• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

TCPDump Malformed ISAKMP Packet Denial Of Service Vulnerability

Solution:
SuSE has released an advisory (SuSE-SA:2004:002), which contains fixes to address this issue. Further information about obtaining and applying fixes can be found in the advisory.

Conectiva have released an advisory (CLA-2003:629). Information about obtaining and applying fixes are available in the referenced advisory.

OpenPKG have released an advisory (OpenPKG-SA-2003.014). Information about obtaining and applying fixes are available in the referenced advisory.

MandrakeSoft has released an advisory. Information about obtaining and applying fixes are available in the referenced advisory.

Gentoo Linux has released an advisory. Users who have installed net-analyzer/tcpdump are advised to upgrade to tcpdump-3.7.2 by issuing the following commands:

emerge sync
emerge -u tcpdump
emerge clean

SuSE has released an advisory (SuSE-SA:2003:0015) which contains fixes. Further information about obtaining and applying fixes can be found in the advisory.

Red Hat has released a security advisory (RHSA-2003:032-01) that contains fixes addressing this and other tcpdump issues. Users are advised to upgrade as soon as possible.

OpenPKG has released an advisory OpenPKG-SA-2004.002 to address this and other issues. Please see the referenced advisory for more information.

The following fixes are available:


LBL tcpdump 3.5.2

• LBL tcpdump-3.7.2.tar.gz
  http://www.tcpdump.org/release/tcpdump-3.7.2.tar.gz

LBL tcpdump 3.6.2

• Debian tcpdump_3.6.2-2.3_alpha.deb
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .3_alpha.deb


• Debian tcpdump_3.6.2-2.3_arm.deb
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .3_arm.deb


• Debian tcpdump_3.6.2-2.3_hppa.deb
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .3_hppa.deb


• Debian tcpdump_3.6.2-2.3_i386.deb
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .3_i386.deb


• Debian tcpdump_3.6.2-2.3_ia64.deb
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .3_ia64.deb


• Debian tcpdump_3.6.2-2.3_m68k.deb
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .3_m68k.deb


• Debian tcpdump_3.6.2-2.3_mips.deb
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .3_mips.deb


• Debian tcpdump_3.6.2-2.3_mipsel.deb
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .3_mipsel.deb


• Debian tcpdump_3.6.2-2.3_powerpc.deb
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .3_powerpc.deb


• Debian tcpdump_3.6.2-2.3_s390.deb
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .3_s390.deb


• Debian tcpdump_3.6.2-2.3_sparc.deb
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .3_sparc.deb


• LBL tcpdump-3.7.2.tar.gz
  http://www.tcpdump.org/release/tcpdump-3.7.2.tar.gz


• Red Hat arpwatch-2.1a11-17.7.1.2.i386.rpm
  ftp://updates.redhat.com/7.1/en/os/i386/arpwatch-2.1a11-17.7.1.2.i386. rpm


• Red Hat arpwatch-2.1a11-17.7.2.2.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/arpwatch-2.1a11-17.7.2.2.i386. rpm


• Red Hat arpwatch-2.1a11-17.7.2.2.ia64.rpm
  ftp://updates.redhat.com/7.2/en/os/ia64/arpwatch-2.1a11-17.7.2.2.ia64. rpm


• Red Hat arpwatch-2.1a11-17.7.3.2.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/arpwatch-2.1a11-17.7.3.2.i386. rpm


• Red Hat arpwatch-2.1a11-17.8.0.2.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/arpwatch-2.1a11-17.8.0.2.i386. rpm


• Red Hat libpcap-0.6.2-17.7.1.2.i386.rpm
  ftp://updates.redhat.com/7.1/en/os/i386/libpcap-0.6.2-17.7.1.2.i386.rp m


• Red Hat libpcap-0.6.2-17.7.2.2.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/libpcap-0.6.2-17.7.2.2.i386.rp m


• Red Hat libpcap-0.6.2-17.7.2.2.ia64.rpm
  ftp://updates.redhat.com/7.2/en/os/ia64/libpcap-0.6.2-17.7.2.2.ia64.rp m


• Red Hat libpcap-0.6.2-17.7.3.2.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/libpcap-0.6.2-17.7.3.2.i386.rp m


• Red Hat libpcap-0.6.2-17.8.0.2.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/libpcap-0.6.2-17.8.0.2.i386.rp m


• Red Hat tcpdump-3.6.3-17.7.1.2.i386.rpm
  ftp://updates.redhat.com/7.1/en/os/i386/tcpdump-3.6.3-17.7.1.2.i386.rp m


• Red Hat tcpdump-3.6.3-17.7.2.2.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/tcpdump-3.6.3-17.7.2.2.i386.rp m


• Red Hat tcpdump-3.6.3-17.7.2.2.ia64.rpm
  ftp://updates.redhat.com/7.2/en/os/ia64/tcpdump-3.6.3-17.7.2.2.ia64.rp m


• Red Hat tcpdump-3.6.3-17.7.3.2.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/tcpdump-3.6.3-17.7.3.2.i386.rp m


• Red Hat tcpdump-3.6.3-17.8.0.2.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/tcpdump-3.6.3-17.8.0.2.i386.rp m


• SuSE tcpdump-3.6.2-322.i386.patch.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.0/n1/tcpdump-3.6.2-322.i386. patch.rpm


• SuSE tcpdump-3.6.2-207.ppc.rpm
  ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n1/tcpdump-3.6.2-207.ppc.rp m


• SuSE tcpdump-3.6.2-321.i386.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/7.3/n1/tcpdump-3.6.2-321.i386. rpm


• SuSE tcpdump-3.6.2-322.i386.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.0/n1/tcpdump-3.6.2-322.i386. rpm


• SuSE tcpdump-3.6.2-65.sparc.rpm
  ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n1/tcpdump-3.6.2-65.sparc .rpm

LBL tcpdump 3.7

• LBL tcpdump-3.7.2.tar.gz
  http://www.tcpdump.org/release/tcpdump-3.7.2.tar.gz

LBL tcpdump 3.7.1

• LBL tcpdump-3.7.2.tar.gz
  http://www.tcpdump.org/release/tcpdump-3.7.2.tar.gz


• OpenPKG tcpdump-3.7.1-1.2.1.src.rpm
  ftp://ftp.openpkg.org/release/1.2/UPD/tcpdump-3.7.1-1.2.1.src.rpm


• SuSE tcpdump-3.7.1-198.i586.patch.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/tcpdump-3.7.1-198 .i586.patch.rpm


• SuSE tcpdump-3.7.1-198.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/tcpdump-3.7.1-198 .i586.rpm

S.u.S.E. Linux 8.0

• S.u.S.E. tcpdump-3.6.2-330.i386.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.0/n1/tcpdump-3.6.2-330.i386. rpm

S.u.S.E. Linux 8.1

• S.u.S.E. tcpdump-3.7.1-341.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/tcpdump-3.7.1-341 .i586.rpm

S.u.S.E. Linux Personal 8.2

• S.u.S.E. tcpdump-3.7.1-341.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/tcpdump-3.7.1-341 .i586.rpm

S.u.S.E. Linux Personal 9.0

• S.u.S.E. tcpdump-3.7.2-72.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/tcpdump-3.7.2-72. i586.rpm

S.u.S.E. Linux Personal 9.0 x86_64

• S.u.S.E. tcpdump-3.7.2-68.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/tcpdump-3.7.2 -68.x86_64.rpm