CVE-2004-0055 - The print_attr_string function in print-radius.c for tcpdump 3.8.1 and earlier allows remote attacke

CVE-2004-0055

Summary

The print_attr_string function in print-radius.c for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a RADIUS attribute with a large length value.

References

Vulnerable Configurations

cpe:2.3:a:lbl:tcpdump:3.5.2:*:*:*:*:*:*:*
cpe:2.3:a:lbl:tcpdump:3.5.2:*:*:*:*:*:*:*
cpe:2.3:a:lbl:tcpdump:3.6.2:*:*:*:*:*:*:*
cpe:2.3:a:lbl:tcpdump:3.6.2:*:*:*:*:*:*:*
cpe:2.3:a:lbl:tcpdump:3.7:*:*:*:*:*:*:*
cpe:2.3:a:lbl:tcpdump:3.7:*:*:*:*:*:*:*
cpe:2.3:a:lbl:tcpdump:3.7.1:*:*:*:*:*:*:*
cpe:2.3:a:lbl:tcpdump:3.7.1:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 11-10-2017 - 01:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

oval via4

accepted

2007-04-25T19:53:00.525-04:00

class

vulnerability

contributors

name Jay Beale
organization Bastille Linux
name Thomas R. Jones
organization Maitreya Security

description

family

unix

oval:org.mitre.oval:def:850

status

accepted

submitted

2004-03-20T12:00:00.000-04:00

title

Red Hat tcpdump Denial of Service via print_attr_string Function

version

accepted

2007-04-25T19:53:01.098-04:00

class

vulnerability

contributors

name Jay Beale
organization Bastille Linux
name Thomas R. Jones
organization Maitreya Security

description

family

unix

oval:org.mitre.oval:def:853

status

accepted

submitted

2004-03-20T12:00:00.000-04:00

title

Red Hat Enterprise 3 tcpdump Denial of Service via print_attr_string Function

version

accepted

2013-04-29T04:23:56.229-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 3
oval oval:org.mitre.oval:def:11782
comment CentOS Linux 3.x
oval oval:org.mitre.oval:def:16651

description

family

unix

oval:org.mitre.oval:def:9989

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

redhat via4

advisories

rhsa

id	RHSA-2004:008

rpms

arpwatch-14:2.1a11-12.2.1AS.5
libpcap-14:0.6.2-12.2.1AS.5
libpcap-14:0.7.2-7.E3.1
tcpdump-14:3.6.2-12.2.1AS.5
tcpdump-14:3.7.2-7.E3.1
tcpdump-debuginfo-14:3.7.2-7.E3.1

refmap via4

apple	APPLE-SA-2004-02-23
bid	7090
bugtraq	20040131 [FLSA-2004:1222] Updated tcpdump resolves security vulnerabilites (resend with correct paths)
caldera	CSSA-2004-008.0
cert-vn	VU#955526
conectiva	CLSA-2003:832
debian	DSA-425
fedora	FEDORA-2004-090 FEDORA-2004-092 FLSA:1222
mandrake	MDKSA-2004:008
mlist	[fedora-announce-list] 20040311 Re: [SECURITY] Fedora Core 1 Update: tcpdump-3.7.2-8.fc1.1 [tcpdump-workers] multiple vulnerabilities in tcpdump 3.8.1
sco	SCOSA-2004.9
sectrack	1008735
secunia	10636 10639 10644 10652 10718 11022 11032 12179
sgi	20040103-01-U 20040202-01-U
trustix	2004-0004

Last major update

11-10-2017 - 01:29

Published

17-02-2004 - 05:00

Last modified

11-10-2017 - 01:29