CVE-2004-0184 – tcpdump - ISAKMP Identification Payload Integer Overflow
https://notcve.org/view.php?id=CVE-2004-0184
Integer underflow in the isakmp_id_print for TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with an Identification payload with a length that becomes less than 8 during byte order conversion, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite. Desbordamieto de enteros en la función isakmp_id_print de TCPDUMP 3.8.1 y anteriores permite a atacantes remotos causar una denegación de servicio mediante un paquete ISAKMP con una carga útil de identificación con una longitud que se hace menor de 8 durante una conversión de orden de bytes, lo que causa una lectura fuera de límites, como se ha demostrado por el paquete de pruebas de protocolo ISAKMP Striker. • https://www.exploit-db.com/exploits/171 http://marc.info/?l=bugtraq&m=108067265931525&w=2 http://secunia.com/advisories/11258 http://securitytracker.com/id?1009593 http://www.debian.org/security/2004/dsa-478 http://www.kb.cert.org/vuls/id/492558 http://www.rapid7.com/advisories/R7-0017.html http://www.redhat.com/support/errata/RHSA-2004-219.html http://www.securityfocus.com/bid/10004 http://www.tcpdump.org/tcpdump-changes.txt http://www.trustix.org/erra • CWE-125: Out-of-bounds Read CWE-191: Integer Underflow (Wrap or Wraparound) •
CVE-2004-0183
https://notcve.org/view.php?id=CVE-2004-0183
TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via ISAKMP packets containing a Delete payload with a large number of SPI's, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite. TCPDUMP 3.8.1 y anteriores permite a atacantes remotos causar una denegación de servicio (caída) mediante paquetes ISAKMP conteniendo un carga útil de Dorrado con un gran númeo de SPIs, lo que causa una lectura fuera de límites, como se ha demostrado por el paquete de pruebas de protocolo ISAKMP Striker. • http://marc.info/?l=bugtraq&m=108067265931525&w=2 http://secunia.com/advisories/11258 http://secunia.com/advisories/11320 http://securitytracker.com/id?1009593 http://www.debian.org/security/2004/dsa-478 http://www.kb.cert.org/vuls/id/240790 http://www.rapid7.com/advisories/R7-0017.html http://www.redhat.com/support/errata/RHSA-2004-219.html http://www.securityfocus.com/bid/10003 http://www.tcpdump.org/tcpdump-changes.txt http://www.trustix.org/errata/2004 • CWE-125: Out-of-bounds Read •
CVE-2004-0057
https://notcve.org/view.php?id=CVE-2004-0057
The rawprint function in the ISAKMP decoding routines (print-isakmp.c) for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via malformed ISAKMP packets that cause invalid "len" or "loc" values to be used in a loop, a different vulnerability than CVE-2003-0989. La función rawprint en las rutinas de decodificación ISAKMP (print-isakmp.c) de tcpdump 3.8.1 y anteriores permite a atacantes remotos causar una denegación de servicio (fallo de segmentación) mediante paquetes ISAKMP malformados que causan que unos valores "len" o "loc" sean usados en un bucle, una vulnerabilidad diferente de CAN-2003-0989. • ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2004-008.0.txt ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.9/SCOSA-2004.9.txt ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc http://lists.apple.com/archives/security-announce/2004/Feb/msg00000.html http://lwn.net/Alerts/66445 http://lwn.net/Alerts/66805 http://marc.info/?l=bugtraq&m=107577418225627&w=2 http: •
CVE-2003-1029 – Tcpdump 3.x - L2TP Parser Remote Denial of Service
https://notcve.org/view.php?id=CVE-2003-1029
The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a packet with invalid data to UDP port 1701, which causes l2tp_avp_print to use a bad length value when calling print_octets. El procesador (parser) del protocolo L2TP en tcpdump 3.8.1 y anteriores permite a atacantes remotos causar una denegación de servicio (bucle infinito y consumición de memoria) mediante un paquete con datos no válidos al puerto UDP 1701, lo que causa que l2tp_avp_print ustilice un valor de longitud malo cuando llama a print_octets() • https://www.exploit-db.com/exploits/23452 http://lwn.net/Alerts/66805 http://marc.info/?l=bugtraq&m=107193841728533&w=2 http://marc.info/?l=bugtraq&m=107213553214985&w=2 http://marc.info/?l=tcpdump-workers&m=107228187124962&w=2 http://secunia.com/advisories/10636 http://secunia.com/advisories/10652 http://secunia.com/advisories/10668 http://secunia.com/advisories/10718 http://www.debian.org/security/2004/dsa-425 http://www.mandriva.com/security/advisories?na •
CVE-2004-0055
https://notcve.org/view.php?id=CVE-2004-0055
The print_attr_string function in print-radius.c for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a RADIUS attribute with a large length value. La función print_attr_string en print-radius.c de tcpdump 3.8.1 y anteriores permite a atacantes remotos causar una denegación de servicio (fallo de segmentación) mediante un atributo RADIUS con un valor de longitud demasiado grande. • ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2004-008.0.txt ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.9/SCOSA-2004.9.txt ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000832 http://lists.apple.com/archives/security-announce/2004/Feb/msg00000.html http://lwn.net/Alerts/66445 http://marc.info/?l=b •