CVE-2005-1278

tcpdump < 3.9.1 - Denial of Service via Zero-Length GRE Packet

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-1278. PoCs published by vade79.

AI-analyzed exploit summary This exploit triggers a denial-of-service (DoS) in tcpdump versions 3.8.x and 3.9.1 by sending a malformed GRE packet with crafted ISIS data, causing an infinite loop in the isis_print() function. The payload manipulates the TLV_ISNEIGH_VARLEN field with a zero length to exploit the vulnerability.

Description

The isis_print function, as called by isoclns_print, in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a zero length, as demonstrated using a GRE packet.

Exploits (1)

exploitdb WORKING POC VERIFIED

by vade79 · cdoslinux

https://www.exploit-db.com/exploits/959

View Code ZIP pw:eip

This exploit triggers a denial-of-service (DoS) in tcpdump versions 3.8.x and 3.9.1 by sending a malformed GRE packet with crafted ISIS data, causing an infinite loop in the isis_print() function. The payload manipulates the TLV_ISNEIGH_VARLEN field with a zero length to exploit the vulnerability.

Classification

Working Poc 100%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: tcpdump 3.8.x, 3.9.1

No auth needed

Prerequisites: Network access to the target running tcpdump · Ability to send raw packets

MITRE ATT&CK