• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

TCPDump ISAKMP Decoding Routines Denial Of Service Vulnerability

Solution:
Gentoo Linux has released an advisory (GLSA 200404-03) and updates to address this issue. Gentoo advises users to upgrade to the latest available version, it is advised that the net-libs/libpcap package should also be upgraded. This can be accomplished by issuing the following series of commands:
#emerge sync
#emerge -pv ">=net-libs/libpcap-0.8.3-r1" ">=net-analyzer/tcpdump-3.8.3-r1"
#emerge ">=net-libs/libpcap-0.8.3-r1" ">=net-analyzer/tcpdump-3.8.3-r1"

Red Hat has released an advisory for Fedora (FEDORA-2004-090). This advisory contains fixes to address several vulnerabilities in tcpdump. Fedora users may use the up2date utility to obtain and apply appropriate fixes; alternatively users may apply fixes (linked below) manually. See referenced advisory for further details.

Apple has released Security Update 2004-02-23 and fixes to address this issue. See referenced advisory for further details.

SuSE has released an advisory SuSE-SA:2004:002 to address this issue. Please see the referenced advisory for more information.

RedHat has released advisory RHSA-2004:007 to address this issue. Please see the referenced advisory for more information.

RedHat has released advisory RHSA-2004:008 to address this issue. Please see the referenced advisory for more information.

Debian has released advisory DSA-425-1 to address this issue. Please see the referenced advisory for more information.

Mandrake has released advisory MDKSA-2004:008 to address this issue. Please see the referenced advisory for more information.

SGI has released an advisory 20040103-01-U with fixes to address this and other issues. Please see the referenced advisory for more information.

Fedora Legacy (FLSA:1222) has released an advisory including updates for various Red Hat releases. Please see the referenced advisory for more details on obtaining and applying fixes.

SGI has released an advisory 20040202-01-U to address this and other issues in SGI ProPack 2.4. Please see the referenced advisory for more information. Fixes are available below:

SCO has released advisory CSSA-2004-008.0 to address this issue.

RedHat has released an advisory FEDORA-2004-091 to address this and other issues in Fedora. Please see the referenced advisory for more information.

Conectiva has released an advisory CLSA-2004:832 to address this and other issues in tcpdump. Please see the advisory in web references for more information.

SCO has released advisory SCOSA-2004.9 to address this and other issues in tcpdump. Please see the referenced advisory for further information on obtaining fixes.


RedHat Fedora Core1

• Fedora arpwatch-2.1a11-7.fc1.1.i386.rpm
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386 /arpwatch-2.1a11-7.fc1.1.i386.rpm


• Fedora libpcap-0.7.2-7.fc1.1.i386.rpm
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386 /libpcap-0.7.2-7.fc1.1.i386.rpm


• Fedora tcpdump-3.7.2-7.fc1.1.i386.rpm
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386 /tcpdump-3.7.2-7.fc1.1.i386.rpm


• Fedora tcpdump-debuginfo-3.7.2-7.fc1.1.i386.rpm
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386 /debug/tcpdump-debuginfo-3.7.2-7.fc1.1.i386.rpm

Apple Mac OS X 10.2.8

• Apple SecUpd2004-02-23Jag.dmg
  http://www.info.apple.com/kbnum/n120277

Apple Mac OS X Server 10.2.8

• Apple SecUpdSrvr2004-02-23Jag.dmg
  http://www.info.apple.com/kbnum/n120322

Apple Mac OS X 10.3.2

• Apple SecUpd2004-02-23Pan.dmg
  http://www.info.apple.com/kbnum/n120323

Apple Mac OS X Server 10.3.2

• Apple SecUpdSrvr2004-02-23Pan.dmg
  http://www.info.apple.com/kbnum/n120324

SGI ProPack 2.3

• SGI patch10043.tar.gz
  ftp://patches.sgi.com/support/free/security/patches/ProPack/2.3/

SGI ProPack 2.4

• SGI patch10044.tar.gz
  ftp://patches.sgi.com/support/free/security/patches/ProPack/2.4/patch1 0044.tar.gz

LBL tcpdump 3.6.2

• Debian tcpdump_3.6.2-2.4_mipsel.deb
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .4_mipsel.deb


• Debian tcpdump_3.6.2-2.7_alpha.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .7_alpha.deb


• Debian tcpdump_3.6.2-2.7_arm.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .7_arm.deb


• Debian tcpdump_3.6.2-2.7_hppa.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .7_hppa.deb


• Debian tcpdump_3.6.2-2.7_i386.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .7_i386.deb


• Debian tcpdump_3.6.2-2.7_ia64.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .7_ia64.deb


• Debian tcpdump_3.6.2-2.7_m68k.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .7_m68k.deb


• Debian tcpdump_3.6.2-2.7_mips.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .7_mips.deb


• Debian tcpdump_3.6.2-2.7_powerpc.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .7_powerpc.deb


• Debian tcpdump_3.6.2-2.7_s390.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .7_s390.deb


• Debian tcpdump_3.6.2-2.7_sparc.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .7_sparc.deb


• SCO tcpdump-3.8.1-1.i386.rpm
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-008.0/R PMS/tcpdump-3.8.1-1.i386.rpm


• SCO tcpdump-3.8.1-1.i386.rpm
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2004-00 8.0/RPMS/tcpdump-3.8.1-1.i386.rpm

LBL tcpdump 3.7.1

• Conectiva tcpdump-3.7.1-351.i586.rpm
  ftp://ul.conectiva.com.br/updates/1.0/RPMS.core/tcpdump-3.7.1-351.i586 .rpm

LBL tcpdump 3.7.2

• Mandrake tcpdump-3.7.2-2.1.91mdk.i586.rpm
  Mandrake Linux 9.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake tcpdump-3.7.2-2.1.91mdk.ppc.rpm
  Mandrake Linux 9.1/PPC
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake tcpdump-3.7.2-2.1.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake tcpdump-3.7.2-2.1.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake tcpdump-3.7.2-2.1.C21mdk.i586.rpm
  Mandrake Corporate Server 2.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake tcpdump-3.7.2-2.1.C21mdk.x86_64.rpm
  Mandrake Corporate Server 2.1/X86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake tcpdump-3.7.2-2.1.M82mdk.i586.rpm
  Mandrake Multi Network Firewall 8.2
  http://www.mandrakesecure.net/en/ftp.php