1. CVE-Search
  2. CVE-2004-0184
ID CVE-2004-0184
Summary Integer underflow in the isakmp_id_print for TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with an Identification payload with a length that becomes less than 8 during byte order conversion, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite.
References
Vulnerable Configurations
  • cpe:2.3:a:tcpdump:tcpdump:3.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:tcpdump:tcpdump:3.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:tcpdump:tcpdump:3.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:tcpdump:tcpdump:3.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:tcpdump:tcpdump:3.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:tcpdump:tcpdump:3.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:tcpdump:tcpdump:3.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:tcpdump:tcpdump:3.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:tcpdump:tcpdump:3.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:tcpdump:tcpdump:3.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:tcpdump:tcpdump:3.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:tcpdump:tcpdump:3.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:tcpdump:tcpdump:3.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:tcpdump:tcpdump:3.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:tcpdump:tcpdump:3.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:tcpdump:tcpdump:3.8.1:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 15-02-2024 - 21:09)
Impact:
Exploitability:
CWE CWE-191
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
oval via4
  • accepted 2013-04-29T04:20:26.117-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    description Integer underflow in the isakmp_id_print for TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with an Identification payload with a length that becomes less than 8 during byte order conversion, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite.
    family unix
    id oval:org.mitre.oval:def:9581
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Integer underflow in the isakmp_id_print for TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with an Identification payload with a length that becomes less than 8 during byte order conversion, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite.
    version 29
  • accepted 2004-07-12T12:00:00.000-04:00
    class vulnerability
    contributors
    name Jay Beale
    organization Bastille Linux
    description Integer underflow in the isakmp_id_print for TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with an Identification payload with a length that becomes less than 8 during byte order conversion, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite.
    family unix
    id oval:org.mitre.oval:def:976
    status accepted
    submitted 2004-06-10T12:00:00.000-04:00
    title tcpdump Identification Payload in ISAKMP Packets Vulnerability
    version 4
redhat via4
advisories
rhsa
id RHSA-2004:219
rpms
  • libpcap-14:0.7.2-7.E3.2
  • tcpdump-14:3.7.2-7.E3.2
  • tcpdump-debuginfo-14:3.7.2-7.E3.2
refmap via4
bid 10004
bugtraq 20040330 R7-0017: TCPDUMP ISAKMP payload handling denial-of-service vulnerabilities
cert-vn VU#492558
confirm http://www.tcpdump.org/tcpdump-changes.txt
debian DSA-478
fedora FEDORA-2004-1468
misc http://www.rapid7.com/advisories/R7-0017.html
sectrack 1009593
secunia 11258
trustix 2004-0015
xf tcpdump-isakmp-integer-underflow(15679)
Last major update 15-02-2024 - 21:09
Published 04-05-2004 - 04:00
Last modified 15-02-2024 - 21:09
Back to Top