Vulnerability Note VU#738518

tcpdump contains vulnerability in ISAKMP decoding routine

Original Release date: 16 Jan 2004 | Last revised: 22 Jan 2004


tcpdump contains a vulnerability in the way it decodes Internet Security Association and Key Management Protocol (ISAKMP) packets.


tcpdump is a widely-used network sniffer that is capable of decoding ISAKMP packets. A vulnerability exists in the way tcpdump parses specially crafted ISAKMP packets.


A remote attacker could cause tcpdump to enter an infinite loop or possibly execute arbitrary code with privileges of the tcpdump process.


Upgrade or Apply Patch

Upgrade or apply a patch as specified by your vendor.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
DebianAffected16 Jan 200420 Jan 2004
Guardian Digital Inc. Affected16 Jan 200420 Jan 2004
OpenPKGAffected-21 Jan 2004
Red Hat Inc.Affected16 Jan 200421 Jan 2004
SuSE Inc.Affected16 Jan 200420 Jan 2004
tcpdump.orgAffected-16 Jan 2004
TrustixAffected-20 Jan 2004
TurboLinuxAffected16 Jan 200422 Jan 2004
HitachiNot Affected16 Jan 200422 Jan 2004
Openwall GNU/*/LinuxNot Affected-20 Jan 2004
Apple Computer Inc.Unknown-20 Jan 2004
ConectivaUnknown-20 Jan 2004
Cray Inc.Unknown-20 Jan 2004
EMC CorporationUnknown-20 Jan 2004
FreeBSDUnknown-20 Jan 2004
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A



This vulnerability was originally reported by Red Hat, Inc. Red Hat, in turn, credits George Bakos for discovering this vulnerability.

This document was written by Damon Morda.

Other Information

  • CVE IDs: CAN-2003-0989
  • Date Public: 14 Jan 2004
  • Date First Published: 16 Jan 2004
  • Date Last Updated: 22 Jan 2004
  • Severity Metric: 2.95
  • Document Revision: 30


If you have feedback, comments, or additional information about this vulnerability, please send us email.