rhsa-2004_007
Vulnerability from csaf_redhat
Published
2004-01-14 19:43
Modified
2024-11-21 22:55
Summary
Red Hat Security Advisory: : : : Updated tcpdump packages fix various vulnerabilities
Notes
Topic
Updated tcpdump, libpcap, and arpwatch packages fix vulnerabilities in
ISAKMP and RADIUS parsing.
[Updated 15 Jan 2004]
Updated the text description to better describe the vulnerabilities found
by Jonathan Heusser and give them CVE names.
Details
Tcpdump is a command-line tool for monitoring network traffic.
George Bakos discovered flaws in the ISAKMP decoding routines of tcpdump
versions prior to 3.8.1. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2003-0989 to this issue.
Jonathan Heusser discovered an additional flaw in the ISAKMP decoding
routines for tcpdump 3.8.1 and earlier. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0057 to
this issue.
Jonathan Heusser discovered a flaw in the print_attr_string function in the
RADIUS decoding routines for tcpdump 3.8.1 and earlier. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0055 to this issue.
Remote attackers could potentially exploit these issues by sending
carefully-crafted packets to a victim. If the victim uses tcpdump, these
pakets could result in a denial of service, or possibly execute arbitrary
code as the 'pcap' user.
Users of tcpdump are advised to upgrade to these erratum packages, which
contain backported security patches and are not vulnerable to these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated tcpdump, libpcap, and arpwatch packages fix vulnerabilities in\nISAKMP and RADIUS parsing. \n\n[Updated 15 Jan 2004]\nUpdated the text description to better describe the vulnerabilities found\nby Jonathan Heusser and give them CVE names.",
"title": "Topic"
},
{
"category": "general",
"text": "Tcpdump is a command-line tool for monitoring network traffic. \n\nGeorge Bakos discovered flaws in the ISAKMP decoding routines of tcpdump\nversions prior to 3.8.1. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2003-0989 to this issue.\n\nJonathan Heusser discovered an additional flaw in the ISAKMP decoding\nroutines for tcpdump 3.8.1 and earlier. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CAN-2004-0057 to\nthis issue.\n\nJonathan Heusser discovered a flaw in the print_attr_string function in the\nRADIUS decoding routines for tcpdump 3.8.1 and earlier. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCAN-2004-0055 to this issue.\n\nRemote attackers could potentially exploit these issues by sending\ncarefully-crafted packets to a victim. If the victim uses tcpdump, these\npakets could result in a denial of service, or possibly execute arbitrary\ncode as the \u0027pcap\u0027 user.\n\nUsers of tcpdump are advised to upgrade to these erratum packages, which\ncontain backported security patches and are not vulnerable to these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2004:007",
"url": "https://access.redhat.com/errata/RHSA-2004:007"
},
{
"category": "external",
"summary": "http://marc.theaimsgroup.com/?l=tcpdump-workrs\u0026m=107325073018070",
"url": "http://marc.theaimsgroup.com/?l=tcpdump-workrs\u0026m=107325073018070"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2004/rhsa-2004_007.json"
}
],
"title": "Red Hat Security Advisory: : : : Updated tcpdump packages fix various vulnerabilities",
"tracking": {
"current_release_date": "2024-11-21T22:55:26+00:00",
"generator": {
"date": "2024-11-21T22:55:26+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2004:007",
"initial_release_date": "2004-01-14T19:43:00+00:00",
"revision_history": [
{
"date": "2004-01-14T19:43:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2004-01-07T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-21T22:55:26+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Linux 9",
"product": {
"name": "Red Hat Linux 9",
"product_id": "Red Hat Linux 9",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:linux:9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Linux"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2003-0989",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1617118"
}
],
"notes": [
{
"category": "description",
"text": "tcpdump before 3.8.1 allows remote attackers to cause a denial of service (infinite loop) via certain ISAKMP packets, a different vulnerability than CVE-2004-0057.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Linux 9"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2003-0989"
},
{
"category": "external",
"summary": "RHBZ#1617118",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617118"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2003-0989",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-0989"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0989",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0989"
}
],
"release_date": "2004-01-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2004-01-14T19:43:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nPlease note that this update is available via Red Hat Network. To use Red\nHat Network, launch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Linux 9"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2004:007"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2004-0055",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1617135"
}
],
"notes": [
{
"category": "description",
"text": "The print_attr_string function in print-radius.c for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a RADIUS attribute with a large length value.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Linux 9"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2004-0055"
},
{
"category": "external",
"summary": "RHBZ#1617135",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617135"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2004-0055",
"url": "https://www.cve.org/CVERecord?id=CVE-2004-0055"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0055",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0055"
}
],
"release_date": "2004-01-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2004-01-14T19:43:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nPlease note that this update is available via Red Hat Network. To use Red\nHat Network, launch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Linux 9"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2004:007"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2004-0057",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1617136"
}
],
"notes": [
{
"category": "description",
"text": "The rawprint function in the ISAKMP decoding routines (print-isakmp.c) for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via malformed ISAKMP packets that cause invalid \"len\" or \"loc\" values to be used in a loop, a different vulnerability than CVE-2003-0989.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat Linux 9"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2004-0057"
},
{
"category": "external",
"summary": "RHBZ#1617136",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617136"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2004-0057",
"url": "https://www.cve.org/CVERecord?id=CVE-2004-0057"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0057",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0057"
}
],
"release_date": "2004-01-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2004-01-14T19:43:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nPlease note that this update is available via Red Hat Network. To use Red\nHat Network, launch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"Red Hat Linux 9"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2004:007"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.