Vulnerability Note VU#738518
tcpdump contains vulnerability in ISAKMP decoding routine
tcpdump contains a vulnerability in the way it decodes Internet Security Association and Key Management Protocol (ISAKMP) packets.
tcpdump is a widely-used network sniffer that is capable of decoding ISAKMP packets. A vulnerability exists in the way tcpdump parses specially crafted ISAKMP packets.
A remote attacker could cause tcpdump to enter an infinite loop or possibly execute arbitrary code with privileges of the tcpdump process.
If you are a vendor and your product is affected, let
us know.View More »
Upgrade or Apply Patch
Upgrade or apply a patch as specified by your vendor.
This vulnerability was originally reported by Red Hat, Inc. Red Hat, in turn, credits George Bakos for discovering this vulnerability.
This document was written by Damon Morda.
14 Jan 2004
Date First Published:
16 Jan 2004
Date Last Updated:
22 Jan 2004
If you have feedback, comments, or additional information about this vulnerability, please send us email.