CVE-2017-5205 Redhat CVE debrief

Who should care

Security teams and administrators running tcpdump before 4.9.0, especially on systems covered by the NVD CPEs for Debian 8/9 and Red Hat Enterprise Linux 7 variants. Any environment using tcpdump to inspect untrusted network traffic should prioritize this issue.

Technical summary

The vulnerable path is the ISAKMP/IKEv2 rendering logic in print-isakmp.c:ikev2_e_print(). NVD identifies the weakness as CWE-119 (buffer overflow). Because the issue is reachable through network packets and requires no privileges or user interaction, a crafted packet stream can corrupt memory during parsing. The supplied corpus does not add exploit details beyond the overflow condition, so the safest conclusion is that this is a high-impact parser memory-corruption flaw in tcpdump builds prior to 4.9.0.

Defensive priority

Immediate. This is a critical, network-reachable parser bug with no authentication or user interaction required, so vulnerable tcpdump installs should be patched or replaced as soon as possible.

Recommended defensive actions

• Upgrade tcpdump to version 4.9.0 or later.
• Apply the relevant vendor updates referenced in the NVD record, including Debian DSA-3775, Red Hat RHSA-2017:1871, and Gentoo GLSA 201702-30 where applicable.
• Inventory systems that ship or embed tcpdump so older packaged builds are not missed.
• Reduce exposure to untrusted packet captures on systems that cannot be patched immediately.
• Verify that downstream packages and appliances bundling tcpdump have incorporated the fixed version.

Evidence notes

The NVD record states: "The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print()." The NVD metadata also lists tcpdump < 4.9.0 as vulnerable and includes Debian 8/9 and Red Hat Enterprise Linux 7 CPE entries. References in the record include Debian DSA-3775, Red Hat RHSA-2017:1871, Gentoo GLSA 201702-30, SecurityFocus BID 95852, SecurityTracker 1037755, and a Debian bug mailing list thread.

Official resources