CVE-2004-0055
CVSS5.0
发布时间 :2004-02-17 00:00:00
修订时间 :2016-10-17 22:40:16
NMCOS    

[原文]The print_attr_string function in print-radius.c for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a RADIUS attribute with a large length value.


[CNNVD]TCPDump畸形RADIUS数据包拒绝服务漏洞(CNNVD-200402-081)

        tcpdump 3.8.1以及之前版本中print-radius.c的print_attr_string函数存在漏洞。远程攻击者可以借助一个具有超大长度变量的RADIUS属性导致服务拒绝(分割错误)。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:lbl:tcpdump:3.7
cpe:/a:lbl:tcpdump:3.6.2
cpe:/a:lbl:tcpdump:3.7.1
cpe:/a:lbl:tcpdump:3.5.2

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:9989The print_attr_string function in print-radius.c for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segment...
oval:org.mitre.oval:def:853Red Hat Enterprise 3 tcpdump Denial of Service via print_attr_string Function
oval:org.mitre.oval:def:850Red Hat tcpdump Denial of Service via print_attr_string Function
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0055
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0055
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200402-081
(官方数据源) CNNVD

- 其它链接及资源

ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2004-008.0.txt
(UNKNOWN)  CALDERA  CSSA-2004-008.0
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.9/SCOSA-2004.9.txt
(UNKNOWN)  SCO  SCOSA-2004.9
ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc
(UNKNOWN)  SGI  20040103-01-U
ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc
(UNKNOWN)  SGI  20040202-01-U
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000832
(UNKNOWN)  CONECTIVA  CLSA-2003:832
http://lists.apple.com/archives/security-announce/2004/Feb/msg00000.html
(UNKNOWN)  APPLE  APPLE-SA-2004-02-23
http://lwn.net/Alerts/66445/
(UNKNOWN)  TRUSTIX  2004-0004
http://marc.info/?l=bugtraq&m=107577418225627&w=2
(UNKNOWN)  BUGTRAQ  20040131 [FLSA-2004:1222] Updated tcpdump resolves security vulnerabilites (resend with correct paths)
http://marc.info/?l=tcpdump-workers&m=107325073018070&w=2
(UNKNOWN)  MLIST  [tcpdump-workers] multiple vulnerabilities in tcpdump 3.8.1
http://www.debian.org/security/2004/dsa-425
(UNKNOWN)  DEBIAN  DSA-425
http://www.kb.cert.org/vuls/id/955526
(VENDOR_ADVISORY)  CERT-VN  VU#955526
http://www.mandriva.com/security/advisories?name=MDKSA-2004:008
(UNKNOWN)  MANDRAKE  MDKSA-2004:008
http://www.redhat.com/archives/fedora-announce-list/2004-March/msg00006.html
(UNKNOWN)  FEDORA  FEDORA-2004-090
http://www.redhat.com/archives/fedora-announce-list/2004-March/msg00009.html
(UNKNOWN)  FEDORA  FEDORA-2004-092
http://www.redhat.com/archives/fedora-announce-list/2004-March/msg00015.html
(UNKNOWN)  MLIST  [fedora-announce-list] 20040311 Re: [SECURITY] Fedora Core 1 Update: tcpdump-3.7.2-8.fc1.1
http://www.redhat.com/archives/fedora-legacy-list/2004-January/msg00726.html
(UNKNOWN)  FEDORA  FLSA:1222
http://www.redhat.com/support/errata/RHSA-2004-008.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2004:008
http://www.securityfocus.com/bid/7090
(VENDOR_ADVISORY)  BID  7090
http://www.securitytracker.com/id?1008735
(UNKNOWN)  SECTRACK  1008735

- 漏洞信息

TCPDump畸形RADIUS数据包拒绝服务漏洞
中危 设计错误
2004-02-17 00:00:00 2009-02-06 00:00:00
远程  
        tcpdump 3.8.1以及之前版本中print-radius.c的print_attr_string函数存在漏洞。远程攻击者可以借助一个具有超大长度变量的RADIUS属性导致服务拒绝(分割错误)。

- 公告与补丁

        Red Hat has released an advisory for Fedora (FEDORA-2004-090). This advisory contains fixes to address several vulnerabilities in tcpdump. Fedora users may use the up2date utility to obtain and apply appropriate fixes; alternatively users may apply fixes (linked below) manually. See referenced advisory for further details.
        Apple has released Security Update 2004-02-23 and fixes to address this issue. See referenced advisory for further details.
        Guardian Digital Security has released a security advisory for EnGarde Secure Linux (ESA-20030430-014). The referenced advisory contains information pertaining to obtaining and applying fixes that address this and other issues. Users are advised to upgrade as soon as possible.
        Red Hat has released a security advisory (RHSA-2003:032-01) that contains fixes addressing this and other tcpdump issues. Users are advised to upgrade as soon as possible.
        OpenPKG has released an advisory OpenPKG-SA-2004.002 to address this and other issues. Please see the referenced advisory for more information.
        Mandrake has released advisory MDKSA-2004:008 to address this issue. Please see the referenced advisory for more information.
        SGI has released an advisory 20040103-01-U with fixes to address this and other issues. Please see the referenced advisory for more information.
        Fedora Legacy (FLSA:1222) has released an advisory including updates for various Red Hat releases. Please see the referenced advisory for more details on obtaining and applying fixes.
        SGI has released an advisory 20040202-01-U to address this and other issues in SGI ProPack 2.4. Please see the referenced advisory for more information.
        SCO has released advisory CSSA-2004-008.0 to address this issue.
        RedHat has released an advisory FEDORA-2004-091 to address this and other issues in Fedora. Please see the referenced advisory for more information.
        Conectiva has released an advisory CLSA-2004:832 to address this and other issues in tcpdump. Please see the advisory in web references for more information.
        SCO has released advisory SCOSA-2004.9 to address this and other issues in tcpdump. Please see the referenced advisory for further information on obtaining fixes.
        Fixes are available below:
        RedHat Fedora Core1
        
        Apple Mac OS X 10.2.8
        
        Apple Mac OS X Server 10.2.8
        
        Apple Mac OS X 10.3.2
        
        Apple Mac OS X Server 10.3.2
        
        SGI ProPack 2.3
        
        SGI ProPack 2.4
        
        LBL tcpdump 3.6.2
        

- 漏洞信息

3557
tcpdump RADIUS print-radius.c DoS
Denial of Service
Loss of Availability

- 漏洞描述

Unknown or Incomplete

- 时间线

2004-01-15 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

TCPDump Malformed RADIUS Packet Denial Of Service Vulnerability
Design Error 7090
Yes No
2003-03-14 12:00:00 2009-07-11 09:06:00
The discovery of this vulnerability has been credited to "Bill Ralph" <wralph@NSWC.NAVY.MIL>

- 受影响的程序版本

SGI ProPack 2.4
SGI ProPack 2.3
SCO Unixware 7.1.3 up
Red Hat Fedora Core1
LBL tcpdump 3.7.1
+ FreeBSD FreeBSD 4.7 -RELEASE
+ FreeBSD FreeBSD 4.7
+ Gentoo Linux 1.4 _rc2
+ Gentoo Linux 1.4 _rc1
+ S.u.S.E. Linux 8.1
LBL tcpdump 3.7
+ FreeBSD FreeBSD 4.6 -RELEASE
+ FreeBSD FreeBSD 4.6
+ FreeBSD FreeBSD 4.5 -STABLE
+ FreeBSD FreeBSD 4.5 -RELEASE
+ FreeBSD FreeBSD 4.5
+ FreeBSD FreeBSD 4.4 -STABLE
+ FreeBSD FreeBSD 4.4 -RELENG
+ FreeBSD FreeBSD 4.4
+ FreeBSD FreeBSD 4.3 -STABLE
+ FreeBSD FreeBSD 4.3 -RELENG
+ FreeBSD FreeBSD 4.3 -RELEASE
+ FreeBSD FreeBSD 4.3
+ FreeBSD FreeBSD 4.2 -STABLE
+ FreeBSD FreeBSD 4.2 -RELEASE
+ FreeBSD FreeBSD 4.2
LBL tcpdump 3.6.2
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ Conectiva Linux 5.1
+ Conectiva Linux 5.0
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ FreeBSD FreeBSD 4.3
+ FreeBSD FreeBSD 4.2
+ FreeBSD FreeBSD 4.1.1
+ FreeBSD FreeBSD 4.1
+ FreeBSD FreeBSD 4.0
+ HP Secure OS software for Linux 1.0
+ MandrakeSoft Corporate Server 1.0.1
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.1
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 alpha
+ S.u.S.E. Linux 8.0
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.1
LBL tcpdump 3.5.2
Apple Mac OS X Server 10.3.2
Apple Mac OS X Server 10.3.1
Apple Mac OS X Server 10.3
Apple Mac OS X Server 10.2.8
Apple Mac OS X Server 10.2.7
Apple Mac OS X Server 10.2.6
Apple Mac OS X Server 10.2.5
Apple Mac OS X Server 10.2.4
Apple Mac OS X Server 10.2.3
Apple Mac OS X Server 10.2.2
Apple Mac OS X Server 10.2.1
Apple Mac OS X Server 10.2
Apple Mac OS X Server 10.1.5
Apple Mac OS X Server 10.1.4
Apple Mac OS X Server 10.1.3
Apple Mac OS X Server 10.1.2
Apple Mac OS X Server 10.1.1
Apple Mac OS X Server 10.1
Apple Mac OS X 10.3.2
Apple Mac OS X 10.3.1
Apple Mac OS X 10.3
Apple Mac OS X 10.2.8
Apple Mac OS X 10.2.7
Apple Mac OS X 10.2.6
Apple Mac OS X 10.2.5
Apple Mac OS X 10.2.4
Apple Mac OS X 10.2.3
Apple Mac OS X 10.2.2
Apple Mac OS X 10.2.1
Apple Mac OS X 10.2
Apple Mac OS X 10.1.5
Apple Mac OS X 10.1.4
Apple Mac OS X 10.1.3
Apple Mac OS X 10.1.2
Apple Mac OS X 10.1.1
Apple Mac OS X 10.1
Apple Mac OS X 10.1
LBL tcpdump 3.7.2
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Multi Network Firewall 2.0
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
+ Turbolinux Turbolinux Advanced Server 6.0
+ Turbolinux Turbolinux Desktop 10.0
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Server 6.5
+ Turbolinux Turbolinux Server 6.1
+ Turbolinux Turbolinux Workstation 8.0
+ Turbolinux Turbolinux Workstation 7.0
+ Turbolinux Turbolinux Workstation 6.1
+ Turbolinux Turbolinux Workstation 6.0

- 不受影响的程序版本

LBL tcpdump 3.7.2
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Multi Network Firewall 2.0
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
+ Turbolinux Turbolinux Advanced Server 6.0
+ Turbolinux Turbolinux Desktop 10.0
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Server 6.5
+ Turbolinux Turbolinux Server 6.1
+ Turbolinux Turbolinux Workstation 8.0
+ Turbolinux Turbolinux Workstation 7.0
+ Turbolinux Turbolinux Workstation 6.1
+ Turbolinux Turbolinux Workstation 6.0

- 漏洞讨论

It has been reported that tcpdump is vulnerable to a denial of service when some packet types are received. By sending a maliciously formatted packet to a system using a vulnerable version of tcpdump, it is possible for a remote user to cause tcpdump to ignore network traffic from the time the packet is received until the application is terminated and restarted.

- 漏洞利用

The following proof of concept has been made available:

nc -u -p 1646 127.0.0.1 1301 &lt; /dev/zero

- 解决方案

Red Hat has released an advisory for Fedora (FEDORA-2004-090). This advisory contains fixes to address several vulnerabilities in tcpdump. Fedora users may use the up2date utility to obtain and apply appropriate fixes; alternatively users may apply fixes (linked below) manually. See referenced advisory for further details.

Apple has released Security Update 2004-02-23 and fixes to address this issue. See referenced advisory for further details.

Guardian Digital Security has released a security advisory for EnGarde Secure Linux (ESA-20030430-014). The referenced advisory contains information pertaining to obtaining and applying fixes that address this and other issues. Users are advised to upgrade as soon as possible.

Red Hat has released a security advisory (RHSA-2003:032-01) that contains fixes addressing this and other tcpdump issues. Users are advised to upgrade as soon as possible.

OpenPKG has released an advisory OpenPKG-SA-2004.002 to address this and other issues. Please see the referenced advisory for more information.

Mandrake has released advisory MDKSA-2004:008 to address this issue. Please see the referenced advisory for more information.

SGI has released an advisory 20040103-01-U with fixes to address this and other issues. Please see the referenced advisory for more information.

Fedora Legacy (FLSA:1222) has released an advisory including updates for various Red Hat releases. Please see the referenced advisory for more details on obtaining and applying fixes.

SGI has released an advisory 20040202-01-U to address this and other issues in SGI ProPack 2.4. Please see the referenced advisory for more information.

SCO has released advisory CSSA-2004-008.0 to address this issue.

RedHat has released an advisory FEDORA-2004-091 to address this and other issues in Fedora. Please see the referenced advisory for more information.

Conectiva has released an advisory CLSA-2004:832 to address this and other issues in tcpdump. Please see the advisory in web references for more information.

SCO has released advisory SCOSA-2004.9 to address this and other issues in tcpdump. Please see the referenced advisory for further information on obtaining fixes.

Fixes are available below:


Red Hat Fedora Core1

Apple Mac OS X 10.2.8

Apple Mac OS X Server 10.2.8

Apple Mac OS X 10.3.2

Apple Mac OS X Server 10.3.2

SGI ProPack 2.3

SGI ProPack 2.4

LBL tcpdump 3.6.2

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站