tcpdump RSVP Decoding Routines Denial Of Service Vulnerability

Bugtraq ID:	13390
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2005-1280
Remote:	Yes
Local:	No
Published:	Apr 26 2005 12:00AM
Updated:	Jun 23 2009 07:19PM
Credit:	Discovery of this issue is credited to Vade 79 <[email protected]>.
Vulnerable:	Turbolinux Turbolinux Server 10.0 Turbolinux Appliance Server 1.0 Workgroup Edition Turbolinux Appliance Server 1.0 Hosting Edition Trustix Secure Linux 2.2 Trustix Secure Linux 2.1 Trustix Secure Enterprise Linux 2.0 SuSE SUSE Linux Enterprise Server 8 + Linux kernel 2.4.21 + Linux kernel 2.4.19 SuSE Linux Enterprise Server 9 SuSE Linux Desktop 1.0 SGI ProPack 3.0 SCO Unixware 7.1.4 SCO Unixware 7.1.3 up SCO Unixware 7.1.3 SCO Open Server 6.0 S.u.S.E. SuSE Linux School Server for i386 S.u.S.E. SUSE LINUX Retail Solution 8.0 S.u.S.E. SuSE Linux Openexchange Server 4.0 S.u.S.E. Open-Enterprise-Server 9.0 S.u.S.E. Novell Linux Desktop 9.0 S.u.S.E. Linux Professional 9.3 x86_64 S.u.S.E. Linux Professional 9.3 S.u.S.E. Linux Professional 9.2 x86_64 S.u.S.E. Linux Professional 9.2 S.u.S.E. Linux Professional 9.1 x86_64 S.u.S.E. Linux Professional 9.1 S.u.S.E. Linux Professional 9.0 x86_64 S.u.S.E. Linux Professional 9.0 S.u.S.E. Linux Professional 8.2 S.u.S.E. Linux Personal 9.3 x86_64 S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 8.2 Redhat Linux 9.0 i386 Redhat Fedora Core3 Redhat Fedora Core2 Redhat Fedora Core1 Redhat Enterprise Linux WS 4 Redhat Enterprise Linux ES 4 Redhat Enterprise Linux AS 4 Redhat Desktop 4.0 NetBSD NetBSD Current NetBSD NetBSD 4.0 Mandriva Linux Mandrake 10.2 x86_64 Mandriva Linux Mandrake 10.2 Mandriva Linux Mandrake 10.1 x86_64 Mandriva Linux Mandrake 10.1 Mandriva Linux Mandrake 10.0 AMD64 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 LBL tcpdump 3.9.1 LBL tcpdump 3.9 LBL tcpdump 3.8.3 + Debian Linux 3.1 sparc + Debian Linux 3.1 s/390 + Debian Linux 3.1 ppc + Debian Linux 3.1 mipsel + Debian Linux 3.1 mips + Debian Linux 3.1 m68k + Debian Linux 3.1 ia-64 + Debian Linux 3.1 ia-32 + Debian Linux 3.1 hppa + Debian Linux 3.1 arm + Debian Linux 3.1 amd64 + Debian Linux 3.1 alpha + Debian Linux 3.1 + Turbolinux Appliance Server 1.0 Workgroup Edition + Turbolinux Appliance Server 1.0 Hosting Edition + Turbolinux Appliance Server Hosting Edition 1.0 + Turbolinux Appliance Server Workgroup Edition 1.0 + Turbolinux Home + Turbolinux Turbolinux 10 F... + Turbolinux Turbolinux Desktop 10.0 + Turbolinux Turbolinux Server 8.0 + Turbolinux Turbolinux Server 7.0 + Turbolinux Turbolinux Workstation 8.0 + Turbolinux Turbolinux Workstation 7.0 + Ubuntu Ubuntu Linux 5.0 4 powerpc + Ubuntu Ubuntu Linux 5.0 4 i386 + Ubuntu Ubuntu Linux 5.0 4 amd64 + Ubuntu Ubuntu Linux 4.1 ppc + Ubuntu Ubuntu Linux 4.1 ia64 + Ubuntu Ubuntu Linux 4.1 ia32 LBL tcpdump 3.8.2 LBL tcpdump 3.8.1 + Mandriva Linux Mandrake 10.0 LBL tcpdump 3.7.2 + MandrakeSoft Corporate Server 2.1 x86_64 + MandrakeSoft Corporate Server 2.1 + MandrakeSoft Multi Network Firewall 2.0 + Mandriva Linux Mandrake 9.2 amd64 + Mandriva Linux Mandrake 9.2 + Mandriva Linux Mandrake 9.1 ppc + Mandriva Linux Mandrake 9.1 + Turbolinux Turbolinux Advanced Server 6.0 + Turbolinux Turbolinux Desktop 10.0 + Turbolinux Turbolinux Server 8.0 + Turbolinux Turbolinux Server 7.0 + Turbolinux Turbolinux Server 6.5 + Turbolinux Turbolinux Server 6.1 + Turbolinux Turbolinux Workstation 8.0 + Turbolinux Turbolinux Workstation 7.0 + Turbolinux Turbolinux Workstation 6.1 + Turbolinux Turbolinux Workstation 6.0 LBL tcpdump 3.7.1 + FreeBSD FreeBSD 4.7 -RELEASE + FreeBSD FreeBSD 4.7 + Gentoo Linux 1.4 _rc2 + Gentoo Linux 1.4 _rc1 + SuSE Linux 8.1 LBL tcpdump 3.7 + FreeBSD FreeBSD 4.6 -RELEASE + FreeBSD FreeBSD 4.6 + FreeBSD FreeBSD 4.5 -STABLE + FreeBSD FreeBSD 4.5 -RELEASE + FreeBSD FreeBSD 4.5 + FreeBSD FreeBSD 4.4 -STABLE + FreeBSD FreeBSD 4.4 -RELENG + FreeBSD FreeBSD 4.4 + FreeBSD FreeBSD 4.3 -STABLE + FreeBSD FreeBSD 4.3 -RELENG + FreeBSD FreeBSD 4.3 -RELEASE + FreeBSD FreeBSD 4.3 + FreeBSD FreeBSD 4.2 -STABLE + FreeBSD FreeBSD 4.2 -RELEASE + FreeBSD FreeBSD 4.2 LBL tcpdump 3.6.3 LBL tcpdump 3.6.2 + Caldera OpenLinux Server 3.1.1 + Caldera OpenLinux Server 3.1 + Caldera OpenLinux Workstation 3.1.1 + Caldera OpenLinux Workstation 3.1 + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 alpha + Debian Linux 3.0 + FreeBSD FreeBSD 4.3 + FreeBSD FreeBSD 4.2 + FreeBSD FreeBSD 4.1.1 + FreeBSD FreeBSD 4.1 + FreeBSD FreeBSD 4.0 + HP Secure OS software for Linux 1.0 + MandrakeSoft Corporate Server 1.0.1 + MandrakeSoft Single Network Firewall 7.2 + Mandriva Linux Mandrake 8.2 + Mandriva Linux Mandrake 8.1 + Mandriva Linux Mandrake 8.0 + Mandriva Linux Mandrake 7.2 + Mandriva Linux Mandrake 7.1 + Redhat Linux 7.2 ia64 + Redhat Linux 7.2 i386 + Redhat Linux 7.1 ia64 + Redhat Linux 7.1 i386 + Redhat Linux 7.1 alpha + Redhat Linux 7.0 i386 + Redhat Linux 7.0 alpha + Redhat Linux 6.2 sparc + Redhat Linux 6.2 i386 + Redhat Linux 6.2 alpha + SuSE Linux 8.0 + Trustix Secure Linux 1.5 + Trustix Secure Linux 1.2 + Trustix Secure Linux 1.1 LBL tcpdump 3.5.2 LBL tcpdump 3.5 alpha LBL tcpdump 3.5 LBL tcpdump 3.4 a6 + Debian Linux 2.2 sparc + Debian Linux 2.2 powerpc + Debian Linux 2.2 IA-32 + Debian Linux 2.2 arm + Debian Linux 2.2 alpha + Debian Linux 2.2 68k + Debian Linux 2.2 + S.u.S.E. Firewall Adminhost VPN + S.u.S.E. Linux Admin-CD for Firewall + S.u.S.E. Linux Connectivity Server + S.u.S.E. Linux Database Server 0 + S.u.S.E. Linux Enterprise Server for S/390 + S.u.S.E. Linux Live-CD for Firewall + S.u.S.E. SuSE eMail Server III + SuSE Linux 7.2 + SuSE Linux 7.1 + SuSE Linux 7.0 + SuSE Linux 6.4 + SuSE SUSE Linux Enterprise Server 7 LBL tcpdump 3.4 + Redhat Linux 7.1 ia64 + Redhat Linux 7.1 i386 + Redhat Linux 7.1 alpha + Redhat Linux 7.0 i386 + Redhat Linux 7.0 alpha + Redhat Linux 6.2 sparc + Redhat Linux 6.2 i386 + Redhat Linux 6.2 alpha IPCop IPCop 1.4.5 IPCop IPCop 1.4.4 IPCop IPCop 1.4.2 IPCop IPCop 1.4.1 Gentoo Linux FreeBSD FreeBSD 5.4 -RELENG FreeBSD FreeBSD 5.4 -RELEASE FreeBSD FreeBSD 5.4 -PRERELEASE FreeBSD FreeBSD 5.3 -STABLE FreeBSD FreeBSD 5.3 -RELENG FreeBSD FreeBSD 5.3 -RELEASE FreeBSD FreeBSD 5.3 FreeBSD FreeBSD 5.2.1 -RELEASE FreeBSD FreeBSD 5.2 -RELENG FreeBSD FreeBSD 5.2 -RELEASE FreeBSD FreeBSD 5.2 FreeBSD FreeBSD 5.1 -RELENG FreeBSD FreeBSD 5.1 -RELEASE/Alpha FreeBSD FreeBSD 5.1 -RELEASE-p5 FreeBSD FreeBSD 5.1 -RELEASE FreeBSD FreeBSD 5.1 FreeBSD FreeBSD 5.0 -RELENG FreeBSD FreeBSD 5.0 -RELEASE-p14 FreeBSD FreeBSD 5.0 alpha FreeBSD FreeBSD 5.0 F5 BIG-IP 4.6.5 F5 BIG-IP 4.6.3 F5 BIG-IP 4.6.2 F5 BIG-IP 4.6 F5 BIG-IP 4.5.12 F5 BIG-IP 4.5.11 F5 BIG-IP 4.5.10 F5 BIG-IP 4.5.9 F5 BIG-IP 4.5.6 F5 BIG-IP 4.5 F5 BIG-IP 4.4 F5 BIG-IP 4.3 F5 BIG-IP 4.2 F5 BIG-IP 4.0 F5 3-DNS 4.6.3 F5 3-DNS 4.6.2 F5 3-DNS 4.6 F5 3-DNS 4.5.12 F5 3-DNS 4.5.11 F5 3-DNS 4.5 F5 3-DNS 4.4 F5 3-DNS 4.3 F5 3-DNS 4.2 Avaya S8710 R2.0.1 Avaya S8710 R2.0.0 Avaya S8700 R2.0.1 Avaya S8700 R2.0.0 Avaya S8500 R2.0.1 Avaya S8500 R2.0.0 Avaya S8300 R2.0.1 Avaya S8300 R2.0.0 Avaya Modular Messaging (MSS) 2.0 Avaya Modular Messaging (MSS) 1.1 Avaya MN100 Avaya Intuity LX Avaya Converged Communications Server 2.0
Not Vulnerable:	F5 BIG-IP 4.7 F5 BIG-IP 4.5.13 F5 3-DNS 4.7 F5 3-DNS 4.5.13

tcpdump RSVP Decoding Routines Denial Of Service Vulnerability

The 'tcpdump' utility is prone to a vulnerability that may allow a remote attacker to cause a denial-of-service condition in the software. The issue occurs because of the way tcpdump decodes Resource ReSerVation Protocol (RSVP) packets. A remote attacker may send malformed RSVP packets to cause the software to enter an infinite loop and hang.

This issue affects tcpdump 3.9.x/CVS and earlier.

tcpdump RSVP Decoding Routines Denial Of Service Vulnerability

The following exploits are available:

• /data/vulnerabilities/exploits/xtcpdump-ldp-dos.c
• /data/vulnerabilities/exploits/xtcpdump+ethr-rsvp-dos.c

tcpdump RSVP Decoding Routines Denial Of Service Vulnerability

Solution:
Fixes are available. Please see the references for details.


Turbolinux Appliance Server 1.0 Workgroup Edition

• Turbolinux tcpdump-3.8.3-5.i586.rpm
  Turbolinux Appliance Server 1.0 Workgroup Edition
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/

IPCop IPCop 1.4.1

• IPCop IPCop 1.4.6
  http://ipcop.org/modules.php?op=modload&name=Downloads&file=index&req= viewdownload&cid=3&orderby=dateD

IPCop IPCop 1.4.4

• IPCop IPCop 1.4.6
  http://ipcop.org/modules.php?op=modload&name=Downloads&file=index&req= viewdownload&cid=3&orderby=dateD

Mandriva Linux Mandrake 10.0 AMD64

• Mandriva tcpdump-3.8.1-1.2.100mdk.amd64.rpm
  Mandrakelinux 10.0/AMD64:
  http://www.mandriva.com/en/download


• Mandriva tcpdump-3.8.1-1.2.100mdk.src.rpm
  Mandrakelinux 10.0/AMD64:
  http://www.mandriva.com/en/download

Turbolinux Turbolinux Server 10.0

• Turbolinux tcpdump-3.8.3-5.i586.rpm
  Turbolinux 10 Server
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/up dates/RPMS/tcpdump-3.8.3-5.i586.rpm

Mandriva Linux Mandrake 10.1 x86_64

• Mandriva tcpdump-3.8.3-2.1.101mdk.x86_64.rpm
  Mandrakelinux 10.1/X86_64:
  http://www.mandriva.com/en/download

Mandriva Linux Mandrake 10.1

• Mandriva tcpdump-3.8.3-2.1.101mdk.i586.rpm
  Mandrakelinux 10.1:
  http://www.mandriva.com/en/download


• Mandriva tcpdump-3.8.3-2.1.101mdk.src.rpm
  Mandrakelinux 10.1:
  http://www.mandriva.com/en/download

MandrakeSoft Corporate Server 3.0

• Mandriva tcpdump-3.8.1-1.2.C30mdk.i586.rpm
  Corporate 3.0:
  http://www.mandriva.com/en/download


• Mandriva tcpdump-3.8.1-1.2.C30mdk.src.rpm
  Corporate 3.0:
  http://www.mandriva.com/en/download

LBL tcpdump 3.7.2

• RedHat arpwatch-2.1a11-7.9.4.legacy.i386.rpm
  Red Hat Linux 9:
  http://download.fedoralegacy.org/redhat/9/updates/i386/arpwatch-2.1a11 -7.9.4.legacy.i386.rpm


• RedHat arpwatch-2.1a11-8.fc1.3.legacy.i386.rpm
  Fedora Core 1:
  http://download.fedoralegacy.org/fedora/1/updates/i386/arpwatch-2.1a11 -8.fc1.3.legacy.i386.rpm


• RedHat tcpdump-3.7.2-7.9.4.legacy.i386.rpm
  Fedora Core 2:
  http://download.fedoralegacy.org/redhat/9/updates/i386/tcpdump-3.7.2-7 .9.4.legacy.i386.rpm


• RedHat tcpdump-3.7.2-8.fc1.3.legacy.i386.rpm
  Fedora Core 1:
  http://download.fedoralegacy.org/fedora/1/updates/i386/tcpdump-3.7.2-8 .fc1.3.legacy.i386.rpm

LBL tcpdump 3.8.2

• Fedora arpwatch-2.1a13-8.FC3.i386.rpm
  RedHat Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• Fedora arpwatch-2.1a13-8.FC3.x86_64.rpm
  RedHat Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• Fedora libpcap-0.8.3-8.FC3.i386.rpm
  RedHat Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• Fedora libpcap-0.8.3-8.FC3.x86_64.rpm
  RedHat Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• Fedora tcpdump-3.8.2-8.FC3.i386.rpm
  RedHat Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• Fedora tcpdump-3.8.2-8.FC3.x86_64.rpm
  RedHat Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• Fedora tcpdump-debuginfo-3.8.2-8.FC3.i386.rpm
  RedHat Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• Fedora tcpdump-debuginfo-3.8.2-8.FC3.x86_64.rpm
  RedHat Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• RedHat arpwatch-2.1a13-6.FC2.3.legacy.i386.rpm
  Fedora Core 2:
  http://download.fedoralegacy.org/fedora/2/updates/i386/arpwatch-2.1a13 -6.FC2.3.legacy.i386.rpm


• RedHat tcpdump-3.8.2-6.FC2.3.legacy.i386.rpm
  Fedora Core 2:
  http://download.fedoralegacy.org/fedora/2/updates/i386/tcpdump-3.8.2-6 .FC2.3.legacy.i386.rpm

LBL tcpdump 3.8.3

• Ubuntu tcpdump_3.8.3-3ubuntu0.1_amd64.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.8.3-3u buntu0.1_amd64.deb


• Ubuntu tcpdump_3.8.3-3ubuntu0.1_i386.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.8.3-3u buntu0.1_i386.deb


• Ubuntu tcpdump_3.8.3-3ubuntu0.1_powerpc.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.8.3-3u buntu0.1_powerpc.deb


• Ubuntu tcpdump_3.8.3-3ubuntu0.2_amd64.deb
  Ubuntu 5.04 (Hoary Hedgehog)
  http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.8.3-3u buntu0.2_amd64.deb


• Ubuntu tcpdump_3.8.3-3ubuntu0.2_i386.deb
  Ubuntu 5.04 (Hoary Hedgehog)
  http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.8.3-3u buntu0.2_i386.deb


• Ubuntu tcpdump_3.8.3-3ubuntu0.2_powerpc.deb
  Ubuntu 5.04 (Hoary Hedgehog)
  http://security.ubuntu.com/ubuntu/pool/main/t/tcpdump/tcpdump_3.8.3-3u buntu0.2_powerpc.deb

FreeBSD FreeBSD 5.3

• FreeBSD tcpdump.patch
  ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:10/tcpdump.patch

FreeBSD FreeBSD 5.3 -STABLE

• FreeBSD tcpdump.patch
  ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:10/tcpdump.patch

FreeBSD FreeBSD 5.4 -RELENG

• FreeBSD tcpdump.patch
  ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:10/tcpdump.patch

SCO Open Server 6.0

• SCO VOL.000.000 for SCOSA-2005.61
  ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.61

SCO Unixware 7.1.4

• SCO p532314.image
  ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.60

tcpdump RSVP Decoding Routines Denial Of Service Vulnerability

References:

• ASA-2005-137 - tcpdump (Avaya)
  
• IPCop 1.4.6 released (IPCop)
  
• RHSA-2005:417-05 - tcpdump security update (RedHat)
  
• Solution ID: SOL4809 (F5 Software)
  
• tcpdump/libpcap Homepage (LBL)
  
• tcpdump(/ethereal)[]: (RSVP) rsvp_print() infinite loop DOS. (Vade 79 )
  
• tcpdump[v3.8.x/v3.9.1]: ISIS, BGP, and LDP infinite loop DOS exploits. (Vade 79 )