// For flags

CVE-2004-0057

 

Severity Score

7.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The rawprint function in the ISAKMP decoding routines (print-isakmp.c) for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via malformed ISAKMP packets that cause invalid "len" or "loc" values to be used in a loop, a different vulnerability than CVE-2003-0989.

La función rawprint en las rutinas de decodificación ISAKMP (print-isakmp.c) de tcpdump 3.8.1 y anteriores permite a atacantes remotos causar una denegación de servicio (fallo de segmentación) mediante paquetes ISAKMP malformados que causan que unos valores "len" o "loc" sean usados en un bucle, una vulnerabilidad diferente de CAN-2003-0989.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2004-01-14 CVE Reserved
  • 2004-01-15 CVE Published
  • 2024-08-08 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (36)
URL Tag Source
http://marc.info/?l=bugtraq&m=107577418225627&w=2 Mailing List
http://marc.info/?l=tcpdump-workers&m=107325073018070&w=2 Mailing List
http://secunia.com/advisories/10636 Third Party Advisory
http://secunia.com/advisories/10639 Third Party Advisory
http://secunia.com/advisories/10644 Third Party Advisory
http://secunia.com/advisories/10652 Third Party Advisory
http://secunia.com/advisories/10668 Third Party Advisory
http://secunia.com/advisories/10718 Third Party Advisory
http://secunia.com/advisories/11022 Third Party Advisory
http://secunia.com/advisories/11032 Third Party Advisory
http://secunia.com/advisories/12179 Third Party Advisory
http://www.kb.cert.org/vuls/id/174086 Third Party Advisory
http://www.redhat.com/archives/fedora-announce-list/2004-March/msg00015.html Mailing List
http://www.securityfocus.com/archive/1/350238/30/21640/threaded Mailing List
http://www.securitytracker.com/id?1008716 Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/14837 Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11197 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A851 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A854 Signature
URL Date SRC
URL Date SRC
http://www.debian.org/security/2004/dsa-425 2018-10-19
http://www.redhat.com/support/errata/RHSA-2004-007.html 2018-10-19
http://www.securityfocus.com/bid/9423 2018-10-19
URL Date SRC
ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2004-008.0.txt 2018-10-19
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.9/SCOSA-2004.9.txt 2018-10-19
ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc 2018-10-19
ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc 2018-10-19
http://lists.apple.com/archives/security-announce/2004/Feb/msg00000.html 2018-10-19
http://lwn.net/Alerts/66445 2018-10-19
http://lwn.net/Alerts/66805 2018-10-19
http://www.mandriva.com/security/advisories?name=MDKSA-2004:008 2018-10-19
http://www.redhat.com/archives/fedora-announce-list/2004-March/msg00006.html 2018-10-19
http://www.redhat.com/archives/fedora-announce-list/2004-March/msg00009.html 2018-10-19
http://www.redhat.com/archives/fedora-legacy-list/2004-January/msg00726.html 2018-10-19
http://www.redhat.com/support/errata/RHSA-2004-008.html 2018-10-19
https://access.redhat.com/security/cve/CVE-2004-0057 2004-01-15
https://bugzilla.redhat.com/show_bug.cgi?id=1617136 2004-01-15
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Lbl
Search vendor "Lbl"
 Tcpdump
Search vendor "Lbl" for product "Tcpdump"
 <= 3.8.1
Search vendor "Lbl" for product "Tcpdump" and version " <= 3.8.1"
-
Affected