CVE-2003-0108

isakmp_sub_print in tcpdump 3.6 through 3.7.1 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed ISAKMP packet to UDP port 500, which causes tcpdump to enter an infinite loop.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000629
http://marc.info/?l=bugtraq&m=104637420104189&w=2
http://marc.info/?l=bugtraq&m=104678787109030&w=2
http://www.debian.org/security/2003/dsa-255	Patch Vendor Advisory
http://www.idefense.com/advisory/02.27.03.txt	Patch Vendor Advisory
http://www.iss.net/security_center/static/11434.php	Vendor Advisory
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:027
http://www.novell.com/linux/security/advisories/2003_015_tcpdump.html
http://www.redhat.com/support/errata/RHSA-2003-032.html
http://www.redhat.com/support/errata/RHSA-2003-085.html
http://www.redhat.com/support/errata/RHSA-2003-214.html
http://www.securityfocus.com/bid/6974	Patch Vendor Advisory
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000629
http://marc.info/?l=bugtraq&m=104637420104189&w=2
http://marc.info/?l=bugtraq&m=104678787109030&w=2
http://www.debian.org/security/2003/dsa-255	Patch Vendor Advisory
http://www.idefense.com/advisory/02.27.03.txt	Patch Vendor Advisory
http://www.iss.net/security_center/static/11434.php	Vendor Advisory
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:027
http://www.novell.com/linux/security/advisories/2003_015_tcpdump.html
http://www.redhat.com/support/errata/RHSA-2003-032.html
http://www.redhat.com/support/errata/RHSA-2003-085.html
http://www.redhat.com/support/errata/RHSA-2003-214.html
http://www.securityfocus.com/bid/6974	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:lbl:tcpdump:3.5.2:::::::*
	cpe:2.3:a:lbl:tcpdump:3.6.2:::::::*
	cpe:2.3:a:lbl:tcpdump:3.7:::::::*
	cpe:2.3:a:lbl:tcpdump:3.7.1:::::::*

History

20 Nov 2024, 23:43

Type	Values Removed	Values Added
References	~~() http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000629 -~~	() http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000629 -
References	~~() http://marc.info/?l=bugtraq&m=104637420104189&w=2 -~~	() http://marc.info/?l=bugtraq&m=104637420104189&w=2 -
References	~~() http://marc.info/?l=bugtraq&m=104678787109030&w=2 -~~	() http://marc.info/?l=bugtraq&m=104678787109030&w=2 -
References	~~() http://www.debian.org/security/2003/dsa-255 - Patch, Vendor Advisory~~	() http://www.debian.org/security/2003/dsa-255 - Patch, Vendor Advisory
References	~~() http://www.idefense.com/advisory/02.27.03.txt - Patch, Vendor Advisory~~	() http://www.idefense.com/advisory/02.27.03.txt - Patch, Vendor Advisory
References	~~() http://www.iss.net/security_center/static/11434.php - Vendor Advisory~~	() http://www.iss.net/security_center/static/11434.php - Vendor Advisory
References	~~() http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:027 -~~	() http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:027 -
References	~~() http://www.novell.com/linux/security/advisories/2003_015_tcpdump.html -~~	() http://www.novell.com/linux/security/advisories/2003_015_tcpdump.html -
References	~~() http://www.redhat.com/support/errata/RHSA-2003-032.html -~~	() http://www.redhat.com/support/errata/RHSA-2003-032.html -
References	~~() http://www.redhat.com/support/errata/RHSA-2003-085.html -~~	() http://www.redhat.com/support/errata/RHSA-2003-085.html -
References	~~() http://www.redhat.com/support/errata/RHSA-2003-214.html -~~	() http://www.redhat.com/support/errata/RHSA-2003-214.html -
References	~~() http://www.securityfocus.com/bid/6974 - Patch, Vendor Advisory~~	() http://www.securityfocus.com/bid/6974 - Patch, Vendor Advisory

Information

Published : 2003-03-07 05:00

Updated : 2024-11-20 23:43

NVD link : CVE-2003-0108

Mitre link : CVE-2003-0108

CVE.ORG link : CVE-2003-0108

JSON object : View

Products Affected

lbl

tcpdump

CWE

NVD-CWE-Other

5.0 /10