ID CVE-2004-0055
Summary The print_attr_string function in print-radius.c for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a RADIUS attribute with a large length value.
References
Vulnerable Configurations
  • cpe:2.3:a:lbl:tcpdump:3.5.2
    cpe:2.3:a:lbl:tcpdump:3.5.2
  • cpe:2.3:a:lbl:tcpdump:3.6.2
    cpe:2.3:a:lbl:tcpdump:3.6.2
  • cpe:2.3:a:lbl:tcpdump:3.7
    cpe:2.3:a:lbl:tcpdump:3.7
  • cpe:2.3:a:lbl:tcpdump:3.7.1
    cpe:2.3:a:lbl:tcpdump:3.7.1
CVSS
Base: 5.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2004-008.NASL
    description A number of vulnerabilities were discovered in tcpdump versions prior to 3.8.1 that, if fed a maliciously crafted packet, could be exploited to crash tcpdump or potentially execute arbitrary code with the privileges of the user running tcpdump. These vulnerabilities include : An infinite loop and memory consumption processing L2TP packets (CVE-2003-1029). Infinite loops in processing ISAKMP packets (CVE-2003-0989, CVE-2004-0057). A segmentation fault caused by a RADIUS attribute with a large length value (CVE-2004-0055). The updated packages are patched to correct these problem.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 14108
    published 2004-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14108
    title Mandrake Linux Security Advisory : tcpdump (MDKSA-2004:008)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-425.NASL
    description Multiple vulnerabilities were discovered in tcpdump, a tool for inspecting network traffic. If a vulnerable version of tcpdump attempted to examine a maliciously constructed packet, a number of buffer overflows could be exploited to crash tcpdump, or potentially execute arbitrary code with the privileges of the tcpdump process. - CAN-2003-1029 - infinite loop and memory consumption in processing L2TP packets - CAN-2003-0989, CAN-2004-0057 - infinite loops in processing ISAKMP packets - CAN-2004-0055 - segmentation fault caused by a RADIUS attribute with a large length value
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 15262
    published 2004-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15262
    title Debian DSA-425-1 : tcpdump - multiple vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2004-092.NASL
    description Updated tcpdump, libpcap, and arpwatch packages fix vulnerabilities in ISAKMP and RADIUS parsing. Tcpdump is a command-line tool for monitoring network traffic. George Bakos discovered flaws in the ISAKMP decoding routines of tcpdump versions prior to 3.8.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0989 to this issue. Jonathan Heusser discovered an additional flaw in the ISAKMP decoding routines for tcpdump 3.8.1 and earlier. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0057 to this issue. Jonathan Heusser discovered a flaw in the print_attr_string function in the RADIUS decoding routines for tcpdump 3.8.1 and earlier. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0055 to this issue. Remote attackers could potentially exploit these issues by sending carefully-crafted packets to a victim. If the victim uses tcpdump, these pakets could result in a denial of service, or possibly execute arbitrary code as the 'pcap' user. Users of tcpdump are advised to upgrade to these erratum packages, which contain backported security patches and are not vulnerable to these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 13683
    published 2004-07-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=13683
    title Fedora Core 1 : tcpdump-3.7.2-8.fc1.1 (2004-092)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2004-090.NASL
    description Updated tcpdump, libpcap, and arpwatch packages fix vulnerabilities in ISAKMP and RADIUS parsing. Tcpdump is a command-line tool for monitoring network traffic. George Bakos discovered flaws in the ISAKMP decoding routines of tcpdump versions prior to 3.8.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0989 to this issue. Jonathan Heusser discovered an additional flaw in the ISAKMP decoding routines for tcpdump 3.8.1 and earlier. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0057 to this issue. Jonathan Heusser discovered a flaw in the print_attr_string function in the RADIUS decoding routines for tcpdump 3.8.1 and earlier. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0055 to this issue. Remote attackers could potentially exploit these issues by sending carefully-crafted packets to a victim. If the victim uses tcpdump, these pakets could result in a denial of service, or possibly execute arbitrary code as the 'pcap' user. Users of tcpdump are advised to upgrade to these erratum packages, which contain backported security patches and are not vulnerable to these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 13682
    published 2004-07-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=13682
    title Fedora Core 1 : tcpdump-3.7.2-7.fc1.1 (2004-090)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2004-008.NASL
    description Updated tcpdump, libpcap, and arpwatch packages fix vulnerabilities in ISAKMP and RADIUS parsing. [Updated 15 Jan 2004] Updated the text description to better describe the vulnerabilities found by Jonathan Heusser and give them CVE names. Tcpdump is a command-line tool for monitoring network traffic. George Bakos discovered flaws in the ISAKMP decoding routines of tcpdump versions prior to 3.8.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0989 to this issue. Jonathan Heusser discovered an additional flaw in the ISAKMP decoding routines for tcpdump 3.8.1 and earlier. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0057 to this issue. Jonathan Heusser discovered a flaw in the print_attr_string function in the RADIUS decoding routines for tcpdump 3.8.1 and earlier. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0055 to this issue. Remote attackers could potentially exploit these issues by sending carefully-crafted packets to a victim. If the victim uses tcpdump, these pakets could result in a denial of service, or possibly execute arbitrary code as the 'pcap' user. Users of tcpdump are advised to upgrade to these erratum packages, which contain backported security patches and are not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 12448
    published 2004-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=12448
    title RHEL 2.1 / 3 : tcpdump (RHSA-2004:008)
oval via4
  • accepted 2007-04-25T19:53:00.525-04:00
    class vulnerability
    contributors
    • name Jay Beale
      organization Bastille Linux
    • name Thomas R. Jones
      organization Maitreya Security
    description The print_attr_string function in print-radius.c for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a RADIUS attribute with a large length value.
    family unix
    id oval:org.mitre.oval:def:850
    status accepted
    submitted 2004-03-20T12:00:00.000-04:00
    title Red Hat tcpdump Denial of Service via print_attr_string Function
    version 34
  • accepted 2007-04-25T19:53:01.098-04:00
    class vulnerability
    contributors
    • name Jay Beale
      organization Bastille Linux
    • name Thomas R. Jones
      organization Maitreya Security
    description The print_attr_string function in print-radius.c for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a RADIUS attribute with a large length value.
    family unix
    id oval:org.mitre.oval:def:853
    status accepted
    submitted 2004-03-20T12:00:00.000-04:00
    title Red Hat Enterprise 3 tcpdump Denial of Service via print_attr_string Function
    version 34
  • accepted 2013-04-29T04:23:56.229-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    description The print_attr_string function in print-radius.c for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a RADIUS attribute with a large length value.
    family unix
    id oval:org.mitre.oval:def:9989
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title The print_attr_string function in print-radius.c for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a RADIUS attribute with a large length value.
    version 23
redhat via4
advisories
rhsa
id RHSA-2004:008
refmap via4
apple APPLE-SA-2004-02-23
bid 7090
bugtraq 20040131 [FLSA-2004:1222] Updated tcpdump resolves security vulnerabilites (resend with correct paths)
caldera CSSA-2004-008.0
cert-vn VU#955526
conectiva CLSA-2003:832
debian DSA-425
fedora
  • FEDORA-2004-090
  • FEDORA-2004-092
  • FLSA:1222
mandrake MDKSA-2004:008
mlist
  • [fedora-announce-list] 20040311 Re: [SECURITY] Fedora Core 1 Update: tcpdump-3.7.2-8.fc1.1
  • [tcpdump-workers] multiple vulnerabilities in tcpdump 3.8.1
sco SCOSA-2004.9
sectrack 1008735
secunia
  • 10636
  • 10639
  • 10644
  • 10652
  • 10718
  • 11022
  • 11032
  • 12179
sgi
  • 20040103-01-U
  • 20040202-01-U
trustix 2004-0004
Last major update 17-10-2016 - 22:40
Published 17-02-2004 - 00:00
Last modified 10-10-2017 - 21:29
Back to Top