Vulnerabilities > CVE-2002-1350 - Unspecified vulnerability in LBL Tcpdump
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The BGP decoding routines in tcpdump 3.6.x before 3.7 do not properly copy data, which allows remote attackers to cause a denial of service (application crash).
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-206.NASL description The BGP decoding routines for tcpdump used incorrect bounds checking when copying data. This could be abused by introducing malicious traffic on a sniffed network for a denial of service attack against tcpdump, or possibly even remote code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 15043 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15043 title Debian DSA-206-1 : tcpdump - denial of service code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-206. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(15043); script_version("1.17"); script_cvs_date("Date: 2019/08/02 13:32:17"); script_cve_id("CVE-2002-1350"); script_bugtraq_id(6213); script_xref(name:"DSA", value:"206"); script_name(english:"Debian DSA-206-1 : tcpdump - denial of service"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "The BGP decoding routines for tcpdump used incorrect bounds checking when copying data. This could be abused by introducing malicious traffic on a sniffed network for a denial of service attack against tcpdump, or possibly even remote code execution." ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2002/dsa-206" ); script_set_attribute( attribute:"solution", value:"This has been fixed in version 3.6.2-2.2." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:tcpdump"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0"); script_set_attribute(attribute:"patch_publication_date", value:"2002/12/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.0", prefix:"tcpdump", reference:"3.6.2-2.2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2003-027.NASL description A vulnerability was discovered by Andrew Griffiths and iDEFENSE Labs in the tcpdump program. By sending a specially crafted network packet, an attacker is able to to cause tcpdump to enter an infinite loop. In addition, the tcpdump developers found a potential infinite loop when tcpdump parses malformed BGP packets. A buffer overflow was also discovered that can be exploited with certain malformed NFS packets. last seen 2020-06-01 modified 2020-06-02 plugin id 14011 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14011 title Mandrake Linux Security Advisory : tcpdump (MDKSA-2003:027) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2003:027. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(14011); script_version ("1.17"); script_cvs_date("Date: 2019/08/02 13:32:46"); script_cve_id("CVE-2002-1350", "CVE-2003-0093", "CVE-2003-0108", "CVE-2003-0145"); script_xref(name:"MDKSA", value:"2003:027"); script_name(english:"Mandrake Linux Security Advisory : tcpdump (MDKSA-2003:027)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A vulnerability was discovered by Andrew Griffiths and iDEFENSE Labs in the tcpdump program. By sending a specially crafted network packet, an attacker is able to to cause tcpdump to enter an infinite loop. In addition, the tcpdump developers found a potential infinite loop when tcpdump parses malformed BGP packets. A buffer overflow was also discovered that can be exploited with certain malformed NFS packets." ); script_set_attribute( attribute:"solution", value: "Update the affected libpcap0, libpcap0-devel and / or tcpdump packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libpcap0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libpcap0-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tcpdump"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.0"); script_set_attribute(attribute:"patch_publication_date", value:"2003/03/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"libpcap0-0.7.2-1.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"libpcap0-devel-0.7.2-1.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"tcpdump-3.7.2-1.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"libpcap0-0.7.2-1.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"libpcap0-devel-0.7.2-1.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"tcpdump-3.7.2-1.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"libpcap0-0.7.2-1.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"libpcap0-devel-0.7.2-1.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"tcpdump-3.7.2-1.1mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2003-033.NASL description Updated tcpdump, libpcap, and arpwatch packages are available to fix an incorrect bounds check when decoding BGP packets and a possible denial of service. Tcpdump is a command-line tool for monitoring network traffic. The BGP decoding routines in tcpdump before version 3.6.2 used incorrect bounds checking when copying data, which allows remote attackers to cause a denial of service and possibly execute arbitrary code (as the last seen 2020-06-01 modified 2020-06-02 plugin id 12358 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12358 title RHEL 2.1 : tcpdump (RHSA-2003:033) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2003:033. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(12358); script_version ("1.25"); script_cvs_date("Date: 2019/10/25 13:36:10"); script_cve_id("CVE-2002-1350", "CVE-2003-0093"); script_xref(name:"RHSA", value:"2003:033"); script_name(english:"RHEL 2.1 : tcpdump (RHSA-2003:033)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated tcpdump, libpcap, and arpwatch packages are available to fix an incorrect bounds check when decoding BGP packets and a possible denial of service. Tcpdump is a command-line tool for monitoring network traffic. The BGP decoding routines in tcpdump before version 3.6.2 used incorrect bounds checking when copying data, which allows remote attackers to cause a denial of service and possibly execute arbitrary code (as the 'pcap' user). If a UDP packet from a radius port contains 0 at the second byte tcpdump gets stuck in a loop that generating an infinite stream of '#0#0#0#0#0'. This could be used as a denial of service. Users of tcpdump are advised to upgrade to these errata packages which contain patches to correct thes issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2002-1350" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2003-0093" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2003:033" ); script_set_attribute( attribute:"solution", value:"Update the affected arpwatch, libpcap and / or tcpdump packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:arpwatch"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libpcap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tcpdump"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2002/12/23"); script_set_attribute(attribute:"patch_publication_date", value:"2003/02/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); if (cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i386", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2003:033"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"arpwatch-2.1a11-12.2.1AS.1")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"libpcap-0.6.2-12.2.1AS.1")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"tcpdump-3.6.2-12.2.1AS.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "arpwatch / libpcap / tcpdump"); } }
Redhat
| advisories |
|
References
- ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-050.0.txt
- http://marc.info/?l=bugtraq&m=104032975103398&w=2
- http://www.debian.org/security/2002/dsa-206
- http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:027
- http://www.redhat.com/support/errata/RHSA-2003-032.html
- http://www.redhat.com/support/errata/RHSA-2003-033.html
- http://www.redhat.com/support/errata/RHSA-2003-214.html
- http://www.securityfocus.com/bid/6213
- http://www.tcpdump.org/lists/workers/2001/10/msg00101.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10695