CVE-2017-5205
published 2017-01-28CVE-2017-5205: The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print().
PriorityP342critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
3.50%
87.6th percentile
The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print().
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | macos_sierra_10.12.4_security_update_2017-001_el_capitan_and_security_update_201 | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | tcpdump | < tcpdump 4.9.0-1 (bookworm) | tcpdump 4.9.0-1 (bookworm) |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_server_eus | — | — |
| redhat | enterprise_linux_server_eus | — | — |
| redhat | enterprise_linux_server_eus | — | — |
| redhat | enterprise_linux_server_tus | — | — |
| redhat | enterprise_linux_workstation | — | — |
| tcpdump | tcpdump | < 4.9.0 | 4.9.0 |
| tcpdump | tcpdump | >= 0 < 4.9.0-1 | 4.9.0-1 |
| tcpdump | tcpdump | >= 0 < 4.9.0-1 | 4.9.0-1 |
| tcpdump | tcpdump | >= 0 < 4.9.0-1 | 4.9.0-1 |
| tcpdump | tcpdump | >= 0 < 4.9.0-1 | 4.9.0-1 |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Apple
CVE-2017-5205: macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite
vendor_apple·2017-03-27·CVSS 9.8
CVE-2017-5205 [CRITICAL] CVE-2017-5205: macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite
Apple Security Update: About the security content of macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite
Product: macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite
CVE: CVE-2017-5205
Component: CVE-2017-5205
Ubuntu
tcpdump vulnerabilities
vendor_ubuntu·2017-02-21
CVE-2016-7922 tcpdump vulnerabilities
Title: tcpdump vulnerabilities
Summary: tcpdump could be made to crash or run programs if it received specially
crafted network traffic.
It was discovered that tcpdump incorrectly handled certain packets. A
remote attacker could use this issue to cause tcpdump to crash, resulting
in a denial of service, or possibly execute arbitrary code.
In the default installation, attackers would be isolated by the tcpdump
AppArmor profile.
Instructions: This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.
Red Hat
tcpdump: multiple overflow issues in protocol decoding
vendor_redhat·2017-02-02·CVSS 9.8
CVE-2017-5205 [CRITICAL] CWE-125 tcpdump: multiple overflow issues in protocol decoding
tcpdump: multiple overflow issues in protocol decoding
The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print().
Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (without -w) which could cause it to display incorrect data, crash or enter an infinite loop.
Statement: Red Hat Product Security has rated these issues as having Moderate security impact. These issues may be fixed in a future minor release of Red Hat Enterprise Linux 7. For additional information, refer to the Issue Severity Classification: https://access.redh
Debian
CVE-2017-5205: tcpdump - The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp....
vendor_debian·2017·CVSS 9.8
CVE-2017-5205 [CRITICAL] CVE-2017-5205: tcpdump - The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp....
The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print().
Scope: local
bookworm: resolved (fixed in 4.9.0-1)
bullseye: resolved (fixed in 4.9.0-1)
forky: resolved (fixed in 4.9.0-1)
sid: resolved (fixed in 4.9.0-1)
trixie: resolved (fixed in 4.9.0-1)
GHSA
GHSA-wfp3-2mpx-mqj4: The ISAKMP parser in tcpdump before 4
ghsa_unreviewed·2022-05-14
CVE-2017-5205 [CRITICAL] CWE-119 GHSA-wfp3-2mpx-mqj4: The ISAKMP parser in tcpdump before 4
The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print().
OSV
CVE-2017-5205: The ISAKMP parser in tcpdump before 4
osv·2017-01-28·CVSS 9.8
CVE-2017-5205 [CRITICAL] CVE-2017-5205: The ISAKMP parser in tcpdump before 4
The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print().
No detection rules found.
No public exploits indexed.
Bugzilla
tcpdump: multiple overflow issues in protocol decoding
bugzilla·2017-02-03·CVSS 9.8
[CRITICAL] tcpdump: multiple overflow issues in protocol decoding
tcpdump: multiple overflow issues in protocol decoding
Multiple buffer overflows, and one integer overflow, in protocol decoding were found that may cause incorrect decoding, segmentation fault or (in the case of integer overflow) an infinite loop. These issues can be be exploited either locally, by making the target user decode a crafted .pcap file using tcpdump, or remotely by sending crafted packets to the network segment where the target system is running tcpdump decoding the live packet capture. Ability to send crafted packets to the target network segment is limited by the protocols' ability to cross network segments, or presence of firewall rules.
Upstream changelog:
http://www.tcpdump.org/tcpdump-changes.txt
Discussion:
Acknowledgments:
Name: the Tcpdump project
---
Created
Bugzilla
tcpdump: various flaws [fedora-all]
bugzilla·2017-02-03·CVSS 9.8
[CRITICAL] tcpdump: various flaws [fedora-all]
tcpdump: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has be
http://www.debian.org/security/2017/dsa-3775http://www.securityfocus.com/bid/95852http://www.securitytracker.com/id/1037755https://access.redhat.com/errata/RHSA-2017:1871https://security.gentoo.org/glsa/201702-30https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.htmlhttp://www.debian.org/security/2017/dsa-3775http://www.securityfocus.com/bid/95852http://www.securitytracker.com/id/1037755https://access.redhat.com/errata/RHSA-2017:1871https://security.gentoo.org/glsa/201702-30https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html
2017-01-28
Published