Test Kennung:	1.3.6.1.4.1.25623.1.0.52530
Kategorie:	FreeBSD Local Security Checks
Titel:	FreeBSD Ports: tcpdump
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing an update to the system as announced in the referenced advisory. The following package is affected: tcpdump CVE-2003-0989 tcpdump before 3.8.1 allows remote attackers to cause a denial of service (infinite loop) via certain ISAKMP packets, a different vulnerability than CVE-2004-0057. CVE-2003-1029 The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a packet with invalid data to UDP port 1701, which causes l2tp_avp_print to use a bad length value when calling print_octets. CVE-2004-0057 The rawprint function in the ISAKMP decoding routines (print-isakmp.c) for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via malformed ISAKMP packets that cause invalid 'len' or 'loc' values to be used in a loop, a different vulnerability than CVE-2003-0989. Solution: Update your system with the appropriate patches or software upgrades. http://www.tcpdump.org/lists/workers/2003/12/msg00083.html http://marc.theaimsgroup.com/?l=tcpdump-workers&m=107325073018070&w=2 http://www.vuxml.org/freebsd/96ba2dae-4ab0-11d8-96f2-0020ed76ef5a.html CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0989 http://lists.apple.com/archives/security-announce/2004/Feb/msg00000.html BugTraq ID: 9507 http://www.securityfocus.com/bid/9507 Bugtraq: 20040119 [ESA-20040119-002] 'tcpdump' multiple vulnerabilities. (Google Search) http://www.securityfocus.com/archive/1/350238/30/21640/threaded Bugtraq: 20040131 [FLSA-2004:1222] Updated tcpdump resolves security vulnerabilites (resend with correct paths) (Google Search) http://marc.info/?l=bugtraq&m=107577418225627&w=2 Caldera Security Advisory: CSSA-2004-008.0 ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2004-008.0.txt CERT/CC vulnerability note: VU#738518 http://www.kb.cert.org/vuls/id/738518 Debian Security Information: DSA-425 (Google Search) http://www.debian.org/security/2004/dsa-425 En Garde Linux Advisory: ESA-20040119-002 http://lwn.net/Alerts/66805/ http://www.redhat.com/archives/fedora-announce-list/2004-March/msg00006.html http://www.redhat.com/archives/fedora-announce-list/2004-March/msg00009.html http://www.redhat.com/archives/fedora-legacy-list/2004-January/msg00726.html http://www.mandriva.com/security/advisories?name=MDKSA-2004:008 http://www.redhat.com/archives/fedora-announce-list/2004-March/msg00015.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10599 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A847 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A852 http://www.redhat.com/support/errata/RHSA-2004-007.html http://www.redhat.com/support/errata/RHSA-2004-008.html SCO Security Bulletin: SCOSA-2004.9 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.9/SCOSA-2004.9.txt http://www.securitytracker.com/id?1008716 http://secunia.com/advisories/10636 http://secunia.com/advisories/10637 http://secunia.com/advisories/10639 http://secunia.com/advisories/10644 http://secunia.com/advisories/10652 http://secunia.com/advisories/10668 http://secunia.com/advisories/10718 http://secunia.com/advisories/11022 http://secunia.com/advisories/11032/ http://secunia.com/advisories/12179/ SGI Security Advisory: 20040103-01-U ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc SGI Security Advisory: 20040202-01-U ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc SuSE Security Announcement: SuSE-SA:2004:002 (Google Search) http://lwn.net/Alerts/66445/ Common Vulnerability Exposure (CVE) ID: CVE-2003-1029 Bugtraq: 20031220 Remote crash in tcpdump from OpenBSD (Google Search) http://marc.info/?l=bugtraq&m=107193841728533&w=2 Bugtraq: 20031221 Re: Remote crash in tcpdump from OpenBSD (Google Search) http://marc.info/?l=bugtraq&m=107213553214985&w=2 http://marc.info/?l=tcpdump-workers&m=107228187124962&w=2 http://www.securitytracker.com/id?1008748 Common Vulnerability Exposure (CVE) ID: CVE-2004-0057 BugTraq ID: 9423 http://www.securityfocus.com/bid/9423 CERT/CC vulnerability note: VU#174086 http://www.kb.cert.org/vuls/id/174086 http://marc.info/?l=tcpdump-workers&m=107325073018070&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11197 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A851 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A854 XForce ISS Database: tcpdump-rawprint-isakmp-dos(14837) https://exchange.xforce.ibmcloud.com/vulnerabilities/14837
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.