IKE: TCP Hump

This protocol anomaly is a malformed packet designed to exploit a vulnerability in the ISAKMP parsing routines of the tcpdump program. Attackers can send maliciously crafted packets on the network to remotely execute arbitrary code with the privileges of the tcpdump process, causing a denial of service (DoS).

Extended Description

It has been reported that tcpdump may be prone to multiple remote buffer overflow vulnerabilities that may allow an attacker to gain unauthorized access to a system. It has been reported that a remote attacker may be able to cause a buffer overrun condition by sending specially crafted packets to a vulnerable system. Immediate consequences of a successful attack may cause a denial of service condition in the software. The attacker may also be able to execute arbitrary code on a vulnerable system as the 'pcap' user. Some of the issues are reported to affect tcpdump versions prior to 3.8.1 and others reportedly affect all versions up to and including tcpdump 3.8.1. This vulnerability record will be divided into multiple Bugtraq IDs when analysis of the individual issues is complete.

Affected Products

Lbl tcpdump

References

BugTraq: 9423

CVE: CVE-2004-0057

URL: http://downloads.securityfocus.com/vulnerabilities/exploits/ST-tcphump.c http://www.kb.cert.org/vuls/id/174086

Short Name

IKE:DOS:TCP-HUMP

Severity

Major

Recommended

False

Recommended Action

None

IKE: TCP Hump

Extended Description

Affected Products

References

Found a potential security threat?