SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Tcpdump Vendors:   Tcpdump.org
(SCO Issues Fix for UnixWare) tcpdump RADIUS print_attr_string() Parameter Overflow Lets Remote Users Crash the Process
SecurityTracker Alert ID:  1010806
SecurityTracker URL:  http://securitytracker.com/id/1010806
CVE Reference:   CVE-2004-0055   (Links to External Site)
Date:  Jul 29 2004
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3.8.1
Description:   A vulnerability was reported in tcpdump in the processing of RADIUS packets. A remote user can cause the target tcpdump process to crash.

Jonathan Heusser reported that there is a flaw in 'print-radius.c' in the print_attr_string() function, where the 'length' and 'data' parameters are not properly validated. The report also indicates that there is a flaw in the radius_attr_print() function, where an upper limit for the 'rad_attr->len' is not defined.

A remote user can send a specially crafted RADIUS packet to cause the target process to crash.

Impact:   A remote user can crash the tcpdump process.
Solution:   SCO has issued a fix for UnixWare 7.1.3, available at:

ftp://ftp.sco.com/pub/unixware7/713/uw713up/

4e9ca2c8b0ea102ceb56a7061fd2a8e1 uw713up4CDimage.iso
0ba3e06b8b9b2a1c77b9c9f90740f0db uw713up4scoxCDimage.iso
ecc8c95d093352fbdb353fefa2a7f01d uw714CD3image.iso
1273f2719d5629e30c90f6ac890d8be2 uw714udkCDimage.iso
c7a7d80de62ca1ef05dd0531f31c773b scox-wss.iso

md5 is available for download from
ftp://ftp.sco.com/pub/security/tools

Vendor URL:  www.tcpdump.org/ (Links to External Site)
Cause:   Boundary error, Input validation error
Underlying OS:  UNIX (Open UNIX-SCO)
Underlying OS Comments:  UnixWare 7.1.3up

Message History:   This archive entry is a follow-up to the message listed below.
Jan 16 2004 tcpdump RADIUS print_attr_string() Parameter Overflow Lets Remote Users Crash the Process



 Source Message Contents

Subject:  UnixWare 7.1.3up : tcpdump several vulnerabilities in tcpdump.



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


______________________________________________________________________________

			SCO Security Advisory

Subject:		UnixWare 7.1.3up : tcpdump several vulnerabilities in tcpdump.
Advisory number: 	SCOSA-2004.9
Issue date: 		2004 July 28
Cross reference:	sr889195 fz528784 erg712544 
			CAN-2004-0055 CAN-2004-0057 CAN-2003-0989
			CERT Vulnerability Note VU#955526
			CERT Vulnerability Note VU#174086
			CERT Vulnerability Note VU#738518
______________________________________________________________________________


1. Problem Description

	tcpdump is a widely-used network sniffer. 

	The issues with tcpdump are present only on UnixWare 7.1.3up and 
	not on previous versions of UnixWare 7.1.3 or earlier including
	Open Unix 8.0.0, because the version of tcpdump UnixWare 7.1.3 
	and before is 3.4a5 and it doesn't contain these issues.

	Remote  attackers  could  potentially  exploit  these 
	vulnerabilities by sending carefully-crafted network packets 
	to a victim. If the victim is running tcpdump, these packets 	
	could result in a denial of service, or possibly execute 
	arbitrary code. 

	Jonathan Heusser discovered a flaw in the print_attr_string 
	function in the RADIUS decoding routines for tcpdump 3.8.1 
	and earlier. The CERT Coordination Center has assigned the 
	following  Vulnerability  Note  VU#955526.   The  Common 
	Vulnerabilities and Exposures project (cve.mitre.org) has 
	assigned the following name CAN-2004-0055 to this issue. 

	Jonathan Heusser discovered an additional flaw in the ISAKMP 
	decoding routines for tcpdump 3.8.1 and earlier. The CERT 
	Coordination Center has assigned the following Vulnerability 
	Note VU#174086.  The Common Vulnerabilities and Exposures 
	project (cve.mitre.org) has assigned the following name 
	CAN-2004-0057 to this issue.

	George Bakos discovered flaws in the ISAKMP decoding routines
	of tcpdump versions prior to 3.8.1. The CERT Coordination
	Center has assigned the following Vulnerability Note
	VU#738518. The Common Vulnerabilities and Exposures project
	(cve.mitre.org) has assigned the following name CAN-2003-0989
	to this issue. 

2. Vulnerable Supported Versions

	System				Binaries
	----------------------------------------------------------------------
	UnixWare 7.1.3up		/usr/sbin/tcpdump	

3. Solution

	The proper solution is to install the latest packages.


4. UnixWare 7.1.3up

	4.1 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/unixware7/713/uw713up/

	4.2 Verification

	4e9ca2c8b0ea102ceb56a7061fd2a8e1  uw713up4CDimage.iso
	0ba3e06b8b9b2a1c77b9c9f90740f0db  uw713up4scoxCDimage.iso
	ecc8c95d093352fbdb353fefa2a7f01d  uw714CD3image.iso
	1273f2719d5629e30c90f6ac890d8be2  uw714udkCDimage.iso
	c7a7d80de62ca1ef05dd0531f31c773b  scox-wss.iso

	md5 is available for download from
		ftp://ftp.sco.com/pub/security/tools

	4.3 Installing Fixed Binaries

	Please refer to the release notes for installation instructions
	that are located in the same directory as the fixed binaries.

	relnotes-up4.html
	relnotes-up4.txt
	relnotes-up4.pdf

	relnotes-scox-wss.txt
	relnotes-scox-wss.html

	relnotes-udk.txt
	relnotes-udk.html

5. References

	Specific references for this advisory:
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0055 
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0989 
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0057
		http://www.kb.cert.org/vuls/id/174086
		http://www.kb.cert.org/vuls/id/738518
		http://www.kb.cert.org/vuls/id/955526

	SCO security resources:
		http://www.sco.com/support/security/index.html
	SCO security advisories via email
		http://www.sco.com/support/forums/security.html

	This security fix closes SCO incidents sr889195 fz528784
	erg712544.


6. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this web site and/or through our security
	advisories. Our advisories are a service to our customers
	intended to promote secure installation and use of SCO
	products.

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (SCO/UNIX_SVR5)

iD8DBQFBCBFnaqoBO7ipriERAlrEAJ0bcfYHrVxRo/6afuhyWmHpJmbx+wCgkvio
jGTwdQn9Sw5fyrf7BC/7e2g=
=2Spz
-----END PGP SIGNATURE-----

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC