ID CVE-2004-0183
Summary TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via ISAKMP packets containing a Delete payload with a large number of SPI's, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite.
References
Vulnerable Configurations
  • cpe:2.3:a:tcpdump:tcpdump:3.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:tcpdump:tcpdump:3.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:tcpdump:tcpdump:3.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:tcpdump:tcpdump:3.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:tcpdump:tcpdump:3.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:tcpdump:tcpdump:3.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:tcpdump:tcpdump:3.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:tcpdump:tcpdump:3.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:tcpdump:tcpdump:3.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:tcpdump:tcpdump:3.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:tcpdump:tcpdump:3.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:tcpdump:tcpdump:3.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:tcpdump:tcpdump:3.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:tcpdump:tcpdump:3.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:tcpdump:tcpdump:3.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:tcpdump:tcpdump:3.8.1:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 15-02-2024 - 20:53)
Impact:
Exploitability:
CWE CWE-125
CAPEC
  • Infiltration of Hardware Development Environment
    An attacker, leveraging the ability to manipulate components of primary support systems and tools within the development and production environments, inserts malicious software within the hardware and/or firmware development environment. The infiltration purpose is to alter developed hardware components in a system destined for deployment at the victim's organization, for the purpose of disruption or further compromise.
  • Overread Buffers
    An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
oval via4
  • accepted 2004-07-12T12:00:00.000-04:00
    class vulnerability
    contributors
    name Jay Beale
    organization Bastille Linux
    description TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via ISAKMP packets containing a Delete payload with a large number of SPI's, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite.
    family unix
    id oval:org.mitre.oval:def:972
    status accepted
    submitted 2004-06-10T12:00:00.000-04:00
    title tcpdump Delete Payload in ISAKMP Packets Vulnerability
    version 4
  • accepted 2013-04-29T04:23:46.985-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    description TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via ISAKMP packets containing a Delete payload with a large number of SPI's, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite.
    family unix
    id oval:org.mitre.oval:def:9971
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via ISAKMP packets containing a Delete payload with a large number of SPI's, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite.
    version 29
redhat via4
advisories
rhsa
id RHSA-2004:219
rpms
  • libpcap-14:0.7.2-7.E3.2
  • tcpdump-14:3.7.2-7.E3.2
  • tcpdump-debuginfo-14:3.7.2-7.E3.2
refmap via4
bid 10003
bugtraq 20040330 R7-0017: TCPDUMP ISAKMP payload handling denial-of-service vulnerabilities
cert-vn VU#240790
confirm http://www.tcpdump.org/tcpdump-changes.txt
debian DSA-478
fedora FEDORA-2004-1468
misc http://www.rapid7.com/advisories/R7-0017.html
sectrack 1009593
secunia
  • 11258
  • 11320
trustix 2004-0015
xf tcpdump-isakmp-delete-bo(15680)
Last major update 15-02-2024 - 20:53
Published 04-05-2004 - 04:00
Last modified 15-02-2024 - 20:53
Back to Top