CVE-2003-1029

tcpdump <= 3.8.1 - Denial of Service via L2TP Protocol Parser

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-1029. PoCs published by Przemyslaw Frasunek.

AI-analyzed exploit summary This exploit demonstrates a denial of service vulnerability in tcpdump by sending a maliciously crafted UDP packet containing specific bytes (0xff,0x02) to port 1701. The provided Perl one-liner and example packet data can trigger the vulnerability in tcpdump versions 3.7 and prior.

Description

The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a packet with invalid data to UDP port 1701, which causes l2tp_avp_print to use a bad length value when calling print_octets.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Przemyslaw Frasunek · textdoslinux

https://www.exploit-db.com/exploits/23452

View Code ZIP pw:eip

This exploit demonstrates a denial of service vulnerability in tcpdump by sending a maliciously crafted UDP packet containing specific bytes (0xff,0x02) to port 1701. The provided Perl one-liner and example packet data can trigger the vulnerability in tcpdump versions 3.7 and prior.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: tcpdump 3.7 and prior

No auth needed

Prerequisites: Network access to the target system · tcpdump running on the target system

MITRE ATT&CK