CVE-2004-0184 – tcpdump - ISAKMP Identification Payload Integer Overflow
https://notcve.org/view.php?id=CVE-2004-0184
Integer underflow in the isakmp_id_print for TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with an Identification payload with a length that becomes less than 8 during byte order conversion, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite. Desbordamieto de enteros en la función isakmp_id_print de TCPDUMP 3.8.1 y anteriores permite a atacantes remotos causar una denegación de servicio mediante un paquete ISAKMP con una carga útil de identificación con una longitud que se hace menor de 8 durante una conversión de orden de bytes, lo que causa una lectura fuera de límites, como se ha demostrado por el paquete de pruebas de protocolo ISAKMP Striker. • https://www.exploit-db.com/exploits/171 http://marc.info/?l=bugtraq&m=108067265931525&w=2 http://secunia.com/advisories/11258 http://securitytracker.com/id?1009593 http://www.debian.org/security/2004/dsa-478 http://www.kb.cert.org/vuls/id/492558 http://www.rapid7.com/advisories/R7-0017.html http://www.redhat.com/support/errata/RHSA-2004-219.html http://www.securityfocus.com/bid/10004 http://www.tcpdump.org/tcpdump-changes.txt http://www.trustix.org/erra • CWE-125: Out-of-bounds Read CWE-191: Integer Underflow (Wrap or Wraparound) •
CVE-2004-0183
https://notcve.org/view.php?id=CVE-2004-0183
TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via ISAKMP packets containing a Delete payload with a large number of SPI's, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite. TCPDUMP 3.8.1 y anteriores permite a atacantes remotos causar una denegación de servicio (caída) mediante paquetes ISAKMP conteniendo un carga útil de Dorrado con un gran númeo de SPIs, lo que causa una lectura fuera de límites, como se ha demostrado por el paquete de pruebas de protocolo ISAKMP Striker. • http://marc.info/?l=bugtraq&m=108067265931525&w=2 http://secunia.com/advisories/11258 http://secunia.com/advisories/11320 http://securitytracker.com/id?1009593 http://www.debian.org/security/2004/dsa-478 http://www.kb.cert.org/vuls/id/240790 http://www.rapid7.com/advisories/R7-0017.html http://www.redhat.com/support/errata/RHSA-2004-219.html http://www.securityfocus.com/bid/10003 http://www.tcpdump.org/tcpdump-changes.txt http://www.trustix.org/errata/2004 • CWE-125: Out-of-bounds Read •
CVE-2004-0057
https://notcve.org/view.php?id=CVE-2004-0057
The rawprint function in the ISAKMP decoding routines (print-isakmp.c) for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via malformed ISAKMP packets that cause invalid "len" or "loc" values to be used in a loop, a different vulnerability than CVE-2003-0989. La función rawprint en las rutinas de decodificación ISAKMP (print-isakmp.c) de tcpdump 3.8.1 y anteriores permite a atacantes remotos causar una denegación de servicio (fallo de segmentación) mediante paquetes ISAKMP malformados que causan que unos valores "len" o "loc" sean usados en un bucle, una vulnerabilidad diferente de CAN-2003-0989. • ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2004-008.0.txt ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.9/SCOSA-2004.9.txt ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc http://lists.apple.com/archives/security-announce/2004/Feb/msg00000.html http://lwn.net/Alerts/66445 http://lwn.net/Alerts/66805 http://marc.info/?l=bugtraq&m=107577418225627&w=2 http: •
CVE-2003-0989
https://notcve.org/view.php?id=CVE-2003-0989
tcpdump before 3.8.1 allows remote attackers to cause a denial of service (infinite loop) via certain ISAKMP packets, a different vulnerability than CVE-2004-0057. tcpdump anteriores a 3.8.1 permite a atacantes remotos causar una denegación de servico (bucle infinito) mediante ciertos paquetes ISAKMP, una vulnerabilidad distinta de CAN-2004-9957. • ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2004-008.0.txt ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.9/SCOSA-2004.9.txt ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc http://lists.apple.com/archives/security-announce/2004/Feb/msg00000.html http://lwn.net/Alerts/66445 http://lwn.net/Alerts/66805 http://marc.info/?l=bugtraq&m=107577418225627&w=2 http: •
CVE-2003-0194
https://notcve.org/view.php?id=CVE-2003-0194
tcpdump does not properly drop privileges to the pcap user when starting up. Cuando se arranca tcpdump, éste no rebaja privilegios adecuadamente al usuario pcap • http://www.redhat.com/support/errata/RHSA-2003-151.html http://www.redhat.com/support/errata/RHSA-2003-174.html https://access.redhat.com/security/cve/CVE-2003-0194 https://bugzilla.redhat.com/show_bug.cgi?id=1616999 •