Vulnerability Name:

CVE-2012-0698 (CCN-80226)

Assigned:2012-01-13
Published:2012-01-13
Updated:2020-08-17
Summary:tcsd in TrouSerS before 0.3.10 allows remote attackers to cause a denial of service (daemon crash) via a crafted type_offset value in a TCP packet to port 30003.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.9 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.9 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
2.1 Low (REDHAT CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
1.7 Low (REDHAT Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-119
Vulnerability Consequences:Denial of Service
References:Source: CONFIRM
Type: UNKNOWN
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692649

Source: MITRE
Type: CNA
CVE-2012-0698

Source: MISC
Type: UNKNOWN
http://packetstormsecurity.com/files/118281/TrouSerS-Denial-Of-Service.html

Source: CCN
Type: Packetstorm Security Website
TrouSerS Denial Of Service

Source: CCN
Type: RHSA-2014-1507
Low: trousers security, bug fix, and enhancement update

Source: SECUNIA
Type: UNKNOWN
51295

Source: CCN
Type: SA51805
Oracle Solaris tcsd Denial of Service Vulnerability

Source: CONFIRM
Type: UNKNOWN
http://sourceforge.net/tracker/index.php?func=detail&aid=3473554&group_id=126012&atid=704358

Source: CONFIRM
Type: Patch
http://trousers.git.sourceforge.net/git/gitweb.cgi?p=trousers/trousers;a=commit;h=50dd06a6f639b76b3bb629606ef71b2dc5407601

Source: CONFIRM
Type: Patch
http://trousers.git.sourceforge.net/git/gitweb.cgi?p=trousers/trousers;a=commit;h=ae0c2f8c1fd7a96ba0191f83b6057f8cbc51e786

Source: CCN
Type: TrouSerS Web site
TrouSerS

Source: DEBIAN
Type: UNKNOWN
DSA-2576

Source: DEBIAN
Type: DSA-2576
trousers -- denial of service

Source: EXPLOIT-DB
Type: Exploit
22904

Source: CCN
Type: BID-55459
TrouSerS CVE-2012-0698 Denial Of Service Vulnerability

Source: CCN
Type: Oracle Security Blog, Nov 20, 2012
CVE-2012-0698 Denial of Service (DoS) vulnerability in tcsd

Source: CONFIRM
Type: UNKNOWN
https://blogs.oracle.com/sunsecurity/entry/cve_2012_0698_denial_of

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=781648

Source: XF
Type: UNKNOWN
trousers-tcsd-dos(80226)

Source: XF
Type: UNKNOWN
trousers-tcsd-dos(80226)

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [11-23-2012]

Vulnerable Configuration:Configuration 1:
  • cpe:/a:trustedcomputinggroup:trousers:0.2.8:*:*:*:*:*:*:*
  • OR cpe:/a:trustedcomputinggroup:trousers:0.2.9:*:*:*:*:*:*:*
  • OR cpe:/a:trustedcomputinggroup:trousers:0.2.9.1:*:*:*:*:*:*:*
  • OR cpe:/a:trustedcomputinggroup:trousers:0.2.9.2:*:*:*:*:*:*:*
  • OR cpe:/a:trustedcomputinggroup:trousers:0.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:trustedcomputinggroup:trousers:0.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:trustedcomputinggroup:trousers:0.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:trustedcomputinggroup:trousers:0.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:trustedcomputinggroup:trousers:0.3.4:*:*:*:*:*:*:*
  • OR cpe:/a:trustedcomputinggroup:trousers:0.3.5:*:*:*:*:*:*:*
  • OR cpe:/a:trustedcomputinggroup:trousers:0.3.6:*:*:*:*:*:*:*
  • OR cpe:/a:trustedcomputinggroup:trousers:0.3.7:*:*:*:*:*:*:*
  • OR cpe:/a:trustedcomputinggroup:trousers:0.3.8:*:*:*:*:*:*:*
  • OR cpe:/a:trustedcomputinggroup:trousers:*:*:*:*:*:*:*:* (Version <= 0.3.9)

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:6::computenode:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:debian:trousers:0.3.9:*:*:*:*:*:*:*
  • OR cpe:/a:trustedcomputinggroup:trousers:0.3.8:*:*:*:*:*:*:*
  • OR cpe:/a:trustedcomputinggroup:trousers:0.3.7:*:*:*:*:*:*:*
  • OR cpe:/a:trustedcomputinggroup:trousers:0.3.6:*:*:*:*:*:*:*
  • OR cpe:/a:trustedcomputinggroup:trousers:0.3.5:*:*:*:*:*:*:*
  • OR cpe:/a:trustedcomputinggroup:trousers:0.3.4:*:*:*:*:*:*:*
  • OR cpe:/a:trustedcomputinggroup:trousers:0.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:trustedcomputinggroup:trousers:0.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:trustedcomputinggroup:trousers:0.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:trustedcomputinggroup:trousers:0.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:trustedcomputinggroup:trousers:0.2.9.2:*:*:*:*:*:*:*
  • OR cpe:/a:trustedcomputinggroup:trousers:0.2.9.1:*:*:*:*:*:*:*
  • OR cpe:/a:trustedcomputinggroup:trousers:0.2.9:*:*:*:*:*:*:*
  • OR cpe:/a:trustedcomputinggroup:trousers:0.2.8:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:6:*:server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:6:*:workstation:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:*
  • OR cpe:/o:oracle:solaris:11:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20120698
    V
    		CVE-2012-0698
    2022-05-20
    oval:org.opensuse.security:def:42384
    P
    		Security update for e2fsprogs (Important)
    2022-05-16
    oval:org.opensuse.security:def:31754
    P
    		Security update for libsndfile (Important)
    2022-01-05
    oval:org.opensuse.security:def:32220
    P
    		Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)
    2021-11-19
    oval:org.opensuse.security:def:31703
    P
    		Security update for MozillaFirefox (Important)
    2021-11-17
    oval:org.opensuse.security:def:31691
    P
    		Security update for apache2 (Important)
    2021-10-06
    oval:org.opensuse.security:def:32198
    P
    		Security update for webkit2gtk3 (Important)
    2021-10-06
    oval:org.opensuse.security:def:26137
    P
    		Security update for sqlite3 (Important)
    2021-09-23
    oval:org.opensuse.security:def:26126
    P
    		Security update for Mesa (Moderate)
    2021-09-16
    oval:org.opensuse.security:def:26125
    P
    		Security update for grilo (Important)
    2021-09-09
    oval:org.opensuse.security:def:26116
    P
    		Security update for apache2 (Important)
    2021-09-02
    oval:org.opensuse.security:def:26104
    P
    		Security update for libcares2 (Important)
    2021-08-16
    oval:org.opensuse.security:def:31662
    P
    		Security update for libsndfile (Critical)
    2021-08-05
    oval:org.opensuse.security:def:32159
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:32145
    P
    		Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)
    2021-07-21
    oval:org.opensuse.security:def:42632
    P
    		libtspi1-0.3.10-0.11.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:36225
    P
    		libtspi1-0.3.10-0.11.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:32941
    P
    		Security update for spice (Important)
    2021-06-08
    oval:org.opensuse.security:def:36576
    P
    		trousers-devel-0.3.10-0.11.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:32110
    P
    		Security update for gstreamer-plugins-bad (Important)
    2021-06-07
    oval:org.opensuse.security:def:26059
    P
    		Security update for postgresql12 (Moderate)
    2021-05-27
    oval:org.opensuse.security:def:26206
    P
    		Security update for the Linux Kernel (Important)
    2021-03-09
    oval:org.opensuse.security:def:32264
    P
    		Security update for perl-XML-Twig (Moderate)
    2021-03-01
    oval:org.opensuse.security:def:26201
    P
    		Security update for java-1_8_0-ibm (Important)
    2021-02-26
    oval:org.opensuse.security:def:26200
    P
    		Security update for glibc (Moderate)
    2021-02-25
    oval:org.opensuse.security:def:26157
    P
    		Security update for the Linux Kernel (Important)
    2021-02-09
    oval:org.opensuse.security:def:31692
    P
    		Security update for python3 (Important)
    2021-02-08
    oval:org.opensuse.security:def:32902
    P
    		Security update for openldap2 (Moderate)
    2021-01-14
    oval:org.opensuse.security:def:35977
    P
    		libtspi1-0.3.10-0.9.50 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:32001
    P
    		Security update for python3 (Important)
    2020-12-02
    oval:org.opensuse.security:def:25786
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:32054
    P
    		Security update for kvm (Important)
    2020-12-01
    oval:org.opensuse.security:def:26976
    P
    		libtspi1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26506
    P
    		Security update for chromium (Important)
    2020-12-01
    oval:org.opensuse.security:def:26329
    P
    		Security update for znc (Low)
    2020-12-01
    oval:org.opensuse.security:def:32406
    P
    		Security update for wavpack (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25603
    P
    		Security update for java-1_8_0-openjdk (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26755
    P
    		libnetpbm10 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33188
    P
    		libtspi1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31445
    P
    		Security update for poppler (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27539
    P
    		postgresql94-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25774
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:31811
    P
    		Security update for apache2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:26303
    P
    		Security update for dnsmasq (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31777
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:26453
    P
    		Security update for kauth (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32301
    P
    		Security update for python (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27223
    P
    		libtspi1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25528
    P
    		Security update for texlive (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26551
    P
    		fvwm2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32511
    P
    		findutils on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25869
    P
    		Security update for mariadb (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26857
    P
    		PolicyKit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26245
    P
    		Security update for python (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25850
    P
    		Security update for libreoffice (Low)
    2020-12-01
    oval:org.opensuse.security:def:26351
    P
    		Security update for mongodb (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32058
    P
    		Security update for kvm (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26550
    P
    		fuse on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26410
    P
    		Security update for freexl (Important)
    2020-12-01
    oval:org.opensuse.security:def:32445
    P
    		Security update for xen (Important)
    2020-12-01
    oval:org.opensuse.security:def:25731
    P
    		Security update for memcached (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26804
    P
    		perl-HTML-Parser on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31456
    P
    		Security update for postgresql91
    2020-12-01
    oval:org.opensuse.security:def:27574
    P
    		trousers-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25775
    P
    		Security update for flash-player (Important)
    2020-12-01
    oval:org.opensuse.security:def:31898
    P
    		Security update for MozillaFirefox, mozilla-nss (Important)
    2020-12-01
    oval:org.opensuse.security:def:26941
    P
    		libapr1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31909
    P
    		Security update for freetype2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26492
    P
    		Security update for icingaweb2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:32357
    P
    		Security update for squid3 (Important)
    2020-12-01
    oval:org.opensuse.security:def:25539
    P
    		Security update for dbus-1 (Important)
    2020-12-01
    oval:org.opensuse.security:def:26702
    P
    		fuse on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33149
    P
    		libfreebl3 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31444
    P
    		Security update for poppler (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25953
    P
    		Security update for gcc48 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26901
    P
    		g3utils on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26259
    P
    		Security update for openexr (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25978
    P
    		Security update for tcpdump, libpcap (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26404
    P
    		Security update for irssi (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27188
    P
    		libgnomesu on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25527
    P
    		Security update for java-11-openjdk (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26467
    P
    		Security update for redis (Important)
    2020-12-01
    oval:org.opensuse.security:def:32467
    P
    		Security update for xorg-x11-libs (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25812
    P
    		Security update for flash-player (Important)
    2020-12-01
    oval:org.opensuse.security:def:26843
    P
    		xorg-x11 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31530
    P
    		Security update for samba (Important)
    2020-12-01
    oval:org.mitre.oval:def:26927
    P
    		RHSA-2014:1507: trousers security, bug fix, and enhancement update (Low)
    2015-04-13
    oval:org.mitre.oval:def:27119
    P
    		ELSA-2014-1507 -- trousers security, bug fix, and enhancement update
    2014-12-08
    oval:com.redhat.rhsa:def:20141507
    P
    		RHSA-2014:1507: trousers security, bug fix, and enhancement update (Low)
    2014-10-14
    oval:org.mitre.oval:def:25746
    P
    		SUSE-RU-2013:0352-1 -- Recommended update for trousers
    2014-09-08
    oval:org.mitre.oval:def:20052
    P
    		DSA-2576-1 trousers - denial of service
    2014-06-23
    oval:com.ubuntu.precise:def:20120698000
    V
    		CVE-2012-0698 on Ubuntu 12.04 LTS (precise) - low.
    2012-11-26
    oval:com.ubuntu.xenial:def:201206980000000
    V
    		CVE-2012-0698 on Ubuntu 16.04 LTS (xenial) - low.
    2012-11-26
    oval:com.ubuntu.trusty:def:20120698000
    V
    		CVE-2012-0698 on Ubuntu 14.04 LTS (trusty) - low.
    2012-11-26
    oval:com.ubuntu.xenial:def:20120698000
    V
    		CVE-2012-0698 on Ubuntu 16.04 LTS (xenial) - low.
    2012-11-26
    BACK
    trustedcomputinggroup trousers 0.2.8
    trustedcomputinggroup trousers 0.2.9
    trustedcomputinggroup trousers 0.2.9.1
    trustedcomputinggroup trousers 0.2.9.2
    trustedcomputinggroup trousers 0.3.0
    trustedcomputinggroup trousers 0.3.1
    trustedcomputinggroup trousers 0.3.2
    trustedcomputinggroup trousers 0.3.3
    trustedcomputinggroup trousers 0.3.4
    trustedcomputinggroup trousers 0.3.5
    trustedcomputinggroup trousers 0.3.6
    trustedcomputinggroup trousers 0.3.7
    trustedcomputinggroup trousers 0.3.8
    trustedcomputinggroup trousers *
    debian trousers 0.3.9
    debian trousers 0.3.8
    debian trousers 0.3.7
    debian trousers 0.3.6
    debian trousers 0.3.5
    debian trousers 0.3.4
    debian trousers 0.3.3
    debian trousers 0.3.2
    debian trousers 0.3.1
    debian trousers 0.3.0
    debian trousers 0.2.9.2
    debian trousers 0.2.9.1
    debian trousers 0.2.9
    debian trousers 0.2.8
    redhat enterprise linux 6
    redhat enterprise linux 6
    redhat enterprise linux desktop 6
    redhat enterprise linux hpc node 6
    oracle solaris 11