CVE-2004-0184: Integer Underflow

Q: What is the severity of CVE-2004-0184?

CVE-2004-0184 is classified as a denial of service vulnerability.

Q: How do I fix CVE-2004-0184?

The best way to fix CVE-2004-0184 is to upgrade to a version of TCPDUMP later than 3.8.1.

Q: What systems are affected by CVE-2004-0184?

CVE-2004-0184 affects TCPDUMP versions 3.8.1 and earlier.

Q: What kind of attack does CVE-2004-0184 enable?

CVE-2004-0184 enables remote attackers to cause a denial of service by sending a crafted ISAKMP packet.

Q: What is the cause of the vulnerability in CVE-2004-0184?

The cause of CVE-2004-0184 is an integer underflow during byte order conversion in the isakmp_id_print function.

Published Apr 6, 2004

Updated

Integer underflow in the isakmpidprint for TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with an Identification payload with a length that becomes less than 8 during byte order conversion, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite.

Affected Software

2 affected components

tcpdump tcpdump<=3.8.1

Lbl Tcpdump<=3.8.1

Remediation

Patch Available

http://www.debian.org/security/2004/dsa-478

Event History

Apr 6, 2004

CVE Published

via MITRE·08:00 AM

Data Sourced

via MITRE·08:00 AM

Description

Frequently Asked Questions

What is the severity of CVE-2004-0184?

CVE-2004-0184 is classified as a denial of service vulnerability.

How do I fix CVE-2004-0184?

The best way to fix CVE-2004-0184 is to upgrade to a version of TCPDUMP later than 3.8.1.

What systems are affected by CVE-2004-0184?