The print_attr_string function in print-radius.c for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a RADIUS attribute with a large length value.

Multiple vulnerabilities were discovered in tcpdump, a tool for inspecting network traffic. If a vulnerable version of tcpdump attempted to examine a maliciously constructed packet, a number of buffer overflows could be exploited to crash tcpdump, or potentially execute arbitrary code with the privileges of the tcpdump process.

  - CAN-2003-1029 - infinite loop and memory consumption in     processing L2TP packets
  - CAN-2003-0989, CAN-2004-0057 - infinite loops in     processing ISAKMP packets

  - CAN-2004-0055 - segmentation fault caused by a RADIUS     attribute with a large length value

A number of vulnerabilities were discovered in tcpdump versions prior to 3.8.1 that, if fed a maliciously crafted packet, could be exploited to crash tcpdump or potentially execute arbitrary code with the privileges of the user running tcpdump. These vulnerabilities include :

An infinite loop and memory consumption processing L2TP packets (CVE-2003-1029).

Infinite loops in processing ISAKMP packets (CVE-2003-0989, CVE-2004-0057).

A segmentation fault caused by a RADIUS attribute with a large length value (CVE-2004-0055).

The updated packages are patched to correct these problem.

Updated tcpdump, libpcap, and arpwatch packages fix vulnerabilities in ISAKMP and RADIUS parsing.

Tcpdump is a command-line tool for monitoring network traffic.

George Bakos discovered flaws in the ISAKMP decoding routines of tcpdump versions prior to 3.8.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0989 to this issue.

Jonathan Heusser discovered an additional flaw in the ISAKMP decoding routines for tcpdump 3.8.1 and earlier. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0057 to this issue.

Jonathan Heusser discovered a flaw in the print_attr_string function in the RADIUS decoding routines for tcpdump 3.8.1 and earlier. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0055 to this issue.

Remote attackers could potentially exploit these issues by sending carefully-crafted packets to a victim. If the victim uses tcpdump, these pakets could result in a denial of service, or possibly execute arbitrary code as the 'pcap' user.

Users of tcpdump are advised to upgrade to these erratum packages, which contain backported security patches and are not vulnerable to these issues.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Updated tcpdump, libpcap, and arpwatch packages fix vulnerabilities in ISAKMP and RADIUS parsing.

[Updated 15 Jan 2004] Updated the text description to better describe the vulnerabilities found by Jonathan Heusser and give them CVE names.

Tcpdump is a command-line tool for monitoring network traffic.

George Bakos discovered flaws in the ISAKMP decoding routines of tcpdump versions prior to 3.8.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0989 to this issue.

Jonathan Heusser discovered an additional flaw in the ISAKMP decoding routines for tcpdump 3.8.1 and earlier. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0057 to this issue.

Jonathan Heusser discovered a flaw in the print_attr_string function in the RADIUS decoding routines for tcpdump 3.8.1 and earlier. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0055 to this issue.

Remote attackers could potentially exploit these issues by sending carefully-crafted packets to a victim. If the victim uses tcpdump, these pakets could result in a denial of service, or possibly execute arbitrary code as the 'pcap' user.

Users of tcpdump are advised to upgrade to these erratum packages, which contain backported security patches and are not vulnerable to these issues.

ID	Name	Product	Family	Severity
15262	Debian DSA-425-1 : tcpdump - multiple vulnerabilities	Nessus	Debian Local Security Checks	high
14108	Mandrake Linux Security Advisory : tcpdump (MDKSA-2004:008)	Nessus	Mandriva Local Security Checks	high
13683	Fedora Core 1 : tcpdump-3.7.2-8.fc1.1 (2004-092)	Nessus	Fedora Local Security Checks	high
13682	Fedora Core 1 : tcpdump-3.7.2-7.fc1.1 (2004-090)	Nessus	Fedora Local Security Checks	high
12448	RHEL 2.1 / 3 : tcpdump (RHSA-2004:008)	Nessus	Red Hat Local Security Checks	high

Detections

Analytics

CVE-2004-0055

high

Tenable Plugins

high

high

high

high

high