CVE-2004-0055 : The print_attr_string function in print-radius.c for tcpdump 3.8.1 and earlier a

The print_attr_string function in print-radius.c for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a RADIUS attribute with a large length value.

Published 2004-02-17 05:00:00

Updated 2025-04-03 01:03:51

Source MITRE

View at NVD, CVE.org

Vulnerability category: Memory CorruptionDenial of service

Products affected by CVE-2004-0055

LBL » Tcpdump » Version: 3.6.2
cpe:2.3:a:lbl:tcpdump:3.6.2:*:*:*:*:*:*:*
Matching versions
LBL » Tcpdump » Version: 3.5.2
cpe:2.3:a:lbl:tcpdump:3.5.2:*:*:*:*:*:*:*
Matching versions
LBL » Tcpdump » Version: 3.7
cpe:2.3:a:lbl:tcpdump:3.7:*:*:*:*:*:*:*
Matching versions
LBL » Tcpdump » Version: 3.7.1
cpe:2.3:a:lbl:tcpdump:3.7.1:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2004-0055

EPSS FAQ

31.32%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 96 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2004-0055

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

References for CVE-2004-0055

http://secunia.com/advisories/10718

About Secunia Research | Flexera

CVEs referencing this url
http://www.redhat.com/archives/fedora-announce-list/2004-March/msg00009.html

[SECURITY] Fedora Core 1 Update: tcpdump-3.7.2-8.fc1.1

CVEs referencing this url
http://lists.apple.com/archives/security-announce/2004/Feb/msg00000.html

Apple - Lists.apple.com

CVEs referencing this url
http://www.redhat.com/archives/fedora-announce-list/2004-March/msg00015.html

[SECURITY] Fedora Core 1 Update: tcpdump-3.7.2-8.fc1.1

CVEs referencing this url
http://www.securityfocus.com/bid/7090

Exploit;Patch;Vendor Advisory
ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2004-008.0.txt

CVEs referencing this url
http://secunia.com/advisories/10639

About Secunia Research | Flexera

CVEs referencing this url
http://marc.info/?l=tcpdump-workers&m=107325073018070&w=2

'[tcpdump-workers] multiple vulnerabilities in tcpdump 3.8.1' - MARC

CVEs referencing this url
http://secunia.com/advisories/12179/

About Secunia Research | Flexera

CVEs referencing this url
ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc

CVEs referencing this url
http://secunia.com/advisories/10652

About Secunia Research | Flexera

CVEs referencing this url
http://marc.info/?l=bugtraq&m=107577418225627&w=2

'[FLSA-2004:1222] Updated tcpdump resolves security vulnerabilites (resend with correct paths)' - MARC

CVEs referencing this url
http://secunia.com/advisories/10644

About Secunia Research | Flexera

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A850

404 Not Found
http://www.redhat.com/archives/fedora-legacy-list/2004-January/msg00726.html

[FLSA-2004:1222] Updated tcpdump resolves security vulnerabilites (resend with correct paths)

CVEs referencing this url
http://www.mandriva.com/security/advisories?name=MDKSA-2004:008

Mandriva

CVEs referencing this url
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.9/SCOSA-2004.9.txt

CVEs referencing this url
http://www.kb.cert.org/vuls/id/955526

VU#955526 - tcpdump contains vulnerability in RADIUS decoding function print_attr_string() in print-radius.c
Third Party Advisory;US Government Resource
http://secunia.com/advisories/10636

About Secunia Research | Flexera

CVEs referencing this url
http://lwn.net/Alerts/66445/

Trustix alert 2004-0004 (tcpdump) [LWN.net]

CVEs referencing this url
http://secunia.com/advisories/11032/

About Secunia Research | Flexera

CVEs referencing this url
http://www.redhat.com/archives/fedora-announce-list/2004-March/msg00006.html

[SECURITY] Fedora Core 1 Update: tcpdump-3.7.2-7.fc1.1

CVEs referencing this url
http://www.debian.org/security/2004/dsa-425

Debian -- The Universal Operating System

CVEs referencing this url
ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc

CVEs referencing this url
http://secunia.com/advisories/11022

About Secunia Research | Flexera

CVEs referencing this url
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000832

CONECTIVA | Análises dos Melhores Produtos Online (#10 Melhores)
http://www.securitytracker.com/id?1008735

GoDaddy Domain Name Search
http://www.redhat.com/support/errata/RHSA-2004-008.html

Support
Patch;Vendor Advisory

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A853

404 Not Found
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9989

404 Not Found

Jump to

Vulnerability Details : CVE-2004-0055

Products affected by CVE-2004-0055

Exploit prediction scoring system (EPSS) score for CVE-2004-0055

CVSS scores for CVE-2004-0055

References for CVE-2004-0055