CVSS: 5.0EPSS: 65%CPEs: 1EXPL: 2CVE-2004-0184 – tcpdump - ISAKMP Identification Payload Integer Overflow
https://notcve.org/view.php?id=CVE-2004-0184
Integer underflow in the isakmp_id_print for TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with an Identification payload with a length that becomes less than 8 during byte order conversion, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite. Desbordamieto de enteros en la función isakmp_id_print de TCPDUMP 3.8.1 y anteriores permite a atacantes remotos causar una denegación de servicio mediante un paquete ISAKMP con una carga útil de identificación con una longitud que se hace menor de 8 durante una conversión de orden de bytes, lo que causa una lectura fuera de límites, como se ha demostrado por el paquete de pruebas de protocolo ISAKMP Striker. • https://www.exploit-db.com/exploits/171 http://marc.info/?l=bugtraq&m=108067265931525&w=2 http://secunia.com/advisories/11258 http://securitytracker.com/id?1009593 http://www.debian.org/security/2004/dsa-478 http://www.kb.cert.org/vuls/id/492558 http://www.rapid7.com/advisories/R7-0017.html http://www.redhat.com/support/errata/RHSA-2004-219.html http://www.securityfocus.com/bid/10004 http://www.tcpdump.org/tcpdump-changes.txt http://www.trustix.org/erra • CWE-125: Out-of-bounds Read CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 5.0EPSS: 55%CPEs: 1EXPL: 0CVE-2004-0183
https://notcve.org/view.php?id=CVE-2004-0183
TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via ISAKMP packets containing a Delete payload with a large number of SPI's, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite. TCPDUMP 3.8.1 y anteriores permite a atacantes remotos causar una denegación de servicio (caída) mediante paquetes ISAKMP conteniendo un carga útil de Dorrado con un gran númeo de SPIs, lo que causa una lectura fuera de límites, como se ha demostrado por el paquete de pruebas de protocolo ISAKMP Striker. • http://marc.info/?l=bugtraq&m=108067265931525&w=2 http://secunia.com/advisories/11258 http://secunia.com/advisories/11320 http://securitytracker.com/id?1009593 http://www.debian.org/security/2004/dsa-478 http://www.kb.cert.org/vuls/id/240790 http://www.rapid7.com/advisories/R7-0017.html http://www.redhat.com/support/errata/RHSA-2004-219.html http://www.securityfocus.com/bid/10003 http://www.tcpdump.org/tcpdump-changes.txt http://www.trustix.org/errata/2004 • CWE-125: Out-of-bounds Read •