CVE-2003-0989
CVSS7.5
发布时间 :2004-02-17 00:00:00
修订时间 :2016-10-17 22:38:54
NMCOS    

[原文]tcpdump before 3.8.1 allows remote attackers to cause a denial of service (infinite loop) via certain ISAKMP packets, a different vulnerability than CVE-2004-0057.


[CNNVD]TCPDump ISAKMP解码程序多个远程缓冲区溢出漏洞(CNNVD-200402-075)

        
        Tcpdump是一款命令行监视网络通信工具。
        Tcpdump在进行ISAKMP解码时存在两个安全缺陷,远程攻击者可以利用这个漏洞进行缓冲区溢出攻击,可能以'pcap'用户权限在系统上执行任意指令。
        远程攻击者可以发送特殊构建的包给tcpdump监听的网络,可导致拒绝服务,或以'pcap'用户权限在系统上执行任意指令。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/o:redhat:linux:9.0::i386
cpe:/a:redhat:tcpdump:3.8.0Red Hat tcpdump 3.8.0

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:852RHE3 tcpdump DoS via ISAKMP Packets
oval:org.mitre.oval:def:847Red Hat tcpdump Denial of Service via ISAKMP Packets
oval:org.mitre.oval:def:10599tcpdump before 3.8.1 allows remote attackers to cause a denial of service (infinite loop) via certain ISAKMP packets, a different vulnerabil...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0989
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0989
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200402-075
(官方数据源) CNNVD

- 其它链接及资源

ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2004-008.0.txt
(UNKNOWN)  CALDERA  CSSA-2004-008.0
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.9/SCOSA-2004.9.txt
(UNKNOWN)  SCO  SCOSA-2004.9
ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc
(UNKNOWN)  SGI  20040103-01-U
ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc
(UNKNOWN)  SGI  20040202-01-U
http://lists.apple.com/archives/security-announce/2004/Feb/msg00000.html
(UNKNOWN)  APPLE  APPLE-SA-2004-02-23
http://lwn.net/Alerts/66445/
(UNKNOWN)  TRUSTIX  2004-0004
http://lwn.net/Alerts/66805/
(UNKNOWN)  ENGARDE  ESA-20040119-002
http://marc.info/?l=bugtraq&m=107577418225627&w=2
(UNKNOWN)  BUGTRAQ  20040131 [FLSA-2004:1222] Updated tcpdump resolves security vulnerabilites (resend with correct paths)
http://www.debian.org/security/2004/dsa-425
(VENDOR_ADVISORY)  DEBIAN  DSA-425
http://www.kb.cert.org/vuls/id/738518
(VENDOR_ADVISORY)  CERT-VN  VU#738518
http://www.mandriva.com/security/advisories?name=MDKSA-2004:008
(UNKNOWN)  MANDRAKE  MDKSA-2004:008
http://www.redhat.com/archives/fedora-announce-list/2004-March/msg00006.html
(UNKNOWN)  FEDORA  FEDORA-2004-090
http://www.redhat.com/archives/fedora-announce-list/2004-March/msg00009.html
(UNKNOWN)  FEDORA  FEDORA-2004-092
http://www.redhat.com/archives/fedora-announce-list/2004-March/msg00015.html
(UNKNOWN)  MLIST  [fedora-announce-list] 20040311 Re: [SECURITY] Fedora Core 1 Update: tcpdump-3.7.2-8.fc1.1
http://www.redhat.com/archives/fedora-legacy-list/2004-January/msg00726.html
(UNKNOWN)  FEDORA  FLSA:1222
http://www.redhat.com/support/errata/RHSA-2004-007.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2004:007
http://www.redhat.com/support/errata/RHSA-2004-008.html
(UNKNOWN)  REDHAT  RHSA-2004:008
http://www.securityfocus.com/archive/1/archive/1/350238/30/21640/threaded
(UNKNOWN)  BUGTRAQ  20040119 [ESA-20040119-002] 'tcpdump' multiple vulnerabilities.
http://www.securityfocus.com/bid/9507
(UNKNOWN)  BID  9507
http://www.securitytracker.com/id?1008716
(UNKNOWN)  SECTRACK  1008716

- 漏洞信息

TCPDump ISAKMP解码程序多个远程缓冲区溢出漏洞
高危 其他
2004-02-17 00:00:00 2009-02-20 00:00:00
远程  
        
        Tcpdump是一款命令行监视网络通信工具。
        Tcpdump在进行ISAKMP解码时存在两个安全缺陷,远程攻击者可以利用这个漏洞进行缓冲区溢出攻击,可能以'pcap'用户权限在系统上执行任意指令。
        远程攻击者可以发送特殊构建的包给tcpdump监听的网络,可导致拒绝服务,或以'pcap'用户权限在系统上执行任意指令。
        

- 公告与补丁

        厂商补丁:
        LBL
        ---
        目前厂商已经在最新版本的软件中修复了这个安全问题,请到厂商的主页下载:
        
        http://www.tcpdump.org

- 漏洞信息

3555
tcpdump ISAKMP DoS
Denial of Service
Loss of Availability

- 漏洞描述

Unknown or Incomplete

- 时间线

2004-01-15 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

TCPDump ISAKMP Decoding Routines Denial Of Service Vulnerability
Failure to Handle Exceptional Conditions 9507
Yes No
2004-01-27 12:00:00 2009-07-12 02:06:00
The disclosure of this issue has been credited to George Bakos.

- 受影响的程序版本

SGI ProPack 2.4
SGI ProPack 2.3
SCO Unixware 7.1.3 up
Red Hat Fedora Core1
LBL tcpdump 3.7.2
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Multi Network Firewall 2.0
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
+ Turbolinux Turbolinux Advanced Server 6.0
+ Turbolinux Turbolinux Desktop 10.0
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Server 6.5
+ Turbolinux Turbolinux Server 6.1
+ Turbolinux Turbolinux Workstation 8.0
+ Turbolinux Turbolinux Workstation 7.0
+ Turbolinux Turbolinux Workstation 6.1
+ Turbolinux Turbolinux Workstation 6.0
LBL tcpdump 3.7.1
+ FreeBSD FreeBSD 4.7 -RELEASE
+ FreeBSD FreeBSD 4.7
+ Gentoo Linux 1.4 _rc2
+ Gentoo Linux 1.4 _rc1
+ S.u.S.E. Linux 8.1
LBL tcpdump 3.7
+ FreeBSD FreeBSD 4.6 -RELEASE
+ FreeBSD FreeBSD 4.6
+ FreeBSD FreeBSD 4.5 -STABLE
+ FreeBSD FreeBSD 4.5 -RELEASE
+ FreeBSD FreeBSD 4.5
+ FreeBSD FreeBSD 4.4 -STABLE
+ FreeBSD FreeBSD 4.4 -RELENG
+ FreeBSD FreeBSD 4.4
+ FreeBSD FreeBSD 4.3 -STABLE
+ FreeBSD FreeBSD 4.3 -RELENG
+ FreeBSD FreeBSD 4.3 -RELEASE
+ FreeBSD FreeBSD 4.3
+ FreeBSD FreeBSD 4.2 -STABLE
+ FreeBSD FreeBSD 4.2 -RELEASE
+ FreeBSD FreeBSD 4.2
LBL tcpdump 3.6.3
+ EnGarde Secure Community 2.0
+ EnGarde Secure Community 1.0.1
+ EnGarde Secure Professional 1.5
+ EnGarde Secure Professional 1.2
+ EnGarde Secure Professional 1.1
LBL tcpdump 3.6.2
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ Conectiva Linux 5.1
+ Conectiva Linux 5.0
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ FreeBSD FreeBSD 4.3
+ FreeBSD FreeBSD 4.2
+ FreeBSD FreeBSD 4.1.1
+ FreeBSD FreeBSD 4.1
+ FreeBSD FreeBSD 4.0
+ HP Secure OS software for Linux 1.0
+ MandrakeSoft Corporate Server 1.0.1
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.1
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 alpha
+ S.u.S.E. Linux 8.0
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.1
LBL tcpdump 3.5.2
LBL tcpdump 3.5 alpha
LBL tcpdump 3.5
+ FreeBSD FreeBSD 4.1.1
+ FreeBSD FreeBSD 4.1
+ FreeBSD FreeBSD 4.0
+ FreeBSD FreeBSD 3.x
+ S.u.S.E. Linux 8.0
+ S.u.S.E. Linux 7.3
LBL tcpdump 3.4 a6
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 IA-32
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ Debian Linux 2.2
+ S.u.S.E. Firewall Adminhost VPN
+ S.u.S.E. Linux 7.2
+ S.u.S.E. Linux 7.1
+ S.u.S.E. Linux 7.0
+ S.u.S.E. Linux 6.4
+ S.u.S.E. Linux Admin-CD for Firewall
+ S.u.S.E. Linux Connectivity Server
+ S.u.S.E. Linux Database Server 0
+ S.u.S.E. Linux Enterprise Server for S/390
+ S.u.S.E. Linux Live-CD for Firewall
+ S.u.S.E. SuSE eMail Server III
+ SuSE SUSE Linux Enterprise Server 7
LBL tcpdump 3.4
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 alpha
Gentoo Linux 1.4 _rc3
Gentoo Linux 1.4 _rc2
Gentoo Linux 1.4 _rc1
Gentoo Linux 1.4
Apple Mac OS X Server 10.3.2
Apple Mac OS X Server 10.3.1
Apple Mac OS X Server 10.3
Apple Mac OS X Server 10.2.8
Apple Mac OS X Server 10.2.7
Apple Mac OS X Server 10.2.6
Apple Mac OS X Server 10.2.5
Apple Mac OS X Server 10.2.4
Apple Mac OS X Server 10.2.3
Apple Mac OS X Server 10.2.2
Apple Mac OS X Server 10.2.1
Apple Mac OS X Server 10.2
Apple Mac OS X Server 10.1.5
Apple Mac OS X Server 10.1.4
Apple Mac OS X Server 10.1.3
Apple Mac OS X Server 10.1.2
Apple Mac OS X Server 10.1.1
Apple Mac OS X Server 10.1
Apple Mac OS X 10.3.2
Apple Mac OS X 10.3.1
Apple Mac OS X 10.3
Apple Mac OS X 10.2.8
Apple Mac OS X 10.2.7
Apple Mac OS X 10.2.6
Apple Mac OS X 10.2.5
Apple Mac OS X 10.2.4
Apple Mac OS X 10.2.3
Apple Mac OS X 10.2.2
Apple Mac OS X 10.2.1
Apple Mac OS X 10.2
Apple Mac OS X 10.1.5
Apple Mac OS X 10.1.4
Apple Mac OS X 10.1.3
Apple Mac OS X 10.1.2
Apple Mac OS X 10.1.1
Apple Mac OS X 10.1
Apple Mac OS X 10.1

- 漏洞讨论

It has been reported that tcpdump may be prone to a denial of service vulnerability that may allow a remote attacker to cause the software to enter an infinite loop by sending malformed ISAKMP packets resulting in a crash or hang. Although unconfirmed, remote code execution may be possible.

tcpdump versions prior to 3.8.1 have been reported to be prone to this issue.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Gentoo Linux has released an advisory (GLSA 200404-03) and updates to address this issue. Gentoo advises users to upgrade to the latest available version, it is advised that the net-libs/libpcap package should also be upgraded. This can be accomplished by issuing the following series of commands:
#emerge sync
#emerge -pv ">=net-libs/libpcap-0.8.3-r1" ">=net-analyzer/tcpdump-3.8.3-r1"
#emerge ">=net-libs/libpcap-0.8.3-r1" ">=net-analyzer/tcpdump-3.8.3-r1"

Red Hat has released an advisory for Fedora (FEDORA-2004-090). This advisory contains fixes to address several vulnerabilities in tcpdump. Fedora users may use the up2date utility to obtain and apply appropriate fixes; alternatively users may apply fixes (linked below) manually. See referenced advisory for further details.

Apple has released Security Update 2004-02-23 and fixes to address this issue. See referenced advisory for further details.

SuSE has released an advisory SuSE-SA:2004:002 to address this issue. Please see the referenced advisory for more information.

RedHat has released advisory RHSA-2004:007 to address this issue. Please see the referenced advisory for more information.

RedHat has released advisory RHSA-2004:008 to address this issue. Please see the referenced advisory for more information.

Debian has released advisory DSA-425-1 to address this issue. Please see the referenced advisory for more information.

Mandrake has released advisory MDKSA-2004:008 to address this issue. Please see the referenced advisory for more information.

SGI has released an advisory 20040103-01-U with fixes to address this and other issues. Please see the referenced advisory for more information.

Fedora Legacy (FLSA:1222) has released an advisory including updates for various Red Hat releases. Please see the referenced advisory for more details on obtaining and applying fixes.

SGI has released an advisory 20040202-01-U to address this and other issues in SGI ProPack 2.4. Please see the referenced advisory for more information. Fixes are available below:

SCO has released advisory CSSA-2004-008.0 to address this issue.

RedHat has released an advisory FEDORA-2004-091 to address this and other issues in Fedora. Please see the referenced advisory for more information.

Conectiva has released an advisory CLSA-2004:832 to address this and other issues in tcpdump. Please see the advisory in web references for more information.

SCO has released advisory SCOSA-2004.9 to address this and other issues in tcpdump. Please see the referenced advisory for further information on obtaining fixes.


Red Hat Fedora Core1

Apple Mac OS X 10.2.8

Apple Mac OS X Server 10.2.8

Apple Mac OS X 10.3.2

Apple Mac OS X Server 10.3.2

SGI ProPack 2.3

SGI ProPack 2.4

LBL tcpdump 3.6.2

LBL tcpdump 3.7.1

LBL tcpdump 3.7.2

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站