RHSA-2004:007

Vulnerability from csaf_redhat - Published: 2004-01-14 19:43 - Updated: 2025-11-21 17:26
Summary
Red Hat Security Advisory: : : : Updated tcpdump packages fix various vulnerabilities

Notes

Topic
Updated tcpdump, libpcap, and arpwatch packages fix vulnerabilities in ISAKMP and RADIUS parsing. [Updated 15 Jan 2004] Updated the text description to better describe the vulnerabilities found by Jonathan Heusser and give them CVE names.
Details
Tcpdump is a command-line tool for monitoring network traffic. George Bakos discovered flaws in the ISAKMP decoding routines of tcpdump versions prior to 3.8.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0989 to this issue. Jonathan Heusser discovered an additional flaw in the ISAKMP decoding routines for tcpdump 3.8.1 and earlier. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0057 to this issue. Jonathan Heusser discovered a flaw in the print_attr_string function in the RADIUS decoding routines for tcpdump 3.8.1 and earlier. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0055 to this issue. Remote attackers could potentially exploit these issues by sending carefully-crafted packets to a victim. If the victim uses tcpdump, these pakets could result in a denial of service, or possibly execute arbitrary code as the 'pcap' user. Users of tcpdump are advised to upgrade to these erratum packages, which contain backported security patches and are not vulnerable to these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
To clipboard 

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated tcpdump, libpcap, and arpwatch packages fix vulnerabilities in\nISAKMP and RADIUS parsing. \n\n[Updated 15 Jan 2004]\nUpdated the text description to better describe the vulnerabilities found\nby Jonathan Heusser and give them CVE names.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Tcpdump is a command-line tool for monitoring network traffic. \n\nGeorge Bakos discovered flaws in the ISAKMP decoding routines of tcpdump\nversions prior to 3.8.1.  The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2003-0989 to this issue.\n\nJonathan Heusser discovered an additional flaw in the ISAKMP decoding\nroutines for tcpdump 3.8.1 and earlier.  The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CAN-2004-0057 to\nthis issue.\n\nJonathan Heusser discovered a flaw in the print_attr_string function in the\nRADIUS decoding routines for tcpdump 3.8.1 and earlier.  The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCAN-2004-0055 to this issue.\n\nRemote attackers could potentially exploit these issues by sending\ncarefully-crafted packets to a victim.  If the victim uses tcpdump, these\npakets could result in a denial of service, or possibly execute arbitrary\ncode as the \u0027pcap\u0027 user.\n\nUsers of tcpdump are advised to upgrade to these erratum packages, which\ncontain backported security patches and are not vulnerable to these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2004:007",
        "url": "https://access.redhat.com/errata/RHSA-2004:007"
      },
      {
        "category": "external",
        "summary": "http://marc.theaimsgroup.com/?l=tcpdump-workrs\u0026m=107325073018070",
        "url": "http://marc.theaimsgroup.com/?l=tcpdump-workrs\u0026m=107325073018070"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2004/rhsa-2004_007.json"
      }
    ],
    "title": "Red Hat Security Advisory: : : : Updated tcpdump packages fix various vulnerabilities",
    "tracking": {
      "current_release_date": "2025-11-21T17:26:53+00:00",
      "generator": {
        "date": "2025-11-21T17:26:53+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2004:007",
      "initial_release_date": "2004-01-14T19:43:00+00:00",
      "revision_history": [
        {
          "date": "2004-01-14T19:43:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2004-01-07T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:26:53+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Linux 9",
                "product": {
                  "name": "Red Hat Linux 9",
                  "product_id": "Red Hat Linux 9",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2003-0989",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617118"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "tcpdump before 3.8.1 allows remote attackers to cause a denial of service (infinite loop) via certain ISAKMP packets, a different vulnerability than CVE-2004-0057.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Linux 9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2003-0989"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617118",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617118"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0989",
          "url": "https://www.cve.org/CVERecord?id=CVE-2003-0989"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0989",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0989"
        }
      ],
      "release_date": "2004-01-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-01-14T19:43:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nPlease note that this update is available via Red Hat Network.  To use Red\nHat Network, launch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Linux 9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:007"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2004-0055",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617135"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The print_attr_string function in print-radius.c for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a RADIUS attribute with a large length value.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Linux 9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0055"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617135",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617135"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0055",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0055"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0055",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0055"
        }
      ],
      "release_date": "2004-01-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-01-14T19:43:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nPlease note that this update is available via Red Hat Network.  To use Red\nHat Network, launch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Linux 9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:007"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2004-0057",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617136"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The rawprint function in the ISAKMP decoding routines (print-isakmp.c) for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via malformed ISAKMP packets that cause invalid \"len\" or \"loc\" values to be used in a loop, a different vulnerability than CVE-2003-0989.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Linux 9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0057"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617136",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617136"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0057",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0057"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0057",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0057"
        }
      ],
      "release_date": "2004-01-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-01-14T19:43:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nPlease note that this update is available via Red Hat Network.  To use Red\nHat Network, launch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Linux 9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:007"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "security flaw"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.