Intrusion Prevention

TCPDUMP.ISAKMP.Delete.Payload.DoS

Description

This indicates a possible attempt to exploit a denial-of-service vulnerability in TCPDUMP.
The vulnerability is due to the way ISAKMP Delete payloads are handled. A remote attacker may exploit this to cause a denial of service.

Affected Products

SGI ProPack 3.0
SGI ProPack 2.4
RedHat Linux 9.0 i386
RedHat Linux 7.3
LBL tcpdump 3.8.1
LBL tcpdump 3.7.2
LBL tcpdump 3.7.1
LBL tcpdump 3.7
LBL tcpdump 3.6.3
LBL tcpdump 3.6.2
LBL tcpdump 3.5.2
LBL tcpdump 3.5 alpha
LBL tcpdump 3.5
LBL tcpdump 3.4 a6
LBL tcpdump 3.4

Impact

Denial of service.

Recommended Actions

This is addressed in tcpdump 3.8.3.
The following is a list of advisories that are released concerning this issue:
Mandrake: MDKSA-2004:030
Trustix: 2004-0015
Debian: DSA 478-1
OpenPKG:SA-2004.010
Slackware: SSA:2004-108-01
RedHat: FEDORA-2004-120 for Fedora, RHSA-2004:219-07 for Red Hat Linux Enterprise platforms. Customers may use the Red Hat Update Agent (up2date) to apply the appropriate patches.
Turbolinux: TLSA-2004-16
SGI: 20040603-01-U for SGI ProPack 3, 20040602-01-U for SGI ProPack 2.4
The Fedora Legacy project: FLSA:1468

CVE References

CVE-2004-0183