Tcpdump ISAKMP Identification payload Integer underflow Exploit

http://www.k-otik.com/exploits/04.05.tcpdu...-id-uflow.c.php

* tcpdump packet sniffer
* Integer underflow in ISAKMP Identification payload
* denial of service vulnerability
* proof of concept code
* version 1.0 (Apr 02 2004)
* CVE-ID: CAN-2004-0184
*
* by Remi Denis-Courmont < exploit at simphalampin dot com >
* www simphalempin com dev
* Remi Denis-Courmont is not responsible for the misuse of the
* source code provided hereafter.
*
* This vulnerability was found by:
* Rapid7, LLC Security Advisory - www rapid7 com
* whose original advisory may be fetched from:
* www rapid7 com advisories R7-0017 html
*
* Vulnerable:
* - tcpdump 3.8.1
*
* Not vulnerable:
* - tcpdump 3.8.3
*
* NOTES:
* The vulnerability cannot be exploited to cause a denial of service
* with the Debian's tcpdump packages as it was partly fixed as part of
* the fix for earlier known CAN-2003-0108 vulnerability, though the bug
* is still present. That may be the case for other vendors which were
* not investigated.
*
* tcpdump must be run with a verbosity level of at least 3:
* # tcpdump -vvv
* Otherwise, no denial of service will occur.
*/

DOS Exploit..... Not something I am after at this stage

this is not a remote exploit it's only a DoS (Denial of Service) who crashes the service
but thanx for this maybe shellcode soon

It's not believed that arbitrary code execution is possible, though most things are possible in theory. Don't get your hopes up - due to the nature of this vulnerability, code execution won't be feasible.


-Shaun.