Test ID:	1.3.6.1.4.1.25623.1.0.50988
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2003:085
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2003:085. Tcpdump is a command-line tool for monitoring network traffic. The ISAKMP parser in tcpdump 3.6 through 3.7.1 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed ISAKMP packet to UDP port 500, which causes tcpdump to enter an infinite loop. Users of tcpdump are advised to upgrade to these errata packages which contain a patch to correct this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2003-085.html http://www.idefense.com/advisory/02.27.03.txt Risk factor : Medium CVSS Score: 5.0
Cross-Ref:	BugTraq ID: 6974 Common Vulnerability Exposure (CVE) ID: CVE-2003-0108 http://www.securityfocus.com/bid/6974 Bugtraq: 20030227 iDEFENSE Security Advisory 02.27.03: TCPDUMP Denial of Service Vulnerability in ISAKMP Packet Parsin (Google Search) http://marc.info/?l=bugtraq&m=104637420104189&w=2 Bugtraq: 20030304 [OpenPKG-SA-2003.014] OpenPKG Security Advisory (tcpdump) (Google Search) http://marc.info/?l=bugtraq&m=104678787109030&w=2 Conectiva Linux advisory: CLA-2003:629 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000629 Debian Security Information: DSA-255 (Google Search) http://www.debian.org/security/2003/dsa-255 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:027 http://www.idefense.com/advisory/02.27.03.txt http://www.redhat.com/support/errata/RHSA-2003-032.html http://www.redhat.com/support/errata/RHSA-2003-085.html http://www.redhat.com/support/errata/RHSA-2003-214.html SuSE Security Announcement: SuSE-SA:2003:0015 (Google Search) http://www.novell.com/linux/security/advisories/2003_015_tcpdump.html http://www.iss.net/security_center/static/11434.php
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.