FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2004-0057

This CVE name corresponds to:

Entered	Topic
2004-01-19	L2TP, ISAKMP, and RADIUS parsing vulnerabilities in tcpdump

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2004-0057 at cve.mitre.org

Details

Type	Candidate
Name	CVE-2004-0057
Phase	Modified(20100819)

Description

The rawprint function in the ISAKMP decoding routines (print-isakmp.c) for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via malformed ISAKMP packets that cause invalid "len" or "loc" values to be used in a loop, a different vulnerability than CVE-2003-0989.

References

Source	Reference
BUGTRAQ	20040119 [ESA-20040119-002] 'tcpdump' multiple vulnerabilities.
MLIST	[tcpdump-workers] multiple vulnerabilities in tcpdump 3.8.1
MLIST	[fedora-announce-list] 20040311 Re: [SECURITY] Fedora Core 1 Update: tcpdump-3.7.2-8.fc1.1
APPLE	APPLE-SA-2004-02-23
CALDERA	CSSA-2004-008.0
ENGARDE	ESA-20040119-002
FEDORA	FLSA:1222
FEDORA	FEDORA-2004-090
FEDORA	FEDORA-2004-092
REDHAT	RHSA-2004:007
REDHAT	RHSA-2004:008
DEBIAN	DSA-425
MANDRAKE	MDKSA-2004:008
SCO	SCOSA-2004.9
SGI	20040103-01-U
BUGTRAQ	20040131 [FLSA-2004:1222] Updated tcpdump resolves security vulnerabilites (resend with correct paths)
SGI	20040202-01-U
TRUSTIX	2004-0004
CERT-VN	VU#174086
BID	9423
OVAL	oval:org.mitre.oval:def:851
OVAL	oval:org.mitre.oval:def:854
OVAL	oval:org.mitre.oval:def:11197
SECTRACK	1008716
SECUNIA	10636
SECUNIA	10639
SECUNIA	10644
SECUNIA	10652
SECUNIA	10668
SECUNIA	10718
SECUNIA	11022
SECUNIA	11032
SECUNIA	12179
XF	tcpdump-rawprint-isakmp-dos(14837)