CVE-2004-0057

Current Description

The rawprint function in the ISAKMP decoding routines (print-isakmp.c) for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via malformed ISAKMP packets that cause invalid "len" or "loc" values to be used in a loop, a different vulnerability than CVE-2003-0989.

Referenced by CVEs:CVE-2003-0989

Basic Data

PublishedFebruary 17, 2004
Last ModifiedOctober 19, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score5.0
SeverityMEDIUM
Exploitability Score10.0
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationLblTcpdump********3.8.1

Vulnerable Software List

VendorProductVersions
Lbl Tcpdump *

References

NameSourceURLTags
CSSA-2004-008.0ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2004-008.0.txtCALDERA
SCOSA-2004.9ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.9/SCOSA-2004.9.txtSCO
20040103-01-Uftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.ascSGI
20040202-01-Uftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.ascSGI
APPLE-SA-2004-02-23http://lists.apple.com/archives/security-announce/2004/Feb/msg00000.htmlAPPLE
2004-0004http://lwn.net/Alerts/66445/TRUSTIX
ESA-20040119-002http://lwn.net/Alerts/66805/ENGARDE
20040131 [FLSA-2004:1222] Updated tcpdump resolves security vulnerabilites (resend with correct paths)http://marc.info/?l=bugtraq&m=107577418225627&w=2BUGTRAQ
[tcpdump-workers] multiple vulnerabilities in tcpdump 3.8.1http://marc.info/?l=tcpdump-workers&m=107325073018070&w=2MLIST
10636http://secunia.com/advisories/10636SECUNIA
10639http://secunia.com/advisories/10639SECUNIA
10644http://secunia.com/advisories/10644SECUNIA
10652http://secunia.com/advisories/10652SECUNIA
10668http://secunia.com/advisories/10668SECUNIA
10718http://secunia.com/advisories/10718SECUNIA
11022http://secunia.com/advisories/11022SECUNIA
11032http://secunia.com/advisories/11032/SECUNIA
12179http://secunia.com/advisories/12179/SECUNIA
DSA-425http://www.debian.org/security/2004/dsa-425DEBIANPATCH Vendor Advisory
VU#174086http://www.kb.cert.org/vuls/id/174086CERT-VNUS Government Resource
MDKSA-2004:008http://www.mandriva.com/security/advisories?name=MDKSA-2004:008MANDRAKE
FEDORA-2004-090http://www.redhat.com/archives/fedora-announce-list/2004-March/msg00006.htmlFEDORA
FEDORA-2004-092http://www.redhat.com/archives/fedora-announce-list/2004-March/msg00009.htmlFEDORA
[fedora-announce-list] 20040311 Re: [SECURITY] Fedora Core 1 Update: tcpdump-3.7.2-8.fc1.1http://www.redhat.com/archives/fedora-announce-list/2004-March/msg00015.htmlMLIST
FLSA:1222http://www.redhat.com/archives/fedora-legacy-list/2004-January/msg00726.htmlFEDORA
RHSA-2004:007http://www.redhat.com/support/errata/RHSA-2004-007.htmlREDHATPATCH Vendor Advisory
RHSA-2004:008http://www.redhat.com/support/errata/RHSA-2004-008.htmlREDHAT
20040119 [ESA-20040119-002] 'tcpdump' multiple vulnerabilities.http://www.securityfocus.com/archive/1/350238/30/21640/threadedBUGTRAQ
9423http://www.securityfocus.com/bid/9423BIDPATCH Vendor Advisory
1008716http://www.securitytracker.com/id?1008716SECTRACK
tcpdump-rawprint-isakmp-dos(14837)https://exchange.xforce.ibmcloud.com/vulnerabilities/14837XF
oval:org.mitre.oval:def:11197https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11197OVAL
oval:org.mitre.oval:def:851https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A851OVAL
oval:org.mitre.oval:def:854https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A854OVAL