created attachment 58223 [details, diff]
This patch is based off Debian's 50_misc_dos.dpatch.
Marcelo/netmon please commit an updated ebuild. Security can handle stable marking if necessary.
tcpdump-3.8.3-r2.ebuild in CVS, ready for keywording
x86 and ppc stable.
Stable on hppa.
ppc64 is stable
Stable on alpha + ia64.
mips, arm please remember to mark stable to benefit from the GLSA.
Later version already stable on mips.