Test Kennung:	1.3.6.1.4.1.25623.1.0.52483
Kategorie:	FreeBSD Local Security Checks
Titel:	FreeBSD Ports: tcpdump
Zusammenfassung:	The remote host is missing an update to the system; as announced in the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following packages are affected: tcpdump, racoon CVE-2004-0183 TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via ISAKMP packets containing a Delete payload with a large number of SPI's, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite. CVE-2004-0184 Integer underflow in the isakmp_id_print for TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with an Identification payload with a length that becomes less than 8 during byte order conversion, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0183 BugTraq ID: 10003 http://www.securityfocus.com/bid/10003 Bugtraq: 20040330 R7-0017: TCPDUMP ISAKMP payload handling denial-of-service vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=108067265931525&w=2 CERT/CC vulnerability note: VU#240790 http://www.kb.cert.org/vuls/id/240790 Debian Security Information: DSA-478 (Google Search) http://www.debian.org/security/2004/dsa-478 https://bugzilla.fedora.us/show_bug.cgi?id=1468 http://www.rapid7.com/advisories/R7-0017.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A972 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9971 http://www.redhat.com/support/errata/RHSA-2004-219.html http://securitytracker.com/id?1009593 http://secunia.com/advisories/11258 http://secunia.com/advisories/11320 http://www.trustix.org/errata/2004/0015 XForce ISS Database: tcpdump-isakmp-delete-bo(15680) https://exchange.xforce.ibmcloud.com/vulnerabilities/15680 Common Vulnerability Exposure (CVE) ID: CVE-2004-0184 BugTraq ID: 10004 http://www.securityfocus.com/bid/10004 CERT/CC vulnerability note: VU#492558 http://www.kb.cert.org/vuls/id/492558 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9581 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A976 XForce ISS Database: tcpdump-isakmp-integer-underflow(15679) https://exchange.xforce.ibmcloud.com/vulnerabilities/15679
Copyright	Copyright (C) 2008 E-Soft Inc.

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.