Vulnerability Note VU#174086

tcpdump contains vulnerability in ISAKMP decoding function rawprint() in print-isakmp.c

Original Release date: 16 Jan 2004 | Last revised: 22 Jan 2004


tcpdump contains a vulnerability in the way it parses Internet Security Association and Key Management Protocol (ISAKMP) packets.


tcpdump is a widely-used network sniffer that is capable of decoding ISAKMP packets. A vulnerability exists in the way the tcpdump rawprint() function (in print-isakmp.c) parses certain malformed ISAKMP packets containing an invalid "len" or "loc" value. For more information, please see RHSA-2004-007.


A remote attacker could cause a denial of service or possibly execute arbitrary code with privileges of the tcpdump process.


Upgrade or Apply Patch

Upgrade or apply a patch as specified by your vendor.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
DebianAffected16 Jan 200421 Jan 2004
Guardian Digital Inc. Affected-21 Jan 2004
OpenPKGAffected-21 Jan 2004
Red Hat Inc.Affected16 Jan 200421 Jan 2004
SuSE Inc.Affected16 Jan 200421 Jan 2004
tcpdump.orgAffected-21 Jan 2004
TrusixAffected-21 Jan 2004
TurboLinuxAffected16 Jan 200422 Jan 2004
HitachiNot Affected16 Jan 200422 Jan 2004
Openwall GNU/*/LinuxNot Affected16 Jan 200421 Jan 2004
Apple Computer Inc.Unknown-21 Jan 2004
ConectivaUnknown-21 Jan 2004
Cray Inc.Unknown-21 Jan 2004
EMC CorporationUnknown16 Jan 200421 Jan 2004
FreeBSDUnknown-21 Jan 2004
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A



This vulnerability was originally reported by Red Hat, Inc. Red Hat, in turn, credits Jonathan Heusser for discovering this vulnerability.

This document was written by Damon Morda.

Other Information

  • CVE IDs: CAN-2004-0057
  • Date Public: 14 Jan 2004
  • Date First Published: 16 Jan 2004
  • Date Last Updated: 22 Jan 2004
  • Severity Metric: 2.95
  • Document Revision: 11


If you have feedback, comments, or additional information about this vulnerability, please send us email.