Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0183

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-0183
Last Modified 21 Aug 2010 12:19:42
Published 04 May 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0183

Summary

TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via ISAKMP packets containing a Delete payload with a large number of SPI's, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite.

Vulnerable Systems

Application

  • Lbl Tcpdump 3.8.1


References

CERT-VN - VU#240790

DEBIAN - DSA-478

FEDORA - FEDORA-2004-1468

XF - tcpdump-isakmp-delete-bo(15680)

CONFIRM - http://www.tcpdump.org/tcpdump-changes.txt

BID - 10003

REDHAT - RHSA-2004:219

MISC - http://www.rapid7.com/advisories/R7-0017.html

SECTRACK - 1009593

SECUNIA - 11258

TRUSTIX - 2004-0015

SECUNIA - 11320

BUGTRAQ - 20040330 R7-0017: TCPDUMP ISAKMP payload handling denial-of-service vulnerabilities


Last Updated: 27 May 2016 10:38:30