ID CVE-2004-0057
Summary The rawprint function in the ISAKMP decoding routines (print-isakmp.c) for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via malformed ISAKMP packets that cause invalid "len" or "loc" values to be used in a loop, a different vulnerability than CVE-2003-0989.
References
Vulnerable Configurations
  • cpe:2.3:a:lbl:tcpdump:3.8.1
    cpe:2.3:a:lbl:tcpdump:3.8.1
CVSS
Base: 5.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_TCPDUMP_381_351.NASL
    description The following package needs to be updated: tcpdump
    last seen 2016-09-26
    modified 2004-07-06
    plugin id 12619
    published 2004-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=12619
    title FreeBSD : L2TP, ISAKMP, and RADIUS parsing vulnerabilities in tcpdump (192)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2004-008.NASL
    description A number of vulnerabilities were discovered in tcpdump versions prior to 3.8.1 that, if fed a maliciously crafted packet, could be exploited to crash tcpdump or potentially execute arbitrary code with the privileges of the user running tcpdump. These vulnerabilities include : An infinite loop and memory consumption processing L2TP packets (CVE-2003-1029). Infinite loops in processing ISAKMP packets (CVE-2003-0989, CVE-2004-0057). A segmentation fault caused by a RADIUS attribute with a large length value (CVE-2004-0055). The updated packages are patched to correct these problem.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 14108
    published 2004-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14108
    title Mandrake Linux Security Advisory : tcpdump (MDKSA-2004:008)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-425.NASL
    description Multiple vulnerabilities were discovered in tcpdump, a tool for inspecting network traffic. If a vulnerable version of tcpdump attempted to examine a maliciously constructed packet, a number of buffer overflows could be exploited to crash tcpdump, or potentially execute arbitrary code with the privileges of the tcpdump process. - CAN-2003-1029 - infinite loop and memory consumption in processing L2TP packets - CAN-2003-0989, CAN-2004-0057 - infinite loops in processing ISAKMP packets - CAN-2004-0055 - segmentation fault caused by a RADIUS attribute with a large length value
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 15262
    published 2004-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15262
    title Debian DSA-425-1 : tcpdump - multiple vulnerabilities
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_96BA2DAE4AB011D896F20020ED76EF5A.NASL
    description Jonathan Heusser discovered vulnerabilities in tcpdump's L2TP, ISAKMP, and RADIUS protocol handlers. These vulnerabilities may be used by an attacker to crash a running `tcpdump' process.
    last seen 2019-02-21
    modified 2018-11-21
    plugin id 37028
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37028
    title FreeBSD : L2TP, ISAKMP, and RADIUS parsing vulnerabilities in tcpdump (96ba2dae-4ab0-11d8-96f2-0020ed76ef5a)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2004-092.NASL
    description Updated tcpdump, libpcap, and arpwatch packages fix vulnerabilities in ISAKMP and RADIUS parsing. Tcpdump is a command-line tool for monitoring network traffic. George Bakos discovered flaws in the ISAKMP decoding routines of tcpdump versions prior to 3.8.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0989 to this issue. Jonathan Heusser discovered an additional flaw in the ISAKMP decoding routines for tcpdump 3.8.1 and earlier. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0057 to this issue. Jonathan Heusser discovered a flaw in the print_attr_string function in the RADIUS decoding routines for tcpdump 3.8.1 and earlier. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0055 to this issue. Remote attackers could potentially exploit these issues by sending carefully-crafted packets to a victim. If the victim uses tcpdump, these pakets could result in a denial of service, or possibly execute arbitrary code as the 'pcap' user. Users of tcpdump are advised to upgrade to these erratum packages, which contain backported security patches and are not vulnerable to these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 13683
    published 2004-07-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=13683
    title Fedora Core 1 : tcpdump-3.7.2-8.fc1.1 (2004-092)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2004-090.NASL
    description Updated tcpdump, libpcap, and arpwatch packages fix vulnerabilities in ISAKMP and RADIUS parsing. Tcpdump is a command-line tool for monitoring network traffic. George Bakos discovered flaws in the ISAKMP decoding routines of tcpdump versions prior to 3.8.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0989 to this issue. Jonathan Heusser discovered an additional flaw in the ISAKMP decoding routines for tcpdump 3.8.1 and earlier. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0057 to this issue. Jonathan Heusser discovered a flaw in the print_attr_string function in the RADIUS decoding routines for tcpdump 3.8.1 and earlier. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0055 to this issue. Remote attackers could potentially exploit these issues by sending carefully-crafted packets to a victim. If the victim uses tcpdump, these pakets could result in a denial of service, or possibly execute arbitrary code as the 'pcap' user. Users of tcpdump are advised to upgrade to these erratum packages, which contain backported security patches and are not vulnerable to these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 13682
    published 2004-07-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=13682
    title Fedora Core 1 : tcpdump-3.7.2-7.fc1.1 (2004-090)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2004-008.NASL
    description Updated tcpdump, libpcap, and arpwatch packages fix vulnerabilities in ISAKMP and RADIUS parsing. [Updated 15 Jan 2004] Updated the text description to better describe the vulnerabilities found by Jonathan Heusser and give them CVE names. Tcpdump is a command-line tool for monitoring network traffic. George Bakos discovered flaws in the ISAKMP decoding routines of tcpdump versions prior to 3.8.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0989 to this issue. Jonathan Heusser discovered an additional flaw in the ISAKMP decoding routines for tcpdump 3.8.1 and earlier. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0057 to this issue. Jonathan Heusser discovered a flaw in the print_attr_string function in the RADIUS decoding routines for tcpdump 3.8.1 and earlier. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0055 to this issue. Remote attackers could potentially exploit these issues by sending carefully-crafted packets to a victim. If the victim uses tcpdump, these pakets could result in a denial of service, or possibly execute arbitrary code as the 'pcap' user. Users of tcpdump are advised to upgrade to these erratum packages, which contain backported security patches and are not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 12448
    published 2004-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=12448
    title RHEL 2.1 / 3 : tcpdump (RHSA-2004:008)
oval via4
  • accepted 2013-04-29T04:12:15.847-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    description The rawprint function in the ISAKMP decoding routines (print-isakmp.c) for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via malformed ISAKMP packets that cause invalid "len" or "loc" values to be used in a loop, a different vulnerability than CVE-2003-0989.
    family unix
    id oval:org.mitre.oval:def:11197
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title The rawprint function in the ISAKMP decoding routines (print-isakmp.c) for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via malformed ISAKMP packets that cause invalid "len" or "loc" values to be used in a loop, a different vulnerability than CVE-2003-0989.
    version 23
  • accepted 2007-04-25T19:53:00.715-04:00
    class vulnerability
    contributors
    • name Jay Beale
      organization Bastille Linux
    • name Thomas R. Jones
      organization Maitreya Security
    description The rawprint function in the ISAKMP decoding routines (print-isakmp.c) for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via malformed ISAKMP packets that cause invalid "len" or "loc" values to be used in a loop, a different vulnerability than CVE-2003-0989.
    family unix
    id oval:org.mitre.oval:def:851
    status accepted
    submitted 2004-03-20T12:00:00.000-04:00
    title Red Hat tcpdump Denial of Service via ISAKMP Packets II
    version 34
  • accepted 2007-04-25T19:53:01.298-04:00
    class vulnerability
    contributors
    • name Jay Beale
      organization Bastille Linux
    • name Matt Busby
      organization The MITRE Corporation
    • name Thomas R. Jones
      organization Maitreya Security
    description The rawprint function in the ISAKMP decoding routines (print-isakmp.c) for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via malformed ISAKMP packets that cause invalid "len" or "loc" values to be used in a loop, a different vulnerability than CVE-2003-0989.
    family unix
    id oval:org.mitre.oval:def:854
    status accepted
    submitted 2004-03-20T12:00:00.000-04:00
    title RHE3 tcpdump DoS via ISAKMP Packets II
    version 35
redhat via4
advisories
  • rhsa
    id RHSA-2004:007
  • rhsa
    id RHSA-2004:008
refmap via4
apple APPLE-SA-2004-02-23
bid 9423
bugtraq
  • 20040119 [ESA-20040119-002] 'tcpdump' multiple vulnerabilities.
  • 20040131 [FLSA-2004:1222] Updated tcpdump resolves security vulnerabilites (resend with correct paths)
caldera CSSA-2004-008.0
cert-vn VU#174086
debian DSA-425
engarde ESA-20040119-002
fedora
  • FEDORA-2004-090
  • FEDORA-2004-092
  • FLSA:1222
mandrake MDKSA-2004:008
mlist
  • [fedora-announce-list] 20040311 Re: [SECURITY] Fedora Core 1 Update: tcpdump-3.7.2-8.fc1.1
  • [tcpdump-workers] multiple vulnerabilities in tcpdump 3.8.1
sco SCOSA-2004.9
sectrack 1008716
secunia
  • 10636
  • 10639
  • 10644
  • 10652
  • 10668
  • 10718
  • 11022
  • 11032
  • 12179
sgi
  • 20040103-01-U
  • 20040202-01-U
trustix 2004-0004
xf tcpdump-rawprint-isakmp-dos(14837)
Last major update 17-10-2016 - 22:40
Published 17-02-2004 - 00:00
Last modified 19-10-2018 - 11:29
Back to Top