cvelistv5 - cve-2005-1278

CVE-2005-1278 (GCVE-0-2005-1278)

Vulnerability from cvelistv5

Published

2005-04-26 04:00

Modified

2024-08-07 21:44

Severity ?

CWE

Summary

The isis_print function, as called by isoclns_print, in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a zero length, as demonstrated using a GRE packet.

References

URL

Tags

	http://www.securityfocus.com/bid/13392	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/15125	third-party-advisory, x_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2005-421.html	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/archive/1/396932	mailing-list, x_refsource_BUGTRAQ
	http://www.redhat.com/support/errata/RHSA-2005-417.html	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/archive/1/430292/100/0/threaded	vendor-advisory, x_refsource_FEDORA
	ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.60/SCOSA-2005.60.txt	vendor-advisory, x_refsource_SCO
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10159	vdb-entry, signature, x_refsource_OVAL
	http://secunia.com/advisories/18146	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T21:44:05.791Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "13392",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/13392"
          },
          {
            "name": "15125",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/15125"
          },
          {
            "name": "RHSA-2005:421",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2005-421.html"
          },
          {
            "name": "20050426 tcpdump[v3.8.x/v3.9.1]: ISIS, BGP, and LDP infinite loop DOS exploits.",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/396932"
          },
          {
            "name": "RHSA-2005:417",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2005-417.html"
          },
          {
            "name": "FLSA:156139",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/430292/100/0/threaded"
          },
          {
            "name": "SCOSA-2005.60",
            "tags": [
              "vendor-advisory",
              "x_refsource_SCO",
              "x_transferred"
            ],
            "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.60/SCOSA-2005.60.txt"
          },
          {
            "name": "oval:org.mitre.oval:def:10159",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10159"
          },
          {
            "name": "18146",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18146"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-04-26T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The isis_print function, as called by isoclns_print, in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a zero length, as demonstrated using a GRE packet."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-19T14:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "13392",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/13392"
        },
        {
          "name": "15125",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/15125"
        },
        {
          "name": "RHSA-2005:421",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2005-421.html"
        },
        {
          "name": "20050426 tcpdump[v3.8.x/v3.9.1]: ISIS, BGP, and LDP infinite loop DOS exploits.",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/396932"
        },
        {
          "name": "RHSA-2005:417",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2005-417.html"
        },
        {
          "name": "FLSA:156139",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://www.securityfocus.com/archive/1/430292/100/0/threaded"
        },
        {
          "name": "SCOSA-2005.60",
          "tags": [
            "vendor-advisory",
            "x_refsource_SCO"
          ],
          "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.60/SCOSA-2005.60.txt"
        },
        {
          "name": "oval:org.mitre.oval:def:10159",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10159"
        },
        {
          "name": "18146",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18146"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2005-1278",
    "datePublished": "2005-04-26T04:00:00.000Z",
    "dateReserved": "2005-04-26T00:00:00.000Z",
    "dateUpdated": "2024-08-07T21:44:05.791Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2005-AVI-033

Vulnerability from certfr_avis

Un utilisateur distant mal intentionné peut provoquer l'arrêt du service DNS (et par ricochet de tout service utilisant la résolution de nom), en abusant d'une faille concernant soit les versions 8.4.4 et 8.4.5, soit la version 9.3.0.

Description

Versions 8.4.4 et 8.4.5 (CAN-2005-0033) :

les interrogations déjà réalisées sont stockées dans un tableau dont les limites mémoire sont mal gérées et peuvent donc provoquer un déni de service par débordement.
Version 9.3.0 (CAN-2005-0034) :

Un test de validation DNSSEC est basé sur un postulat incorrect et peut donc interrompre le service lors d'une requête légitime d'après la norme.

Contournement provisoire

Versions 8.4.4 et 8.4.5 :

Désactiver l'interrogation récursive («recursion»), s'il ne s'agit pas d'un serveur cache, ainsi que la récupération des enregistrements annexes («glue fetching» : récupération de l'adresse IP en sus lors d'une interrogation NS, par exemple).
Version 9.3.0 :

Désactiver DNSSEC ou simplement la validation DNSSEC dans les options.

Solution

Mettre à jour les sources en version 8.4.6 ou 9.3.1beta2 au moins.

Impacted products

	Vendor	Product	Description
	ISC	BIND	Tout système offrant un service DNS par l'intermédiaire de <SPAN class="textit">BIND</SPAN> en versions 8.4.4, 8.4.5 et 9.3.0.

References

Title

Publication Time

Tags

Bulletin de sécurité 20050125-00060 du NISCC sur BIND 9	2005-01-25	vendor-advisory
Bulletin de sécurité 20050125-00059 du NISCC sur BIND 8	2005-01-25	vendor-advisory
Mise à jour de sécurité des paquetages NetBSD bind8 et bind9 :	-	other
Bulletin de sécurité Mandrake MDKSA-2005:023 du 26 janvier 2005 :	-	other
Site Internet d'ISC BIND :	-	other
Mise à jour de sécurité des paquetages NetBSD bind8 et bind9 :	-	other
Note de vulnérabilité #938617 de l'US-CERT sur BIND 9 :	-	other
Note de vulnérabilité #327633 de l'US-CERT sur BIND 8 :	-	other
Bulletin de sécurité FreeBSD FreeBSD-SA-05:12 du 09 juin 2005 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Tout syst\u00e8me offrant un service DNS par  l\u0027interm\u00e9diaire de \u003cSPAN class=\"textit\"\u003eBIND\u003c/SPAN\u003e en versions  8.4.4, 8.4.5 et 9.3.0.",
      "product": {
        "name": "BIND",
        "vendor": {
          "name": "ISC",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Description\n\n-   Versions 8.4.4 et 8.4.5 (CAN-2005-0033) :\n\n    les interrogations d\u00e9j\u00e0 r\u00e9alis\u00e9es sont stock\u00e9es dans un tableau dont\n    les limites m\u00e9moire sont mal g\u00e9r\u00e9es et peuvent donc provoquer un\n    d\u00e9ni de service par d\u00e9bordement.\n\n-   Version 9.3.0 (CAN-2005-0034) :\n\n    Un test de validation DNSSEC est bas\u00e9 sur un postulat incorrect et\n    peut donc interrompre le service lors d\u0027une requ\u00eate l\u00e9gitime d\u0027apr\u00e8s\n    la norme.\n\n## Contournement provisoire\n\n-   Versions 8.4.4 et 8.4.5 :\n\n    D\u00e9sactiver l\u0027interrogation r\u00e9cursive (\u00abrecursion\u00bb), s\u0027il ne s\u0027agit\n    pas d\u0027un serveur cache, ainsi que la r\u00e9cup\u00e9ration des\n    enregistrements annexes (\u00abglue fetching\u00bb : r\u00e9cup\u00e9ration de l\u0027adresse\n    IP en sus lors d\u0027une interrogation NS, par exemple).\n\n-   Version 9.3.0 :\n\n    D\u00e9sactiver DNSSEC ou simplement la validation DNSSEC dans les\n    options.\n\n## Solution\n\nMettre \u00e0 jour les sources en version 8.4.6 ou 9.3.1beta2 au moins.\n",
  "cves": [
    {
      "name": "CVE-2005-1278",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-1278"
    },
    {
      "name": "CVE-2005-0034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-0034"
    }
  ],
  "initial_release_date": "2005-01-27T00:00:00",
  "last_revision_date": "2005-06-10T00:00:00",
  "links": [
    {
      "title": "Mise \u00e0 jour de s\u00e9curit\u00e9 des paquetages NetBSD bind8 et    bind9 :",
      "url": "ftp://ftp.netbsd.org/pub/NetBSD/packages/pkgsrc/net/bind8/README.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandrake MDKSA-2005:023 du 26 janvier    2005 :",
      "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:023"
    },
    {
      "title": "Site Internet d\u0027ISC BIND :",
      "url": "http://www.isc.org"
    },
    {
      "title": "Mise \u00e0 jour de s\u00e9curit\u00e9 des paquetages NetBSD bind8 et    bind9 :",
      "url": "ftp://ftp.netbsd.org/pub/NetBSD/packages/pkgsrc/net/bind9/README.html"
    },
    {
      "title": "Note de vuln\u00e9rabilit\u00e9 #938617 de l\u0027US-CERT sur      BIND 9 :",
      "url": "http://www.kb.cert.org/vuls/id/938617"
    },
    {
      "title": "Note de vuln\u00e9rabilit\u00e9 #327633 de l\u0027US-CERT sur      BIND 8 :",
      "url": "http://www.kb.cert.org/vuls/id/327633"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 FreeBSD FreeBSD-SA-05:12 du 09 juin    2005 :",
      "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:12.bind9.asc"
    }
  ],
  "reference": "CERTA-2005-AVI-033",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2005-01-27T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence CVE et des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 Mandrake et NetBSD.",
      "revision_date": "2005-01-31T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 FreeBSD.",
      "revision_date": "2005-06-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": "Un utilisateur distant mal intentionn\u00e9 peut provoquer l\u0027arr\u00eat du service\nDNS (et par ricochet de tout service utilisant la r\u00e9solution de nom), en\nabusant d\u0027une faille concernant soit les versions 8.4.4 et 8.4.5, soit\nla version 9.3.0.\n",
  "title": "Vuln\u00e9rabilit\u00e9 des serveurs DNS BIND",
  "vendor_advisories": [
    {
      "published_at": "2005-01-25",
      "title": "Bulletin de s\u00e9curit\u00e9 20050125-00060 du NISCC sur BIND 9",
      "url": "http://www.niscc.gov.uk/niscc/docs/al-20050125-00060.html"
    },
    {
      "published_at": "2005-01-25",
      "title": "Bulletin de s\u00e9curit\u00e9 20050125-00059 du NISCC sur BIND 8",
      "url": "http://www.niscc.gov.uk/niscc/docs/al-20050125-00059.html"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2005-1278 (GCVE-0-2005-1278)

Vulnerability from cvelistv5

CERTA-2005-AVI-033

Vulnerability from certfr_avis

Description

Contournement provisoire

Solution

Tags

Sightings

Nomenclature