Vulnerability CVE-2004-0183 - CERT Civis.Net

Vulnerability Name:

CVE-2004-0183 (CCN-15680)

Assigned:

2004-03-29

Published:

2004-03-29

Updated:

2017-10-11

Summary:

TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via ISAKMP packets containing a Delete payload with a large number of SPI's, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Denial of Service

References:

Source: CCN
Type: Rapid7, Inc. Security Advisory R7-0017
TCPDUMP ISAKMP payload handling denial-of-service vulnerabilities

Source: MITRE
Type: CNA
CVE-2004-0183

Source: BUGTRAQ
Type: UNKNOWN
20040330 R7-0017: TCPDUMP ISAKMP payload handling denial-of-service vulnerabilities

Source: CCN
Type: RHSA-2004-219
tcpdump security update

Source: CCN
Type: SA11258
TCPDUMP ISAKMP Payload Handling Denial of Service Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
11258

Source: SECUNIA
Type: UNKNOWN
11320

Source: CCN
Type: SECTRACK ID: 1009593
Tcpdump Boundary Checking Error in `print-isakmp.c` Lets Remote Users Crash Tcpdump

Source: SECTRACK
Type: UNKNOWN
1009593

Source: CCN
Type: CIAC Information Bulletin O-113
Debian tcpdump Denial of Service

Source: CCN
Type: CIAC Information Bulletin O-212
Apple Security Update

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-478

Source: DEBIAN
Type: DSA-478
tcpdump -- denial of service

Source: CCN
Type: US-CERT VU#240790
tcpdump contains buffer overflow vulnerability in ISAKMP Delete Payload handling

Source: CERT-VN
Type: US Government Resource
VU#240790

Source: CCN
Type: Trustix Secure Linux Security Advisory #2004-0015
tcpdump, libpcap

Source: CCN
Type: OpenPKG-SA-2004.010
tcpdump

Source: MISC
Type: UNKNOWN
http://www.rapid7.com/advisories/R7-0017.html

Source: REDHAT
Type: UNKNOWN
RHSA-2004:219

Source: BID
Type: UNKNOWN
10003

Source: CCN
Type: BID-10003
TCPDump ISAKMP Delete Payload Buffer Overrun Vulnerability

Source: CCN
Type: BID-10004
TCPDump ISAKMP Identification Payload Integer Underflow Vulnerability

Source: CCN
Type: BID-10005
Interchange Remote Information Disclosure Vulnerability

Source: CCN
Type: BID-10007
Clam Anti-Virus ClamAV Arbitrary Command Execution Vulnerability

Source: CCN
Type: BID-10008
MPlayer Remote HTTP Header Buffer Overflow Vulnerability

Source: CCN
Type: BID-10009
Oracle Single Sign-On Login Page Authentication Credential Disclosure Vulnerability

Source: CCN
Type: BID-1001
InterAccess TelnetD Server 4.0 Terminal Configuration Vulnerability

Source: CCN
Type: BID-10010
LinBit Technologies LINBOX Officeserver Remote Authentication Bypass Vulnerability

Source: CCN
Type: BID-10013
PHPKit Multiple HTML Injection Vulnerabilities

Source: CCN
Type: BID-10017
JamesOff QuoteEngine Multiple Parameter Unspecified SQL Injection Vulnerability

Source: CCN
Type: BID-10018
MadBMS Unspecified Login Vulnerability

Source: CCN
Type: BID-10019
Cactusoft CactuShop SQL Injection Vulnerability

Source: CCN
Type: BID-1002
Sambar Server Batch CGI Vulnerability

Source: CCN
Type: BID-10020
CactuSoft CactuShop Cross-Site Scripting Vulnerability

Source: CCN
Type: BID-10022
Roger Wilco Server UDP Datagram Handling Denial Of Service Vulnerability

Source: CCN
Type: BID-10024
Roger Wilco Information Disclosure Vulnerability

Source: CCN
Type: BID-10025
Roger Wilco Server Unauthorized Audio Stream Denial Of Service Vulnerability

Source: CCN
Type: BID-10026
ADA IMGSVR Remote Directory Listing Vulnerability

Source: CCN
Type: BID-10027
ADA IMGSVR Remote File Download Vulnerability

Source: CCN
Type: BID-10028
OpenBSD ISAKMPD Zero Payload Length Denial Of Service Vulnerability

Source: CCN
Type: BID-1003
FTPx FTP Explorer Weak Password Encryption Vulnerability

Source: CCN
Type: BID-10033
HAHTsite Scenario Server Project File Name Buffer Overrun Vulnerability

Source: CCN
Type: BID-10036
Macromedia Dreamweaver Remote User Database Access Vulnerability

Source: CCN
Type: BID-10037
SGI IRIX ftpd Multiple Denial Of Service Vulnerabilities

Source: CCN
Type: slackware-security Mailing List, Sat, 17 Apr 2004 12:02:24 -0700 (PDT)
tcpdump denial of service (SSA:2004-108-01)

Source: CCN
Type: tcpdump Web site
TCPDUMP public repository

Source: CONFIRM
Type: UNKNOWN
http://www.tcpdump.org/tcpdump-changes.txt

Source: TRUSTIX
Type: UNKNOWN
2004-0015

Source: CCN
Type: TLSA-2004-16
Two issues have been discovered in tcpdump

Source: FEDORA
Type: UNKNOWN
FEDORA-2004-1468

Source: XF
Type: UNKNOWN
tcpdump-isakmp-delete-bo(15680)

Source: XF
Type: UNKNOWN
tcpdump-isakmp-delete-bo(15680)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:972

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9971

Source: SUSE
Type: SUSE-SA:2004:010
Linux Kernel: privilege escalation local DoS

Source: SUSE
Type: SUSE-SA:2004:011
Live CD 9.1: remote root access

Vulnerable Configuration:

Configuration 1:

cpe:/a:lbl:tcpdump:*:*:*:*:*:*:*:* (Version <= 3.8.1)

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20040183	V	CVE-2004-0183	2015-11-16
oval:org.mitre.oval:def:9971	V	TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via ISAKMP packets containing a Delete payload with a large number of SPI's, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite.	2013-04-29
oval:org.mitre.oval:def:972	V	tcpdump Delete Payload in ISAKMP Packets Vulnerability	2004-07-12
oval:com.redhat.rhsa:def:20040219	P	RHSA-2004:219: tcpdump security update (Low)	2004-05-26
oval:org.debian:def:478	V	denial of service	2004-04-06