// For flags

CVE-2004-0057

 

Severity Score

5.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The rawprint function in the ISAKMP decoding routines (print-isakmp.c) for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via malformed ISAKMP packets that cause invalid "len" or "loc" values to be used in a loop, a different vulnerability than CVE-2003-0989.

La función rawprint en las rutinas de decodificación ISAKMP (print-isakmp.c) de tcpdump 3.8.1 y anteriores permite a atacantes remotos causar una denegación de servicio (fallo de segmentación) mediante paquetes ISAKMP malformados que causan que unos valores "len" o "loc" sean usados en un bucle, una vulnerabilidad diferente de CAN-2003-0989.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2004-01-14 CVE Reserved
  • 2004-01-15 CVE Published
  • 2024-01-30 EPSS Updated
  • 2024-08-08 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (36)
URL Tag Source
http://marc.info/?l=bugtraq&m=107577418225627&w=2 Mailing List
http://marc.info/?l=tcpdump-workers&m=107325073018070&w=2 Mailing List
http://secunia.com/advisories/10636 Third Party Advisory
http://secunia.com/advisories/10639 Third Party Advisory
http://secunia.com/advisories/10644 Third Party Advisory
http://secunia.com/advisories/10652 Third Party Advisory
http://secunia.com/advisories/10668 Third Party Advisory
http://secunia.com/advisories/10718 Third Party Advisory
http://secunia.com/advisories/11022 Third Party Advisory
http://secunia.com/advisories/11032 Third Party Advisory
http://secunia.com/advisories/12179 Third Party Advisory
http://www.kb.cert.org/vuls/id/174086 Third Party Advisory
http://www.redhat.com/archives/fedora-announce-list/2004-March/msg00015.html Mailing List
http://www.securityfocus.com/archive/1/350238/30/21640/threaded Mailing List
http://www.securitytracker.com/id?1008716 Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/14837 Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11197 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A851 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A854 Signature
URL Date SRC
URL Date SRC
http://www.debian.org/security/2004/dsa-425 2018-10-19
http://www.redhat.com/support/errata/RHSA-2004-007.html 2018-10-19
http://www.securityfocus.com/bid/9423 2018-10-19
URL Date SRC
ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2004-008.0.txt 2018-10-19
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.9/SCOSA-2004.9.txt 2018-10-19
ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc 2018-10-19
ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc 2018-10-19
http://lists.apple.com/archives/security-announce/2004/Feb/msg00000.html 2018-10-19
http://lwn.net/Alerts/66445 2018-10-19
http://lwn.net/Alerts/66805 2018-10-19
http://www.mandriva.com/security/advisories?name=MDKSA-2004:008 2018-10-19
http://www.redhat.com/archives/fedora-announce-list/2004-March/msg00006.html 2018-10-19
http://www.redhat.com/archives/fedora-announce-list/2004-March/msg00009.html 2018-10-19
http://www.redhat.com/archives/fedora-legacy-list/2004-January/msg00726.html 2018-10-19
http://www.redhat.com/support/errata/RHSA-2004-008.html 2018-10-19
https://access.redhat.com/security/cve/CVE-2004-0057 2004-01-15
https://bugzilla.redhat.com/show_bug.cgi?id=1617136 2004-01-15
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Lbl
Search vendor "Lbl"
 Tcpdump
Search vendor "Lbl" for product "Tcpdump"
 <= 3.8.1
Search vendor "Lbl" for product "Tcpdump" and version " <= 3.8.1"
-
Affected