[MBT] new ticket for pkg tcpdump "Multiple security advisories (DoS)"

Wed Jan 28 17:10:46 CET 2004

Date: 2004-01-28 17:10:45+01	Author:  (kreutzm) <kreutzm at itp.uni-hannover.de> 
Title:         Multiple security advisories (DoS)
Ticket ID:     #822
Ticket URL:    http://bugs.pld-linux.org/?bug=822
Package:       tcpdump-1:3.7.1-2
Distribution:  PLD-1.0.updates.general
Category:      unknown
Current state: opened
Text:

First CAN 2003-0989
tcpdump before 3.8.1 allows remote attackers to cause a denial of service (infinite loop) via certain ISAKMP packets, a different vulnerability than CAN-2004-0057.

Secondly CAN-2004-0057:
The rawprint function in the ISAKMP decoding routines (print-isakmp.c) for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via malformed ISAKMP packets that cause invalid "len" or "loc" values to be used in a loop, a different vulnerability than CAN-2003-0989.

P.S. Our version is 3.7.2-1