tcpdump is a widely-used network sniffer that is capable of decoding ISAKMP packets. A vulnerability exists in the way tcpdump parses specially crafted ISAKMP packets.
A remote attacker could cause tcpdump to enter an infinite loop or possibly execute arbitrary code with privileges of the tcpdump process.
Upgrade or Apply Patch
Guardian Digital Inc. Affected
Red Hat Inc. Affected
SuSE Inc. Affected
Hitachi Not Affected
Openwall GNU/*/Linux Not Affected
Apple Computer Inc. Unknown
Cray Inc. Unknown
EMC Corporation Unknown
Hewlett-Packard Company Unknown
Ingrian Networks Unknown
Juniper Networks Unknown
MontaVista Software Unknown
NEC Corporation Unknown
Sun Microsystems Inc. Unknown
Wind River Systems Inc. Unknown
This vulnerability was originally reported by Red Hat, Inc. Red Hat, in turn, credits George Bakos for discovering this vulnerability.
This document was written by Damon Morda.
|Date First Published:||2004-01-16|
|Date Last Updated:||2004-01-22 17:57 UTC|