CVE ID:	CVE-2004-0184
Description:	Integer underflow in the isakmp_id_print for TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with an Identification payload with a length that becomes less than 8 during byte order conversion, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite.
Test IDs:	1.3.6.1.4.1.25623.1.0.54281   1.3.6.1.4.1.25623.1.0.52483
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0184 Bugtraq: 20040330 R7-0017: TCPDUMP ISAKMP payload handling denial-of-service vulnerabilities (Google Search) http://marc.theaimsgroup.com/?l=bugtraq&m=108067265931525&w=2 http://www.rapid7.com/advisories/R7-0017.html Debian Security Information: DSA-478 (Google Search) http://www.debian.org/security/2004/dsa-478 https://bugzilla.fedora.us/show_bug.cgi?id=1468 RedHat Security Advisories: RHSA-2004:219 http://www.redhat.com/support/errata/RHSA-2004-219.html http://www.trustix.org/errata/2004/0015 CERT/CC vulnerability note: VU#492558 http://www.kb.cert.org/vuls/id/492558 BugTraq ID: 10004 http://www.securityfocus.com/bid/10004 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:976 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9581 http://securitytracker.com/id?1009593 http://secunia.com/advisories/11258 XForce ISS Database: tcpdump-isakmp-integer-underflow(15679) http://xforce.iss.net/xforce/xfdb/15679

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: