Vulnerabilities > CVE-2016-6160 - Resource Management Errors vulnerability in Broadcom Tcpreplay
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
tcprewrite in tcpreplay before 4.1.2 allows remote attackers to cause a denial of service (segmentation fault) via a large frame, a related issue to CVE-2017-14266.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2016-904ED1D231.NASL description Security fix for CVE-2016-6160. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-07-19 plugin id 92390 published 2016-07-19 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/92390 title Fedora 24 : tcpreplay (2016-904ed1d231) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2016-904ed1d231. # include("compat.inc"); if (description) { script_id(92390); script_version("2.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2016-6160"); script_xref(name:"FEDORA", value:"2016-904ed1d231"); script_name(english:"Fedora 24 : tcpreplay (2016-904ed1d231)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Security fix for CVE-2016-6160. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2016-904ed1d231" ); script_set_attribute( attribute:"solution", value:"Update the affected tcpreplay package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:tcpreplay"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:24"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/01/23"); script_set_attribute(attribute:"patch_publication_date", value:"2016/07/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/07/19"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^24([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 24", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC24", reference:"tcpreplay-4.1.1-2.fc24")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "tcpreplay"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2016-72DAE8EA7E.NASL description Security fix for CVE-2016-6160. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-07-19 plugin id 92387 published 2016-07-19 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/92387 title Fedora 23 : tcpreplay (2016-72dae8ea7e) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-544.NASL description The tcprewrite program, part of the tcpreplay suite, does not check the size of the frames it processes. Huge frames may trigger a segmentation fault, and such frames occur when caputuring packets on interfaces with an MTU of or close to 65536. For example, the loopback interface lo of the Linux kernel has such a value. For Debian 7 last seen 2020-03-17 modified 2016-07-08 plugin id 91977 published 2016-07-08 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91977 title Debian DLA-544-1 : tcpreplay security update NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-1408.NASL description This update for tcpreplay to version 4.1.2 fixes the following issues : - CVE-2016-6160: Increase max packet size to 65549 to prevent segmentation faults (boo#987846) last seen 2020-06-05 modified 2016-12-07 plugin id 95591 published 2016-12-07 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/95591 title openSUSE Security Update : tcpreplay (openSUSE-2016-1408)
References
- http://www.openwall.com/lists/oss-security/2016/07/05/3
- http://www.openwall.com/lists/oss-security/2016/07/05/3
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=829350
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=829350
- https://github.com/appneta/tcpreplay/issues/251
- https://github.com/appneta/tcpreplay/issues/251