FreeBSD Local Security Checks : FreeBSD Ports: tcpdump

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.52530

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: tcpdump

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following package is affected: tcpdump

CVE-2003-0989
tcpdump before 3.8.1 allows remote attackers to cause a denial of
service (infinite loop) via certain ISAKMP packets, a different
vulnerability than CVE-2004-0057.

CVE-2003-1029
The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote
attackers to cause a denial of service (infinite loop and memory
consumption) via a packet with invalid data to UDP port 1701, which
causes l2tp_avp_print to use a bad length value when calling
print_octets.

CVE-2004-0057
The rawprint function in the ISAKMP decoding routines (print-isakmp.c)
for tcpdump 3.8.1 and earlier allows remote attackers to cause a
denial of service (segmentation fault) via malformed ISAKMP packets
that cause invalid 'len' or 'loc' values to be used in a loop, a
different vulnerability than CVE-2003-0989.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2003-0989
http://lists.apple.com/archives/security-announce/2004/Feb/msg00000.html
BugTraq ID: 9507
http://www.securityfocus.com/bid/9507
Bugtraq: 20040119 [ESA-20040119-002] 'tcpdump' multiple vulnerabilities. (Google Search)
http://www.securityfocus.com/archive/1/350238/30/21640/threaded
Bugtraq: 20040131 [FLSA-2004:1222] Updated tcpdump resolves security vulnerabilites (resend with correct paths) (Google Search)
http://marc.info/?l=bugtraq&m=107577418225627&w=2
Caldera Security Advisory: CSSA-2004-008.0
ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2004-008.0.txt
CERT/CC vulnerability note: VU#738518
http://www.kb.cert.org/vuls/id/738518
Debian Security Information: DSA-425 (Google Search)
http://www.debian.org/security/2004/dsa-425
En Garde Linux Advisory: ESA-20040119-002
http://lwn.net/Alerts/66805/
http://www.redhat.com/archives/fedora-announce-list/2004-March/msg00006.html
http://www.redhat.com/archives/fedora-announce-list/2004-March/msg00009.html
http://www.redhat.com/archives/fedora-legacy-list/2004-January/msg00726.html
http://www.mandriva.com/security/advisories?name=MDKSA-2004:008
http://www.redhat.com/archives/fedora-announce-list/2004-March/msg00015.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10599
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A847
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A852
http://www.redhat.com/support/errata/RHSA-2004-007.html
http://www.redhat.com/support/errata/RHSA-2004-008.html
SCO Security Bulletin: SCOSA-2004.9
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.9/SCOSA-2004.9.txt
http://www.securitytracker.com/id?1008716
http://secunia.com/advisories/10636
http://secunia.com/advisories/10637
http://secunia.com/advisories/10639
http://secunia.com/advisories/10644
http://secunia.com/advisories/10652
http://secunia.com/advisories/10668
http://secunia.com/advisories/10718
http://secunia.com/advisories/11022
http://secunia.com/advisories/11032/
http://secunia.com/advisories/12179/
SGI Security Advisory: 20040103-01-U
ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc
SGI Security Advisory: 20040202-01-U
ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc
SuSE Security Announcement: SuSE-SA:2004:002 (Google Search)
http://lwn.net/Alerts/66445/
Common Vulnerability Exposure (CVE) ID: CVE-2003-1029
Bugtraq: 20031220 Remote crash in tcpdump from OpenBSD (Google Search)
http://marc.info/?l=bugtraq&m=107193841728533&w=2
Bugtraq: 20031221 Re: Remote crash in tcpdump from OpenBSD (Google Search)
http://marc.info/?l=bugtraq&m=107213553214985&w=2
http://marc.info/?l=tcpdump-workers&m=107228187124962&w=2
http://www.securitytracker.com/id?1008748
Common Vulnerability Exposure (CVE) ID: CVE-2004-0057
BugTraq ID: 9423
http://www.securityfocus.com/bid/9423
CERT/CC vulnerability note: VU#174086
http://www.kb.cert.org/vuls/id/174086
http://marc.info/?l=tcpdump-workers&m=107325073018070&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11197
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A851
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A854
XForce ISS Database: tcpdump-rawprint-isakmp-dos(14837)
https://exchange.xforce.ibmcloud.com/vulnerabilities/14837

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.52530
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: tcpdump
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: tcpdump CVE-2003-0989 tcpdump before 3.8.1 allows remote attackers to cause a denial of service (infinite loop) via certain ISAKMP packets, a different vulnerability than CVE-2004-0057. CVE-2003-1029 The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a packet with invalid data to UDP port 1701, which causes l2tp_avp_print to use a bad length value when calling print_octets. CVE-2004-0057 The rawprint function in the ISAKMP decoding routines (print-isakmp.c) for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via malformed ISAKMP packets that cause invalid 'len' or 'loc' values to be used in a loop, a different vulnerability than CVE-2003-0989. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0989 http://lists.apple.com/archives/security-announce/2004/Feb/msg00000.html BugTraq ID: 9507 http://www.securityfocus.com/bid/9507 Bugtraq: 20040119 [ESA-20040119-002] 'tcpdump' multiple vulnerabilities. (Google Search) http://www.securityfocus.com/archive/1/350238/30/21640/threaded Bugtraq: 20040131 [FLSA-2004:1222] Updated tcpdump resolves security vulnerabilites (resend with correct paths) (Google Search) http://marc.info/?l=bugtraq&m=107577418225627&w=2 Caldera Security Advisory: CSSA-2004-008.0 ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2004-008.0.txt CERT/CC vulnerability note: VU#738518 http://www.kb.cert.org/vuls/id/738518 Debian Security Information: DSA-425 (Google Search) http://www.debian.org/security/2004/dsa-425 En Garde Linux Advisory: ESA-20040119-002 http://lwn.net/Alerts/66805/ http://www.redhat.com/archives/fedora-announce-list/2004-March/msg00006.html http://www.redhat.com/archives/fedora-announce-list/2004-March/msg00009.html http://www.redhat.com/archives/fedora-legacy-list/2004-January/msg00726.html http://www.mandriva.com/security/advisories?name=MDKSA-2004:008 http://www.redhat.com/archives/fedora-announce-list/2004-March/msg00015.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10599 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A847 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A852 http://www.redhat.com/support/errata/RHSA-2004-007.html http://www.redhat.com/support/errata/RHSA-2004-008.html SCO Security Bulletin: SCOSA-2004.9 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.9/SCOSA-2004.9.txt http://www.securitytracker.com/id?1008716 http://secunia.com/advisories/10636 http://secunia.com/advisories/10637 http://secunia.com/advisories/10639 http://secunia.com/advisories/10644 http://secunia.com/advisories/10652 http://secunia.com/advisories/10668 http://secunia.com/advisories/10718 http://secunia.com/advisories/11022 http://secunia.com/advisories/11032/ http://secunia.com/advisories/12179/ SGI Security Advisory: 20040103-01-U ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc SGI Security Advisory: 20040202-01-U ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc SuSE Security Announcement: SuSE-SA:2004:002 (Google Search) http://lwn.net/Alerts/66445/ Common Vulnerability Exposure (CVE) ID: CVE-2003-1029 Bugtraq: 20031220 Remote crash in tcpdump from OpenBSD (Google Search) http://marc.info/?l=bugtraq&m=107193841728533&w=2 Bugtraq: 20031221 Re: Remote crash in tcpdump from OpenBSD (Google Search) http://marc.info/?l=bugtraq&m=107213553214985&w=2 http://marc.info/?l=tcpdump-workers&m=107228187124962&w=2 http://www.securitytracker.com/id?1008748 Common Vulnerability Exposure (CVE) ID: CVE-2004-0057 BugTraq ID: 9423 http://www.securityfocus.com/bid/9423 CERT/CC vulnerability note: VU#174086 http://www.kb.cert.org/vuls/id/174086 http://marc.info/?l=tcpdump-workers&m=107325073018070&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11197 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A851 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A854 XForce ISS Database: tcpdump-rawprint-isakmp-dos(14837) https://exchange.xforce.ibmcloud.com/vulnerabilities/14837
Copyright	Copyright (C) 2008 E-Soft Inc.