Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 APP:ETHEREAL:TCPDUMP-ISAKMP-DOS

Severity

 Minor

Recommended

 No

Category

 APP

Keywords

 TCPDump ISAKMP Packet Parsing DoS

Release Date

 2003/04/22

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

APP: TCPDump ISAKMP Packet Parsing DoS


This signature detects attempts to exploit a known vulerability against TCPDump. TCPDump versions 3.6, 3.6.3, and 3.7.1 built against LIBPCAP versions .6 and .7 on both the Linux and FreeBSD platforms are vulnerable. Attackers can send a maliciously crafted packet to port UDP/500 that TCPDump attempts to parse as an ISAKMP packet, causing TCPDump to enter an infinite loop.

Extended Description

It has been reported that tcpdump is vulnerable to a denial of service when some packet types are received. By sending a maliciously formatted packet to a system using a vulnerable version of tcpdump, it is possible for a remote user to cause tcpdump to ignore network traffic from the time the packet is received until the application is terminated and restarted.

Affected Products

  • Lbl tcpdump 3.5.2
  • Lbl tcpdump 3.6.2
  • Lbl tcpdump 3.7.0
  • Lbl tcpdump 3.7.1
  • Suse linux 8.0.0
  • Suse linux 8.1.0
  • Suse linux_personal 8.2.0
  • Suse linux_personal 9.0.0
  • Suse linux_personal 9.0.0 X86 64

References

  • BugTraq: 6974
  • CVE: CVE-2003-0108
  • URL: http://lists.grok.org.uk/pipermail/full-disclosure/2003-February/004004.html

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out