Signature Detail
Short Name |
APP:ETHEREAL:TCPDUMP-ISAKMP-DOS |
|---|---|
Severity |
Medium |
Recommended |
No |
Category |
APP |
Keywords |
TCPDump ISAKMP Packet Parsing DoS |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
APP: TCPDump ISAKMP Packet Parsing DoS
This signature detects attempts to exploit a known vulerability against TCPDump. TCPDump versions 3.6, 3.6.3, and 3.7.1 built against LIBPCAP versions .6 and .7 on both the Linux and FreeBSD platforms are vulnerable. Attackers can send a maliciously crafted packet to port UDP/500 that TCPDump attempts to parse as an ISAKMP packet, causing TCPDump to enter an infinite loop.
Extended Description
It has been reported that tcpdump is vulnerable to a denial of service when some packet types are received. By sending a maliciously formatted packet to a system using a vulnerable version of tcpdump, it is possible for a remote user to cause tcpdump to ignore network traffic from the time the packet is received until the application is terminated and restarted.
Affected Products
- LBL tcpdump 3.5.2
- LBL tcpdump 3.6.2
- LBL tcpdump 3.7.0
- LBL tcpdump 3.7.1
- SuSE Linux 8.0.0
- SuSE Linux 8.1.0
- SuSE Linux Personal 8.2.0
- SuSE Linux Personal 9.0.0
- SuSE Linux Personal 9.0.0 X86 64
References