SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Generic)  >   Tcpdump Vendors:   Tcpdump.org
(SCO Issues Fix for UnixWare) Tcpdump Can Be Crashed By a Remote User Sending a Malicious ISAKMP Packet
SecurityTracker Alert ID:  1010805
SecurityTracker URL:  http://securitytracker.com/id/1010805
CVE Reference:   CAN-2003-0989, CAN-2004-0057   (Links to External Site)
Date:  Jul 29 2004
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3.8.1 and prior versions
Description:   Several vulnerabilities were reported in tcpdump in the processing of ISAKMP packets. A remote user can cause tcmpdump to crash or to enter an infinite loop.

It is reported that the rawprint() function in print-isakmp.c fails to validate its input arguments [CVE: CAN-2004-0057]. A remote user can send a specially crafted ISAKMP packet to cause the tcpdump process to crash. Red Hat credits Jonathan Heusser with discovering this flaw. Version 3.8.1 and prior versions are affected.

It is also reported that versions prior to 3.8.1 contain flaws that allow a remote user to force tcpdump to enter an infinite loop [CVE: CAN-2003-0989]. According to Red Hat, George Bakos discovered these flaws.
Impact:   A remote user can cause the tcpdump process to crash or to enter an endless loop.
Solution:   SCO has issued a fix for UnixWare 7.1.3, available at:

ftp://ftp.sco.com/pub/unixware7/713/uw713up/

4e9ca2c8b0ea102ceb56a7061fd2a8e1 uw713up4CDimage.iso
0ba3e06b8b9b2a1c77b9c9f90740f0db uw713up4scoxCDimage.iso
ecc8c95d093352fbdb353fefa2a7f01d uw714CD3image.iso
1273f2719d5629e30c90f6ac890d8be2 uw714udkCDimage.iso
c7a7d80de62ca1ef05dd0531f31c773b scox-wss.iso

md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
Vendor URL:  cvs.tcpdump.org/cgi-bin/cvsweb/tcpdump/print-isakmp.c (Links to External Site)
Cause:   Boundary error, Input validation error, State error
Underlying OS:   UNIX (Open UNIX-SCO)

Message History:   This archive entry is a follow-up to the message listed below.
Jan 14 2004 Tcpdump Can Be Crashed By a Remote User Sending a Malicious ISAKMP Packet


 Source Message Contents
Date:  Wed, 28 Jul 2004 13:55:25 -0700 (PDT)
Subject:  UnixWare 7.1.3up : tcpdump several vulnerabilities in tcpdump.



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


______________________________________________________________________________

			SCO Security Advisory

Subject:		UnixWare 7.1.3up : tcpdump several vulnerabilities in tcpdump.
Advisory number: 	SCOSA-2004.9
Issue date: 		2004 July 28
Cross reference:	sr889195 fz528784 erg712544 
			CAN-2004-0055 CAN-2004-0057 CAN-2003-0989
			CERT Vulnerability Note VU#955526
			CERT Vulnerability Note VU#174086
			CERT Vulnerability Note VU#738518
______________________________________________________________________________


1. Problem Description

	tcpdump is a widely-used network sniffer. 

	The issues with tcpdump are present only on UnixWare 7.1.3up and 
	not on previous versions of UnixWare 7.1.3 or earlier including
	Open Unix 8.0.0, because the version of tcpdump UnixWare 7.1.3 
	and before is 3.4a5 and it doesn't contain these issues.

	Remote  attackers  could  potentially  exploit  these 
	vulnerabilities by sending carefully-crafted network packets 
	to a victim. If the victim is running tcpdump, these packets 	
	could result in a denial of service, or possibly execute 
	arbitrary code. 

	Jonathan Heusser discovered a flaw in the print_attr_string 
	function in the RADIUS decoding routines for tcpdump 3.8.1 
	and earlier. The CERT Coordination Center has assigned the 
	following  Vulnerability  Note  VU#955526.   The  Common 
	Vulnerabilities and Exposures project (cve.mitre.org) has 
	assigned the following name CAN-2004-0055 to this issue. 

	Jonathan Heusser discovered an additional flaw in the ISAKMP 
	decoding routines for tcpdump 3.8.1 and earlier. The CERT 
	Coordination Center has assigned the following Vulnerability 
	Note VU#174086.  The Common Vulnerabilities and Exposures 
	project (cve.mitre.org) has assigned the following name 
	CAN-2004-0057 to this issue.

	George Bakos discovered flaws in the ISAKMP decoding routines
	of tcpdump versions prior to 3.8.1. The CERT Coordination
	Center has assigned the following Vulnerability Note
	VU#738518. The Common Vulnerabilities and Exposures project
	(cve.mitre.org) has assigned the following name CAN-2003-0989
	to this issue. 

2. Vulnerable Supported Versions

	System				Binaries
	----------------------------------------------------------------------
	UnixWare 7.1.3up		/usr/sbin/tcpdump	

3. Solution

	The proper solution is to install the latest packages.


4. UnixWare 7.1.3up

	4.1 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/unixware7/713/uw713up/

	4.2 Verification

	4e9ca2c8b0ea102ceb56a7061fd2a8e1  uw713up4CDimage.iso
	0ba3e06b8b9b2a1c77b9c9f90740f0db  uw713up4scoxCDimage.iso
	ecc8c95d093352fbdb353fefa2a7f01d  uw714CD3image.iso
	1273f2719d5629e30c90f6ac890d8be2  uw714udkCDimage.iso
	c7a7d80de62ca1ef05dd0531f31c773b  scox-wss.iso

	md5 is available for download from
		ftp://ftp.sco.com/pub/security/tools

	4.3 Installing Fixed Binaries

	Please refer to the release notes for installation instructions
	that are located in the same directory as the fixed binaries.

	relnotes-up4.html
	relnotes-up4.txt
	relnotes-up4.pdf

	relnotes-scox-wss.txt
	relnotes-scox-wss.html

	relnotes-udk.txt
	relnotes-udk.html

5. References

	Specific references for this advisory:
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0055 
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0989 
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0057
		http://www.kb.cert.org/vuls/id/174086
		http://www.kb.cert.org/vuls/id/738518
		http://www.kb.cert.org/vuls/id/955526

	SCO security resources:
		http://www.sco.com/support/security/index.html
	SCO security advisories via email
		http://www.sco.com/support/forums/security.html

	This security fix closes SCO incidents sr889195 fz528784
	erg712544.


6. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this web site and/or through our security
	advisories. Our advisories are a service to our customers
	intended to promote secure installation and use of SCO
	products.

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (SCO/UNIX_SVR5)

iD8DBQFBCBFnaqoBO7ipriERAlrEAJ0bcfYHrVxRo/6afuhyWmHpJmbx+wCgkvio
jGTwdQn9Sw5fyrf7BC/7e2g=
=2Spz
-----END PGP SIGNATURE-----


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2012, SecurityGlobal.net LLC