Executive Summary
| Summary | |
|---|---|
| Title | New tcpdump packages fix denial of service |
| Informations | |||
|---|---|---|---|
| Name | DSA-478 | First vendor Publication | 2004-04-06 |
| Vendor | Debian | Last vendor Modification | 2004-04-06 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 5 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| tcpdump, a tool for network monitoring and data acquisition, was found to contain two vulnerabilities whereby tcpdump could be caused to crash through attempts to read from invalid memory locations. This bug is triggered by certain invalid ISAKMP packets. For the current stable distribution (woody) these problems have been fixed in version 3.6.2-2.8. For the unstable distribution (sid), these problems have been fixed in version 3.7.2-4. We recommend that you update your tcpdump package. |
Original Source
| Url : http://www.debian.org/security/2004/dsa-478 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 67 % | CWE-125 | Out-of-bounds Read |
| 33 % | CWE-191 | Integer Underflow (Wrap or Wraparound) |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:9581 | |||
| Oval ID: | oval:org.mitre.oval:def:9581 | ||
| Title: | Integer underflow in the isakmp_id_print for TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with an Identification payload with a length that becomes less than 8 during byte order conversion, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite. | ||
| Description: | Integer underflow in the isakmp_id_print for TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with an Identification payload with a length that becomes less than 8 during byte order conversion, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2004-0184 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:972 | |||
| Oval ID: | oval:org.mitre.oval:def:972 | ||
| Title: | tcpdump Delete Payload in ISAKMP Packets Vulnerability | ||
| Description: | TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via ISAKMP packets containing a Delete payload with a large number of SPI's, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2004-0183 | Version: | 1 |
| Platform(s): | Red Hat Enterprise Linux 3 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:976 | |||
| Oval ID: | oval:org.mitre.oval:def:976 | ||
| Title: | tcpdump Identification Payload in ISAKMP Packets Vulnerability | ||
| Description: | Integer underflow in the isakmp_id_print for TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with an Identification payload with a length that becomes less than 8 during byte order conversion, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2004-0184 | Version: | 1 |
| Platform(s): | Red Hat Enterprise Linux 3 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9971 | |||
| Oval ID: | oval:org.mitre.oval:def:9971 | ||
| Title: | TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via ISAKMP packets containing a Delete payload with a large number of SPI's, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite. | ||
| Description: | TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via ISAKMP packets containing a Delete payload with a large number of SPI's, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2004-0183 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 |
ExploitDB Exploits
| id | Description |
|---|---|
| 2004-04-05 | tcpdump ISAKMP Identification payload Integer Overflow Exploit |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-09-04 | Name : FreeBSD Ports: tcpdump File : nvt/freebsd_tcpdump.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 478-1 (tcpdump) File : nvt/deb_478_1.nasl |
| 0000-00-00 | Name : Slackware Advisory SSA:2004-108-01 tcpdump denial of service File : nvt/esoft_slk_ssa_2004_108_01.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 4751 | tcpdump ISAKMP Delete Payload DoS |
| 4750 | tcpdump ISAKMP Identification Payload DoS |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2016-05-03 | TCPDUMP ISAKMP payload handling denial of service attempt RuleID : 38365 - Revision : 2 - Type : SERVER-OTHER |
| 2014-01-10 | ISAKMP invalid identification payload attempt RuleID : 2486-community - Revision : 14 - Type : SERVER-OTHER |
| 2014-01-10 | ISAKMP invalid identification payload attempt RuleID : 2486 - Revision : 14 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2005-07-13 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2004-108-01.nasl - Type : ACT_GATHER_INFO |
| 2005-07-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_f8551668de094d7b9720f1360929df07.nasl - Type : ACT_GATHER_INFO |
| 2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-478.nasl - Type : ACT_GATHER_INFO |
| 2004-09-08 | Name : The remote host is missing a Mac OS X update that fixes a security issue. File : macosx_SecUpd20040907.nasl - Type : ACT_GATHER_INFO |
| 2004-07-31 | Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2004-030.nasl - Type : ACT_GATHER_INFO |
| 2004-07-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2004-219.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:33:13 |
|
