| Vulnerability Name: | CVE-2003-1029 (CCN-14046) | ||||||||||||
| Assigned: | 2003-12-20 | ||||||||||||
| Published: | 2003-12-20 | ||||||||||||
| Updated: | 2018-10-19 | ||||||||||||
| Summary: | The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a packet with invalid data to UDP port 1701, which causes l2tp_avp_print to use a bad length value when calling print_octets. | ||||||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
| ||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Sat Dec 20 2003 - 10:25:22 CST Remote crash in tcpdump from OpenBSD Source: CCN Type: BugTraq Mailing List, Sat Dec 20 2003 - 13:52:18 CST Re: Remote crash in tcpdump from OpenBSD Source: MITRE Type: CNA CVE-2003-1029 Source: ENGARDE Type: UNKNOWN ESA-20040119-002 Source: BUGTRAQ Type: UNKNOWN 20031220 Remote crash in tcpdump from OpenBSD Source: BUGTRAQ Type: UNKNOWN 20031221 Re: Remote crash in tcpdump from OpenBSD Source: MLIST Type: UNKNOWN [tcpdump-workers] 20031224 Seg fault of tcpdump (v 3.8.1 and below) with malformed l2tp packets Source: CCN Type: SA10636 tcpdump ISAKMP and RADIUS Packet Handling Vulnerabilities Source: SECUNIA Type: UNKNOWN 10636 Source: SECUNIA Type: UNKNOWN 10652 Source: SECUNIA Type: UNKNOWN 10668 Source: SECUNIA Type: UNKNOWN 10718 Source: CCN Type: SECTRACK ID: 1008748 Tcpdump l2tp_avp_print() Flaw May Let Remote Users Crash the System With Malformed L2TP Packets Source: DEBIAN Type: Patch, Vendor Advisory DSA-425 Source: DEBIAN Type: DSA-425 tcpdump -- multiple vulnerabilities Source: MANDRAKE Type: UNKNOWN MDKSA-2004:008 Source: CCN Type: OpenPKG-SA-2004.002 tcpdump Source: CCN Type: OSVDB ID: 3556 tcpdump L2TP DoS Source: BUGTRAQ Type: UNKNOWN 20040119 [ESA-20040119-002] 'tcpdump' multiple vulnerabilities. Source: CCN Type: BID-9263 Tcpdump L2TP Parser Remote Denial of Service Vulnerability Source: SECTRACK Type: UNKNOWN 1008748 Source: XF Type: UNKNOWN tcpdump-l2tp-dos(14046) | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| Oval Definitions | |||||||||||||
| |||||||||||||
| BACK | |||||||||||||