CVE-2002-1350
CVSS7.5
发布时间 :2002-12-23 00:00:00
修订时间 :2016-10-17 22:26:15
NMCOS    

[原文]The BGP decoding routines in tcpdump 3.6.x before 3.7 do not properly copy data, which allows remote attackers to cause a denial of service (application crash).


[CNNVD]TCPDump远程内存破坏漏洞(CNNVD-200212-042)

        
        TCPDump是一款网络分析程序,使用于多种Unix操作系统。
        TCPDump不正确分配操作符大小,远程攻击者可以利用这个漏洞进行拒绝服务攻击。
        TCPDump包含的一个操作符没有正确分配内存大小,可导致内存破坏,使tcpdump崩溃。
        问题存在与print-bgp.c代码中,目前没有获得详细漏洞细节。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1350
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1350
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200212-042
(官方数据源) CNNVD

- 其它链接及资源

ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-050.0.txt
(UNKNOWN)  CALDERA  CSSA-2002-050.0
http://marc.info/?l=bugtraq&m=104032975103398&w=2
(UNKNOWN)  BUGTRAQ  20021219 TSLSA-2002-0084 - tcpdump
http://www.debian.org/security/2002/dsa-206
(VENDOR_ADVISORY)  DEBIAN  DSA-206
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:027
(UNKNOWN)  MANDRAKE  MDKSA-2003:027
http://www.redhat.com/support/errata/RHSA-2003-032.html
(UNKNOWN)  REDHAT  RHSA-2003:032
http://www.redhat.com/support/errata/RHSA-2003-033.html
(UNKNOWN)  REDHAT  RHSA-2003:033
http://www.redhat.com/support/errata/RHSA-2003-214.html
(UNKNOWN)  REDHAT  RHSA-2003:214
http://www.securityfocus.com/bid/6213
(VENDOR_ADVISORY)  BID  6213
http://www.tcpdump.org/lists/workers/2001/10/msg00101.html
(UNKNOWN)  MLIST  [tcpdump-workers] 20011015 Bug in print-bgp.c?
http://xforce.iss.net/xforce/xfdb/10695
(VENDOR_ADVISORY)  XF  tcpdump-sizeof-memory-corruption(10695)

- 漏洞信息

TCPDump远程内存破坏漏洞
高危 边界条件错误
2002-12-23 00:00:00 2005-05-13 00:00:00
远程  
        
        TCPDump是一款网络分析程序,使用于多种Unix操作系统。
        TCPDump不正确分配操作符大小,远程攻击者可以利用这个漏洞进行拒绝服务攻击。
        TCPDump包含的一个操作符没有正确分配内存大小,可导致内存破坏,使tcpdump崩溃。
        问题存在与print-bgp.c代码中,目前没有获得详细漏洞细节。
        

- 公告与补丁

        厂商补丁:
        Caldera
        -------
        Caldera已经为此发布了一个安全公告(CSSA-2002-050.0)以及相应补丁:
        CSSA-2002-050.0:Linux: tcpdump denial-of-service in print-bgp.c
        链接:ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2002-050.0.txt
        补丁下载:
        1. OpenLinux 3.1.1 Server
         4.1 Package Location
         ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-050.0/RPMS
         4.2 Packages
         88099679d803eb7f1583f99ccaa68fed tcpdump-3.6.2-4.i386.rpm
         4.3 Installation
         rpm -Fvh tcpdump-3.6.2-4.i386.rpm
         4.4 Source Package Location
         ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-050.0/SRPMS
         4.5 Source Packages
         098cc3870c3f665a0d8ca1ab33bd3aca tcpdump-3.6.2-4.src.rpm
        2. OpenLinux 3.1.1 Workstation
         5.1 Package Location
         ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-050.0/RPMS
         5.2 Packages
         45db66a34637547e551b5c6617a96146 tcpdump-3.6.2-4.i386.rpm
         5.3 Installation
         rpm -Fvh tcpdump-3.6.2-4.i386.rpm
         5.4 Source Package Location
         ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-050.0/SRPMS
         5.5 Source Packages
         debcc7c371ef1857da6cf5beb2c9fb99 tcpdump-3.6.2-4.src.rpm
        3. OpenLinux 3.1 Server
         6.1 Package Location
         ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-050.0/RPMS
         6.2 Packages
         890d010599a09f88ab2264e3c737e8b8 tcpdump-3.6.2-4.i386.rpm
         6.3 Installation
         rpm -Fvh tcpdump-3.6.2-4.i386.rpm
         6.4 Source Package Location
         ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-050.0/SRPMS
         6.5 Source Packages
         57282f9d95d4ac217472b37e1e4424ca tcpdump-3.6.2-4.src.rpm
        4. OpenLinux 3.1 Workstation
         7.1 Package Location
         ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-050.0/RPMS
         7.2 Packages
         2e80f4e77cee7899bfbfc7c0552da424 tcpdump-3.6.2-4.i386.rpm
         7.3 Installation
         rpm -Fvh tcpdump-3.6.2-4.i386.rpm
         7.4 Source Package Location
         ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-050.0/SRPMS
         7.5 Source Packages
         d16939d580b36f127b12693548f17655 tcpdump-3.6.2-4.src.rpm

- 漏洞信息

9853
tcpdump BGP Decoding Routines Data Copy Issue

- 漏洞描述

Unknown or Incomplete

- 时间线

2001-10-15 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

TCPDump Malformed BGP Packet Memory Corruption Vulnerability
Boundary Condition Error 6213
Yes No
2002-11-20 12:00:00 2009-07-11 07:16:00
Originally reported in a SCO advisory.

- 受影响的程序版本

LBL tcpdump 3.6.2
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ Conectiva Linux 5.1
+ Conectiva Linux 5.0
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ FreeBSD FreeBSD 4.3
+ FreeBSD FreeBSD 4.2
+ FreeBSD FreeBSD 4.1.1
+ FreeBSD FreeBSD 4.1
+ FreeBSD FreeBSD 4.0
+ HP Secure OS software for Linux 1.0
+ MandrakeSoft Corporate Server 1.0.1
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.1
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 alpha
+ S.u.S.E. Linux 8.0
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.1
LBL tcpdump 3.5.2
LBL tcpdump 3.5
+ FreeBSD FreeBSD 4.1.1
+ FreeBSD FreeBSD 4.1
+ FreeBSD FreeBSD 4.0
+ FreeBSD FreeBSD 3.x
+ S.u.S.E. Linux 8.0
+ S.u.S.E. Linux 7.3
LBL tcpdump 3.4 a6
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 IA-32
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ Debian Linux 2.2
+ S.u.S.E. Firewall Adminhost VPN
+ S.u.S.E. Linux 7.2
+ S.u.S.E. Linux 7.1
+ S.u.S.E. Linux 7.0
+ S.u.S.E. Linux 6.4
+ S.u.S.E. Linux Admin-CD for Firewall
+ S.u.S.E. Linux Connectivity Server
+ S.u.S.E. Linux Database Server 0
+ S.u.S.E. Linux Enterprise Server for S/390
+ S.u.S.E. Linux Live-CD for Firewall
+ S.u.S.E. SuSE eMail Server III
+ SuSE SUSE Linux Enterprise Server 7
LBL tcpdump 3.4
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 alpha

- 漏洞讨论

tcpdump contains an operator miscalculation that could result in memory corruption. This could lead to execution of arbitrary code or a denial of service.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Trustix has released an advisory. Information about obtaining and applying fixes can be found in the referenced advisory.

Debian has released a new advisory (DSA 255-1) which contain new fix information.

MandrakeSoft has released an advisory. Information about obtaining and applying fixes are available in the referenced advisory.

SuSE has released an advisory (SuSE-SA:2003:0015) which contains fixes. Further information about obtaining and applying fixes can be found in the advisory.

Red Hat has released a security advisory (RHSA-2003:032-01) that contains fixes addressing this and other tcpdump issues. Users are advised to upgrade as soon as possible.

OpenPKG has released an advisory OpenPKG-SA-2004.002 to address this and other issues. Please see the referenced advisory for more information.

Fixes available:


LBL tcpdump 3.4 a6

LBL tcpdump 3.4

LBL tcpdump 3.5.2

LBL tcpdump 3.6.2

- 相关参考

     

     

    关于SCAP中文社区

    SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

    版权声明

    CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站