Vulnerability Note VU#955526
tcpdump contains vulnerability in RADIUS decoding function print_attr_string() in print-radius.c
Overview
tcpdump contains a vulnerability in the way it parses Remote Authentication Dial In User Service (RADIUS) packets.
Description
tcpdump is a widely used network sniffer that is capable of decoding RADIUS packets. A vulnerability exists in the way the tcpdump print_attr_string() function (in print-radius.c) parses RADIUS attributes containing overly long length values. For more information, please see RHSA-2004-007. |
Impact
A remote attacker could cause a denial of service or possibly execute arbitrary code with privileges of the tcpdump process. |
Solution
Upgrade or Apply Patch Upgrade or apply a patch as specified by your vendor. |
Systems Affected (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| Debian | Affected | 16 Jan 2004 | 21 Jan 2004 |
| Guardian Digital Inc. | Affected | 16 Jan 2004 | 21 Jan 2004 |
| OpenPKG | Affected | - | 21 Jan 2004 |
| Red Hat Inc. | Affected | 16 Jan 2004 | 21 Jan 2004 |
| SuSE Inc. | Affected | 16 Jan 2004 | 21 Jan 2004 |
| tcpdump.org | Affected | - | 21 Jan 2004 |
| Trusix | Affected | - | 21 Jan 2004 |
| TurboLinux | Affected | 16 Jan 2004 | 22 Jan 2004 |
| Hitachi | Not Affected | 16 Jan 2004 | 22 Jan 2004 |
| Openwall GNU/*/Linux | Not Affected | 16 Jan 2004 | 21 Jan 2004 |
| Apple Computer Inc. | Unknown | - | 21 Jan 2004 |
| Conectiva | Unknown | 16 Jan 2004 | 21 Jan 2004 |
| Cray Inc. | Unknown | - | 21 Jan 2004 |
| EMC Corporation | Unknown | 16 Jan 2004 | 21 Jan 2004 |
| FreeBSD | Unknown | 16 Jan 2004 | 21 Jan 2004 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | N/A | N/A |
| Temporal | N/A | N/A |
| Environmental | N/A | N/A |
References
- http://marc.theaimsgroup.com/?l=tcpdump-workers&m=107325073018070&w=2
- http://rhn.redhat.com/errata/RHSA-2004-007.html
- http://www.secunia.com/advisories/10636/
- http://www.freeradius.org/rfc/attributes.html
- http://www.tcpdump.org/
- http://www.securityfocus.com/bid/7090
- http://xforce.iss.net/xforce/xfdb/14836
Credit
This vulnerability was originally reported by Red Hat, Inc. Red Hat, in turn, credits Jonathan Heusser for discovering this vulnerability.
This document was written by Damon Morda.
Other Information
- CVE IDs: CAN-2004-0055
- Date Public: 14 Jan 2004
- Date First Published: 16 Jan 2004
- Date Last Updated: 19 Mar 2004
- Severity Metric: 2.95
- Document Revision: 17
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.