ID

VAR-200311-0077


CVE

CVE-2003-0804


TITLE

BSD Kernel ARP Buffer flooded remote denial of service vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200311-088

DESCRIPTION

The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before 10.2.8, and possibly other BSD-based systems, allows remote attackers on a local subnet to cause a denial of service (resource starvation and panic) via a flood of spoofed ARP requests. A vulnerability has been discovered in the BSD kernel. The problem occurs in the storage of ARP cache entries when handling ARP requests. As a result of this issue, an attacker capable of transmitted a large volume of spoofed ARP requests to a target system may be capable of triggering a system panic. This would effectively deny services to other legitimate users until the system is manually rebooted. The issue is reported to exist in FreeBSD, IRIX and MacOS X. Other systems, which use a BSD-derived kernel, may also be prone to the issue. Address Resolution Protocol (ARP) is a protocol for mapping IP addresses to MAC addresses. Through forged ARP requests, remote attackers can carry out denial of service attacks on the system, causing the system to crash. Under some conditions, an attacker can perform a flood attack through forged ARP requests, which can cause resource exhaustion. Since the arplookup() function does not delete unnecessary ARP buffer entries, it will consume a large amount of resources and crash the system, resulting in denial of service. The attacker must hang or crash the target machine in the local network segment, and the network using ARP proxy can also cause the machine in the network segment to be attacked

Trust: 1.26

sources: NVD: CVE-2003-0804 // BID: 8689 // VULHUB: VHN-7629

AFFECTED PRODUCTS

vendor:freebsdmodel:freebsdscope:eqversion:5.1

Trust: 1.9

vendor:freebsdmodel:freebsdscope:eqversion:5.0

Trust: 1.9

vendor:freebsdmodel:freebsdscope:eqversion:4.8

Trust: 1.9

vendor:freebsdmodel:freebsdscope:eqversion:4.9

Trust: 1.6

vendor:openbsdmodel:openbsdscope:eqversion:3.4

Trust: 1.3

vendor:openbsdmodel:openbsdscope:eqversion:3.3

Trust: 1.3

vendor:openbsdmodel:openbsdscope:eqversion:3.2

Trust: 1.3

vendor:freebsdmodel:freebsdscope:eqversion:4.7

Trust: 1.3

vendor:freebsdmodel:freebsdscope:eqversion:4.6.2

Trust: 1.3

vendor:freebsdmodel:freebsdscope:eqversion:4.6

Trust: 1.3

vendor:freebsdmodel:freebsdscope:eqversion:4.5

Trust: 1.3

vendor:freebsdmodel:freebsdscope:eqversion:4.4

Trust: 1.3

vendor:freebsdmodel:freebsdscope:eqversion:4.3

Trust: 1.3

vendor:freebsdmodel:freebsdscope:eqversion:4.2

Trust: 1.3

vendor:freebsdmodel:freebsdscope:eqversion:4.1.1

Trust: 1.3

vendor:freebsdmodel:freebsdscope:eqversion:4.1

Trust: 1.3

vendor:freebsdmodel:freebsdscope:eqversion:4.0

Trust: 1.3

vendor:applemodel:mac os xscope:eqversion:10.2.6

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.2.5

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.2.2

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.2.5

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.2.6

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.2.7

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.2.2

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.2.7

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.2.1

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.2

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.2.1

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.2

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.2.4

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.2.4

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.2.3

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.2.3

Trust: 1.0

vendor:sgimodel:irix mscope:eqversion:6.5.22

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.22

Trust: 0.3

vendor:sgimodel:irix mscope:eqversion:6.5.21

Trust: 0.3

vendor:sgimodel:irix fscope:eqversion:6.5.21

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.21

Trust: 0.3

vendor:sgimodel:irix mscope:eqversion:6.5.20

Trust: 0.3

vendor:sgimodel:irix fscope:eqversion:6.5.20

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.20

Trust: 0.3

vendor:sgimodel:irix mscope:eqversion:6.5.19

Trust: 0.3

vendor:sgimodel:irix fscope:eqversion:6.5.19

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.19

Trust: 0.3

vendor:sgimodel:irix mscope:eqversion:6.5.18

Trust: 0.3

vendor:sgimodel:irix fscope:eqversion:6.5.18

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.18

Trust: 0.3

vendor:sgimodel:irix mscope:eqversion:6.5.17

Trust: 0.3

vendor:sgimodel:irix fscope:eqversion:6.5.17

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.17

Trust: 0.3

vendor:sgimodel:irix mscope:eqversion:6.5.16

Trust: 0.3

vendor:sgimodel:irix fscope:eqversion:6.5.16

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.16

Trust: 0.3

vendor:sgimodel:irix mscope:eqversion:6.5.15

Trust: 0.3

vendor:sgimodel:irix fscope:eqversion:6.5.15

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.15

Trust: 0.3

vendor:sgimodel:irix mscope:eqversion:6.5.14

Trust: 0.3

vendor:sgimodel:irix fscope:eqversion:6.5.14

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.14

Trust: 0.3

vendor:sgimodel:irix mscope:eqversion:6.5.13

Trust: 0.3

vendor:sgimodel:irix fscope:eqversion:6.5.13

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.13

Trust: 0.3

vendor:sgimodel:irix mscope:eqversion:6.5.12

Trust: 0.3

vendor:sgimodel:irix fscope:eqversion:6.5.12

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.12

Trust: 0.3

vendor:sgimodel:irix mscope:eqversion:6.5.11

Trust: 0.3

vendor:sgimodel:irix fscope:eqversion:6.5.11

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.11

Trust: 0.3

vendor:sgimodel:irix mscope:eqversion:6.5.10

Trust: 0.3

vendor:sgimodel:irix fscope:eqversion:6.5.10

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.10

Trust: 0.3

vendor:sgimodel:irix mscope:eqversion:6.5.9

Trust: 0.3

vendor:sgimodel:irix fscope:eqversion:6.5.9

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.9

Trust: 0.3

vendor:sgimodel:irix mscope:eqversion:6.5.8

Trust: 0.3

vendor:sgimodel:irix fscope:eqversion:6.5.8

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.8

Trust: 0.3

vendor:sgimodel:irix mscope:eqversion:6.5.7

Trust: 0.3

vendor:sgimodel:irix fscope:eqversion:6.5.7

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.7

Trust: 0.3

vendor:sgimodel:irix mscope:eqversion:6.5.6

Trust: 0.3

vendor:sgimodel:irix fscope:eqversion:6.5.6

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.6

Trust: 0.3

vendor:sgimodel:irix mscope:eqversion:6.5.5

Trust: 0.3

vendor:sgimodel:irix fscope:eqversion:6.5.5

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.5

Trust: 0.3

vendor:sgimodel:irix mscope:eqversion:6.5.4

Trust: 0.3

vendor:sgimodel:irix fscope:eqversion:6.5.4

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.4

Trust: 0.3

vendor:sgimodel:irix mscope:eqversion:6.5.3

Trust: 0.3

vendor:sgimodel:irix fscope:eqversion:6.5.3

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.3

Trust: 0.3

vendor:sgimodel:irix mscope:eqversion:6.5.2

Trust: 0.3

vendor:sgimodel:irix fscope:eqversion:6.5.2

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.2

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.1

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.520

Trust: 0.3

vendor:sgimodel:irix .19mscope:eqversion:6.5

Trust: 0.3

vendor:sgimodel:irix .19fscope:eqversion:6.5

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5

Trust: 0.3

vendor:freebsdmodel:-prereleasescope:eqversion:4.9

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2

Trust: 0.3

vendor:sgimodel:irixscope:neversion:6.5.23

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.2.8

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.2.8

Trust: 0.3

sources: BID: 8689 // CNNVD: CNNVD-200311-088 // NVD: CVE-2003-0804

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2003-0804
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200311-088
value: MEDIUM

Trust: 0.6

VULHUB: VHN-7629
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2003-0804
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-7629
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-7629 // CNNVD: CNNVD-200311-088 // NVD: CVE-2003-0804

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2003-0804

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200311-088

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200311-088

EXTERNAL IDS

db:NVDid:CVE-2003-0804

Trust: 2.0

db:CNNVDid:CNNVD-200311-088

Trust: 0.7

db:FREEBSDid:FREEBSD-SA-03:14

Trust: 0.6

db:SGIid:20040502-01-P

Trust: 0.6

db:BIDid:8689

Trust: 0.4

db:VULHUBid:VHN-7629

Trust: 0.1

sources: VULHUB: VHN-7629 // BID: 8689 // CNNVD: CNNVD-200311-088 // NVD: CVE-2003-0804

REFERENCES

url:http://docs.info.apple.com/article.html?artnum=61798

Trust: 1.7

url:ftp://ftp.freebsd.org/pub/freebsd/cert/advisories/freebsd-sa-03:14.arp.asc

Trust: 1.7

url:ftp://patches.sgi.com/support/free/security/advisories/20040502-01-p.asc

Trust: 1.7

url:http://www.info.apple.com/usen/security/security_updates.html

Trust: 0.3

url:http://www.apple.com/swupdates/

Trust: 0.3

sources: VULHUB: VHN-7629 // BID: 8689 // CNNVD: CNNVD-200311-088 // NVD: CVE-2003-0804

CREDITS

Apple

Trust: 0.6

sources: CNNVD: CNNVD-200311-088

SOURCES

db:VULHUBid:VHN-7629
db:BIDid:8689
db:CNNVDid:CNNVD-200311-088
db:NVDid:CVE-2003-0804

LAST UPDATE DATE

2024-08-14T14:08:59.704000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-7629date:2008-09-10T00:00:00
db:BIDid:8689date:2009-07-11T23:56:00
db:CNNVDid:CNNVD-200311-088date:2005-10-20T00:00:00
db:NVDid:CVE-2003-0804date:2008-09-10T19:20:30.570

SOURCES RELEASE DATE

db:VULHUBid:VHN-7629date:2003-11-17T00:00:00
db:BIDid:8689date:2003-09-22T00:00:00
db:CNNVDid:CNNVD-200311-088date:2003-09-22T00:00:00
db:NVDid:CVE-2003-0804date:2003-11-17T05:00:00