Bug 152695 - tcpdump ISAKMP Packet Decoding Vulnerability
Summary: tcpdump ISAKMP Packet Decoding Vulnerability
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora Legacy
Classification: Retired
Component: Package request
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Fedora Legacy Bugs
QA Contact:
URL: http://www.rapid7.com/advisories/R7-0...
Whiteboard: LEGACY, rh73, rh90
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-04-08 14:45 UTC by John Dalbec
Modified: 2014-01-21 22:51 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-04-05 22:55:42 UTC
Embargoed:

Attachments (Terms of Use)

Description David Lawrence 2005-03-30 23:24:18 UTC 
04.14.22 CVE: CAN-2004-0183
Platform: Cross Platform
Title: tcpdump ISAKMP Packet Decoding Vulnerability
Description: tcpdump 3.8.2 and previous have been identified as having
packet decoding runtime overflow for ISAKMP packets. A hostile remote
user could crash a running instance of tcpdump or execute arbitrary
code. tcpdump 3.8.3 has been released to correct the problem.
Ref: http://www.rapid7.com/advisories/R7-0017.html



------- Additional Comments From jkeating 2004-05-18 18:39:23 ----

Seems that RH never put out an update for this for RHL9.  Was one issued for
Fedora Legacy?



------- Additional Comments From marcdeslauriers 2004-05-27 14:54:54 ----

Advisories and updates were issued for FC1:
http://fedoranews.org/updates/FEDORA-2004-092.shtml

...and RHEL:
https://rhn.redhat.com/errata/RHSA-2004-219.html




------- Additional Comments From marcdeslauriers 2004-05-27 16:02:24 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here are packages for 9:

9ecef14f1df970a085c9c5e94104fb198e0cd533  arpwatch-2.1a11-7.9.2.legacy.i386.rpm
fde35cbf18923460869e139a9d4a4b11b1f5b795  libpcap-0.7.2-7.9.2.legacy.i386.rpm
e7ceffa1bf803ed0f39c87ba0d37a97f4966cbc3  tcpdump-3.7.2-7.9.2.legacy.i386.rpm
f4a5ca70c2f1f3ee004df19b9fd82669cee3d5ef  tcpdump-3.7.2-7.9.2.legacy.src.rpm

http://www.infostrategique.com/linuxrpms/legacy/9/arpwatch-2.1a11-7.9.2.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/libpcap-0.7.2-7.9.2.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/tcpdump-3.7.2-7.9.2.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/tcpdump-3.7.2-7.9.2.legacy.src.rpm

Here are packages for 8.0:

f55679028e5f7ce0c2f7898e85cefc0df122777b  arpwatch-2.1a11-17.8.0.6.legacy.i386.rpm
c6f21f58d91aff19f7759af8a64eae18abcc20c2  libpcap-0.6.2-17.8.0.6.legacy.i386.rpm
6c2c16709e9172af493856e07fdabcfa84e22e86  tcpdump-3.6.3-17.8.0.6.legacy.i386.rpm
397f2b324f0f0352910bb1606a2f72830b7e09a4  tcpdump-3.6.3-17.8.0.6.legacy.src.rpm

http://www.infostrategique.com/linuxrpms/legacy/8.0/arpwatch-2.1a11-17.8.0.6.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/8.0/libpcap-0.6.2-17.8.0.6.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/8.0/tcpdump-3.6.3-17.8.0.6.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/8.0/tcpdump-3.6.3-17.8.0.6.legacy.src.rpm


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAtp2ZLMAs/0C4zNoRAkrKAJwItrTkjuVK+eJDX742A9bvcLUWhACbBnDE
rhdym303OV6JOsgMhnKR69Q=
=6jm4
-----END PGP SIGNATURE-----



------- Additional Comments From marcdeslauriers 2004-05-29 15:47:40 ----

I've made 7.3 packages too. As soon as my website comes back up, I'll post them
here.



------- Additional Comments From marcdeslauriers 2004-05-31 16:24:00 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here are packages for 7.3:

248f5fc66612c281c7676e40215aec5b394ca761  arpwatch-2.1a11-17.7.3.5.legacy.i386.rpm
400f5fcfcd0ef2705f71ad0d7c4ecf205567f451  libpcap-0.6.2-17.7.3.5.legacy.i386.rpm
b83bf3acbf6734dc8cf1013770c39f82bf0445ef  tcpdump-3.6.3-17.7.3.5.legacy.i386.rpm
d224edbf3765897bf248ee7b07292604ff25e0f7  tcpdump-3.6.3-17.7.3.5.legacy.src.rpm

http://www.infostrategique.com/linuxrpms/legacy/7.3/arpwatch-2.1a11-17.7.3.5.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/7.3/libpcap-0.6.2-17.7.3.5.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/7.3/tcpdump-3.6.3-17.7.3.5.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/7.3/tcpdump-3.6.3-17.7.3.5.legacy.src.rpm

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAu+izLMAs/0C4zNoRArB/AKCCVZjM9cOUeaZAIpkHWVcN3RmGqACeLX61
B+gy2tvw6aeBExqEpCw9j4k=
=siJO
-----END PGP SIGNATURE-----




------- Additional Comments From marcdeslauriers 2004-06-02 15:06:32 ----

*** Bug 1627 has been marked as a duplicate of this bug. ***



------- Additional Comments From jonny.strom 2004-06-05 03:19:26 ----

I did a QA of the rh 9 pacakges:

SHA1 is ok.
Installs ok.
I did a functionally testing and tcpdump works as expected.

I wote for publish.








------- Additional Comments From marcdeslauriers 2004-06-08 02:09:29 ----

*** Bug 1728 has been marked as a duplicate of this bug. ***



------- Additional Comments From jkeating 2004-06-10 18:47:28 ----

Pushed to updates-testing

  http://download.fedoralegacy.org/redhat/

3c236622c2f0815b257eb6df89470875844ab051
7.3/updates-testing/SRPMS/tcpdump-3.6.3-17.7.3.6.legacy.src.rpm
1d7866f944b95a9350098803c1be9a9439ef9de1
7.3/updates-testing/i386/arpwatch-2.1a11-17.7.3.6.legacy.i386.rpm
827884c667461dcd1624b666d29d83e50e4611cc
7.3/updates-testing/i386/libpcap-0.6.2-17.7.3.6.legacy.i386.rpm
2e77a8344ce68a80fe484fae4e9e371b92dc25c2
7.3/updates-testing/i386/tcpdump-3.6.3-17.7.3.6.legacy.i386.rpm

2a63dfe8422c135d41ec0655d1957b2ac6e348a2
9/updates-testing/SRPMS/tcpdump-3.7.2-7.9.3.legacy.src.rpm
e2e2cd142b0a4a50ab3b66a665d52e35fbe103aa
9/updates-testing/i386/arpwatch-2.1a11-7.9.3.legacy.i386.rpm
3e7aad82c73a3250828b05e1308eb63a43c0d35e
9/updates-testing/i386/libpcap-0.7.2-7.9.3.legacy.i386.rpm
39b28a5fc7bda074426736cfdbc6a2186979daa2
9/updates-testing/i386/tcpdump-3.7.2-7.9.3.legacy.i386.rpm



------- Additional Comments From jpdalbec 2004-07-09 04:47:19 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

++VERIFY RH 7.3

65993a7f1975a0bcf8b25c85aa86e02de5c2ec24  arpwatch-2.1a11-17.7.1.2.i386.rpm
a410c821a4d0f8c8c2ed787cc05a118af73f2bd2  libpcap-0.6.2-11.7.1.0.i386.rpm
d8e3c6b922b7fb055829153c574f498da42023b1  tcpdump-3.6.3-17.7.1.3.i386.rpm

I've installed these packages on 4 production (mostly e-mail) servers.
Tcpdump seems to capture production traffic (POP, IMAP, SMTP, HTTP, NFS)
just fine.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFA7q/QJL4A+ldA7asRAhKLAKCXR2v7qY//2305Ag4HjQ1nd7+srgCgkuVG
2DPxmceTqyOpmHAWe6/eanc=
=MDsW
-----END PGP SIGNATURE-----




------- Additional Comments From simon 2004-09-08 02:22:16 ----

-----BEGIN PGP SIGNED MESSAGE----- 
Hash: SHA1 
 
++VERIFY 
 
1d7866f944b95a9350098803c1be9a9439ef9de1 
7.3/updates-testing/i386/arpwatch-2.1a11-17.7.3.6.legacy.i386.rpm 
827884c667461dcd1624b666d29d83e50e4611cc 
7.3/updates-testing/i386/libpcap-0.6.2-17.7.3.6.legacy.i386.rpm 
2e77a8344ce68a80fe484fae4e9e371b92dc25c2 
7.3/updates-testing/i386/tcpdump-3.6.3-17.7.3.6.legacy.i386.rpm 
 
Packages tested on 7.3 and appear to work fine. 
-----BEGIN PGP SIGNATURE----- 
Version: GnuPG v1.2.4 (GNU/Linux) 
 
iD8DBQFBPvkQMLOCzgCQslsRAjLkAJ402qJktnAcjJEoCXGmayOrQPqAZQCcDKcG 
NGyN2Hz7pFp6FQO4opVpD6Q= 
=C8tm 
-----END PGP SIGNATURE----- 



------- Additional Comments From dom 2004-09-08 13:17:52 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

e2e2cd142b0a4a50ab3b66a665d52e35fbe103aa  i386/arpwatch-2.1a11-7.9.3.legacy.i386
.rpm
39b28a5fc7bda074426736cfdbc6a2186979daa2  i386/tcpdump-3.7.2-7.9.3.legacy.i386.r
pm
3e7aad82c73a3250828b05e1308eb63a43c0d35e  i386/libpcap-0.7.2-7.9.3.legacy.i386.r
pm
2a63dfe8422c135d41ec0655d1957b2ac6e348a2  SRPMS/tcpdump-3.7.2-7.9.3.legacy.src.r
pm

for RH9:
- - installs
- - runs (for lipcap, ethereal runs)
- - builds from source

++VERIFY

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD4DBQFBP5LkYzuFKFF44qURAveTAJY9AO5PK0BoedphlZmIBOJMJh+IAKDHF0I4
CU0KcQ7vXFD0stC5BnCqwA==
=apJZ
-----END PGP SIGNATURE-----




------- Additional Comments From dom 2004-09-08 13:18:48 ----

Grr. Second try.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

e2e2cd142b0a4a50ab3b66a665d52e35fbe103aa  i386/arpwatch-2.1a11-7.9.3.legacy.i386.rpm
39b28a5fc7bda074426736cfdbc6a2186979daa2  i386/tcpdump-3.7.2-7.9.3.legacy.i386.rpm
3e7aad82c73a3250828b05e1308eb63a43c0d35e  i386/libpcap-0.7.2-7.9.3.legacy.i386.rpm
2a63dfe8422c135d41ec0655d1957b2ac6e348a2  SRPMS/tcpdump-3.7.2-7.9.3.legacy.src.rpm

for RH9:
- - installs
- - runs (for lipcap, ethereal runs)
- - builds from source

++VERIFY

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD4DBQFBP5LkYzuFKFF44qURAveTAJY9AO5PK0BoedphlZmIBOJMJh+IAKDHF0I4
CU0KcQ7vXFD0stC5BnCqwA==
=apJZ
-----END PGP SIGNATURE-----




------- Additional Comments From dom 2004-09-27 15:01:27 ----

http://www-astro.physics.ox.ac.uk/~dom/legacy/advisories/1468-tcpdump-draft.txt



------- Bug moved to this database by dkl 2005-03-30 18:24 -------

This bug previously known as bug 1468 at https://bugzilla.fedora.us/
https://bugzilla.fedora.us/show_bug.cgi?id=1468
Originally filed under the Fedora Legacy product and Package request component.

Unknown priority P2. Setting to default priority "normal".
Unknown platform PC. Setting to default platform "All".
Setting qa contact to the default for this product.
   This bug either had no qa contact or an invalid one.
Note You need to log in before you can comment on or make changes to this bug.