CERTA-2004-AVI-106

Vulnerability from certfr_avis - Published: - Updated:

Deux failles dans l'affichage des paquets ISAKMP (Internet Security Association and Key Management Protocol) ont été identifiées.

Description

A l'aide de paquets ISAKMP habilement constitués, un utilisateur mal intentionné peut provoquer un déni de service (arrêt brutal) de l'application tcpdump si celle-ci est employée avec l'option -v (visualisation des protocoles).

Solution

La version 3.8.3 de tcpdump corrige cette vulnérabilité. Installer cette version à partir des sources ou appliquer le correctif fournit par l'éditeur :

  • Sources de tcpdump :
    http://tcpdump.org

tcpdump versions 3.8.1 et antérieures.

Impacted products
Vendor Product Description
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003etcpdump versions 3.8.1 et ant\u00e9rieures.\u003c/p\u003e",
  "content": "## Description\n\nA l\u0027aide de paquets ISAKMP habilement constitu\u00e9s, un utilisateur mal\nintentionn\u00e9 peut provoquer un d\u00e9ni de service (arr\u00eat brutal) de\nl\u0027application tcpdump si celle-ci est employ\u00e9e avec l\u0027option -v\n(visualisation des protocoles).\n\n## Solution\n\nLa version 3.8.3 de tcpdump corrige cette vuln\u00e9rabilit\u00e9. Installer cette\nversion \u00e0 partir des sources ou appliquer le correctif fournit par\nl\u0027\u00e9diteur :\n\n-   Sources de tcpdump :\n\n        http://tcpdump.org\n",
  "cves": [],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2004:219 du 26 mai 2004 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2004-219.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA 478 du 06 avril 2004 :",
      "url": "http://www.debian.org/security/2004/dsa-478"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA 200404-03 du 31 mars 2004    :",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200404-03.xml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple du 07 septembre 2004 :",
      "url": "http://docs.info.apple.com/article.html?artnum=61798"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 FreeBSD du 31 mars 2004 :",
      "url": "http://www.vuxml.org/freebsd/"
    },
    {
      "title": "Annonce de la sortie de tcpdump 3.8.3 :",
      "url": "http://tcpdump.org/tcpdump-changes.txt"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandrake MDKSA-2004:030 du 14 avril    2004 :",
      "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:030"
    }
  ],
  "reference": "CERTA-2004-AVI-106",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2004-03-31T00:00:00.000000"
    },
    {
      "description": "ajout du bulletin de s\u00e9curit\u00e9 Gentoo.",
      "revision_date": "2004-04-07T00:00:00.000000"
    },
    {
      "description": "ajout du bulletin de s\u00e9curit\u00e9 Mandrake.",
      "revision_date": "2004-04-15T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 FreeBSD.",
      "revision_date": "2004-05-12T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 RedHat.",
      "revision_date": "2004-06-09T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 Apple.",
      "revision_date": "2004-09-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": "Deux failles dans l\u0027affichage des paquets ISAKMP (Internet Security\nAssociation and Key Management Protocol) ont \u00e9t\u00e9 identifi\u00e9es.\n",
  "title": "Vuln\u00e9rabilit\u00e9s de tcpdump",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 R7-0017 de Rapid7",
      "url": "http://www.rapid7.com/advisories/R7-0017.html"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.