Vulnerabilities > CVE-2017-11108 - Out-of-bounds Read vulnerability in Tcpdump 4.9.0

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
tcpdump
CWE-125
nessus

Summary

tcpdump 4.9.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packet data. The crash occurs in the EXTRACT_16BITS function, called from the stp_print function for the Spanning Tree Protocol.

Vulnerable Configurations

Part Description Count
Application
Tcpdump
1

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Overread Buffers
    An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.

Nessus

  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2017-004.NASL
    descriptionThe remote host is running Mac OS X 10.11.6 or Mac OS X 10.12.6 and is missing a security update. It is therefore, affected by multiple vulnerabilities affecting the following components : - 802.1X - apache - AppleScript - ATS - Audio - CFString - CoreText - curl - Dictionary Widget - file - Fonts - fsck_msdos - HFS - Heimdal - HelpViewer - ImageIO - Kernel - libarchive - Open Scripting Architecture - PCRE - Postfix - Quick Look - QuickTime - Remote Management - Sandbox - StreamingZip - tcpdump - Wi-Fi
    last seen2020-06-01
    modified2020-06-02
    plugin id104379
    published2017-11-03
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104379
    titlemacOS and Mac OS X Multiple Vulnerabilities (Security Update 2017-001 and 2017-004)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(104379);
      script_version("1.10");
      script_cvs_date("Date: 2019/06/19 15:17:43");
    
      script_cve_id(
        "CVE-2016-0736",
        "CVE-2016-2161",
        "CVE-2016-4736",
        "CVE-2016-5387",
        "CVE-2016-8740",
        "CVE-2016-8743",
        "CVE-2017-1000100",
        "CVE-2017-1000101",
        "CVE-2017-10140",
        "CVE-2017-11103",
        "CVE-2017-11108",
        "CVE-2017-11541",
        "CVE-2017-11542",
        "CVE-2017-11543",
        "CVE-2017-12893",
        "CVE-2017-12894",
        "CVE-2017-12895",
        "CVE-2017-12896",
        "CVE-2017-12897",
        "CVE-2017-12898",
        "CVE-2017-12899",
        "CVE-2017-12900",
        "CVE-2017-12901",
        "CVE-2017-12902",
        "CVE-2017-12985",
        "CVE-2017-12986",
        "CVE-2017-12987",
        "CVE-2017-12988",
        "CVE-2017-12989",
        "CVE-2017-12990",
        "CVE-2017-12991",
        "CVE-2017-12992",
        "CVE-2017-12993",
        "CVE-2017-12994",
        "CVE-2017-12995",
        "CVE-2017-12996",
        "CVE-2017-12997",
        "CVE-2017-12998",
        "CVE-2017-12999",
        "CVE-2017-13000",
        "CVE-2017-13001",
        "CVE-2017-13002",
        "CVE-2017-13003",
        "CVE-2017-13004",
        "CVE-2017-13005",
        "CVE-2017-13006",
        "CVE-2017-13007",
        "CVE-2017-13008",
        "CVE-2017-13009",
        "CVE-2017-13010",
        "CVE-2017-13011",
        "CVE-2017-13012",
        "CVE-2017-13013",
        "CVE-2017-13014",
        "CVE-2017-13015",
        "CVE-2017-13016",
        "CVE-2017-13017",
        "CVE-2017-13018",
        "CVE-2017-13019",
        "CVE-2017-13020",
        "CVE-2017-13021",
        "CVE-2017-13022",
        "CVE-2017-13023",
        "CVE-2017-13024",
        "CVE-2017-13025",
        "CVE-2017-13026",
        "CVE-2017-13027",
        "CVE-2017-13028",
        "CVE-2017-13029",
        "CVE-2017-13030",
        "CVE-2017-13031",
        "CVE-2017-13032",
        "CVE-2017-13033",
        "CVE-2017-13034",
        "CVE-2017-13035",
        "CVE-2017-13036",
        "CVE-2017-13037",
        "CVE-2017-13038",
        "CVE-2017-13039",
        "CVE-2017-13040",
        "CVE-2017-13041",
        "CVE-2017-13042",
        "CVE-2017-13043",
        "CVE-2017-13044",
        "CVE-2017-13045",
        "CVE-2017-13046",
        "CVE-2017-13047",
        "CVE-2017-13048",
        "CVE-2017-13049",
        "CVE-2017-13050",
        "CVE-2017-13051",
        "CVE-2017-13052",
        "CVE-2017-13053",
        "CVE-2017-13054",
        "CVE-2017-13055",
        "CVE-2017-13077",
        "CVE-2017-13078",
        "CVE-2017-13080",
        "CVE-2017-13687",
        "CVE-2017-13688",
        "CVE-2017-13689",
        "CVE-2017-13690",
        "CVE-2017-13725",
        "CVE-2017-13782",
        "CVE-2017-13799",
        "CVE-2017-13801",
        "CVE-2017-13804",
        "CVE-2017-13807",
        "CVE-2017-13808",
        "CVE-2017-13809",
        "CVE-2017-13810",
        "CVE-2017-13811",
        "CVE-2017-13812",
        "CVE-2017-13813",
        "CVE-2017-13814",
        "CVE-2017-13815",
        "CVE-2017-13817",
        "CVE-2017-13818",
        "CVE-2017-13819",
        "CVE-2017-13820",
        "CVE-2017-13821",
        "CVE-2017-13822",
        "CVE-2017-13823",
        "CVE-2017-13824",
        "CVE-2017-13825",
        "CVE-2017-13828",
        "CVE-2017-13829",
        "CVE-2017-13830",
        "CVE-2017-13831",
        "CVE-2017-13833",
        "CVE-2017-13834",
        "CVE-2017-13836",
        "CVE-2017-13838",
        "CVE-2017-13840",
        "CVE-2017-13841",
        "CVE-2017-13842",
        "CVE-2017-13843",
        "CVE-2017-13846",
        "CVE-2017-13906",
        "CVE-2017-13908",
        "CVE-2017-3167",
        "CVE-2017-3169",
        "CVE-2017-5130",
        "CVE-2017-5969",
        "CVE-2017-7132",
        "CVE-2017-7150",
        "CVE-2017-7170",
        "CVE-2017-7376",
        "CVE-2017-7659",
        "CVE-2017-7668",
        "CVE-2017-7679",
        "CVE-2017-9049",
        "CVE-2017-9050",
        "CVE-2017-9788",
        "CVE-2017-9789"
      );
      script_bugtraq_id(
        100249,
        100286,
        100913,
        100914,
        101177,
        101274,
        101482,
        102100,
        91816,
        93055,
        94650,
        95076,
        95077,
        95078,
        96188,
        98568,
        98601,
        98877,
        99132,
        99134,
        99135,
        99137,
        99170,
        99551,
        99568,
        99569,
        99938,
        99939,
        99940,
        99941
      );
      script_xref(name:"APPLE-SA", value:"APPLE-SA-2017-10-31-2");
      script_xref(name:"IAVA", value:"2017-A-0310");
    
      script_name(english:"macOS and Mac OS X Multiple Vulnerabilities (Security Update 2017-001 and 2017-004)");
      script_summary(english:"Checks for the presence of Security Update 2017-004.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host is missing a macOS or Mac OS X security update that
    fixes multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The remote host is running Mac OS X 10.11.6 or Mac OS X 10.12.6 and is
    missing a security update. It is therefore, affected by multiple
    vulnerabilities affecting the following components :
    
      - 802.1X
      - apache
      - AppleScript
      - ATS
      - Audio
      - CFString
      - CoreText
      - curl
      - Dictionary Widget
      - file
      - Fonts
      - fsck_msdos
      - HFS
      - Heimdal
      - HelpViewer
      - ImageIO
      - Kernel
      - libarchive
      - Open Scripting Architecture
      - PCRE
      - Postfix
      - Quick Look
      - QuickTime
      - Remote Management
      - Sandbox
      - StreamingZip
      - tcpdump
      - Wi-Fi");
      script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT208221");
      # https://lists.apple.com/archives/security-announce/2017/Oct/msg00001.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3881783e");
      script_set_attribute(attribute:"solution", value:
    "Install Security Update 2017-004 or later for 10.11.x or
    Security Update 2017-001 or later for 10.12.x.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-7376");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/07/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/10/31");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/11/03");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:macos");
      script_set_attribute(attribute:"stig_severity", value:"II");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version", "Host/MacOSX/packages/boms");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    # Compare 2 patch numbers to determine if patch requirements are satisfied.
    # Return true if this patch or a later patch is applied
    # Return false otherwise
    function check_patch(year, number)
    {
      local_var p_split = split(patch, sep:"-");
      local_var p_year  = int( p_split[0]);
      local_var p_num   = int( p_split[1]);
    
      if (year >  p_year) return TRUE;
      else if (year <  p_year) return FALSE;
      else if (number >=  p_num) return TRUE;
      else return FALSE;
    }
    
    get_kb_item_or_exit("Host/local_checks_enabled");
    os = get_kb_item_or_exit("Host/MacOSX/Version");
    
    if (!preg(pattern:"Mac OS X 10\.(11\.6|12\.6)([^0-9]|$)", string:os))
      audit(AUDIT_OS_NOT, "Mac OS X 10.11.6 or Mac OS X 10.12.6");
    
    if ("10.11.6" >< os)
      patch = "2017-004";
    else
      patch = "2017-001";
    
    packages = get_kb_item_or_exit("Host/MacOSX/packages/boms", exit_code:1);
    sec_boms_report = pgrep(
      pattern:"^com\.apple\.pkg\.update\.(security\.|os\.SecUpd).*bom$",
      string:packages
    );
    sec_boms = split(sec_boms_report, sep:'\n');
    
    foreach package (sec_boms)
    {
      # Grab patch year and number
      match = pregmatch(pattern:"[^0-9](20[0-9][0-9])[-.]([0-9]{3})[^0-9]", string:package);
      if (empty_or_null(match[1]) || empty_or_null(match[2]))
        continue;
    
      patch_found = check_patch(year:int(match[1]), number:int(match[2]));
      if (patch_found) exit(0, "The host has Security Update " + patch + " or later installed and is therefore not affected.");
    }
    
    report =  '\n  Missing security update : ' + patch;
    report += '\n  Installed security BOMs : ';
    if (sec_boms_report) report += str_replace(find:'\n', replace:'\n                            ', string:sec_boms_report);
    else report += 'n/a';
    report += '\n';
    
    security_report_v4(port:0, severity:SECURITY_HOLE, extra:report, xss:TRUE);
    
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0071_TCPDUMP.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has tcpdump packages installed that are affected by multiple vulnerabilities: - Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in util-print.c:tok2strbuf(). (CVE-2017-12900) - tcpdump 4.9.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packet data. The crash occurs in the EXTRACT_16BITS function, called from the stp_print function for the Spanning Tree Protocol. (CVE-2017-11108) - A vulnerability was discovered in tcpdump
    last seen2020-06-01
    modified2020-06-02
    plugin id127275
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127275
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : tcpdump Multiple Vulnerabilities (NS-SA-2019-0071)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from ZTE advisory NS-SA-2019-0071. The text
    # itself is copyright (C) ZTE, Inc.
    
    include("compat.inc");
    
    if (description)
    {
      script_id(127275);
      script_version("1.2");
      script_cvs_date("Date: 2019/10/17 14:31:04");
    
      script_cve_id(
        "CVE-2017-11108",
        "CVE-2017-11541",
        "CVE-2017-11542",
        "CVE-2017-11543",
        "CVE-2017-11544",
        "CVE-2017-12893",
        "CVE-2017-12894",
        "CVE-2017-12895",
        "CVE-2017-12896",
        "CVE-2017-12897",
        "CVE-2017-12898",
        "CVE-2017-12899",
        "CVE-2017-12900",
        "CVE-2017-12901",
        "CVE-2017-12902",
        "CVE-2017-12985",
        "CVE-2017-12986",
        "CVE-2017-12987",
        "CVE-2017-12988",
        "CVE-2017-12989",
        "CVE-2017-12990",
        "CVE-2017-12991",
        "CVE-2017-12992",
        "CVE-2017-12993",
        "CVE-2017-12994",
        "CVE-2017-12995",
        "CVE-2017-12996",
        "CVE-2017-12997",
        "CVE-2017-12998",
        "CVE-2017-12999",
        "CVE-2017-13000",
        "CVE-2017-13001",
        "CVE-2017-13002",
        "CVE-2017-13003",
        "CVE-2017-13004",
        "CVE-2017-13005",
        "CVE-2017-13006",
        "CVE-2017-13007",
        "CVE-2017-13008",
        "CVE-2017-13009",
        "CVE-2017-13010",
        "CVE-2017-13011",
        "CVE-2017-13012",
        "CVE-2017-13013",
        "CVE-2017-13014",
        "CVE-2017-13015",
        "CVE-2017-13016",
        "CVE-2017-13017",
        "CVE-2017-13018",
        "CVE-2017-13019",
        "CVE-2017-13020",
        "CVE-2017-13021",
        "CVE-2017-13022",
        "CVE-2017-13023",
        "CVE-2017-13024",
        "CVE-2017-13025",
        "CVE-2017-13026",
        "CVE-2017-13027",
        "CVE-2017-13028",
        "CVE-2017-13029",
        "CVE-2017-13030",
        "CVE-2017-13031",
        "CVE-2017-13032",
        "CVE-2017-13033",
        "CVE-2017-13034",
        "CVE-2017-13035",
        "CVE-2017-13036",
        "CVE-2017-13037",
        "CVE-2017-13038",
        "CVE-2017-13039",
        "CVE-2017-13040",
        "CVE-2017-13041",
        "CVE-2017-13042",
        "CVE-2017-13043",
        "CVE-2017-13044",
        "CVE-2017-13045",
        "CVE-2017-13046",
        "CVE-2017-13047",
        "CVE-2017-13048",
        "CVE-2017-13049",
        "CVE-2017-13050",
        "CVE-2017-13051",
        "CVE-2017-13052",
        "CVE-2017-13053",
        "CVE-2017-13054",
        "CVE-2017-13055",
        "CVE-2017-13687",
        "CVE-2017-13688",
        "CVE-2017-13689",
        "CVE-2017-13690",
        "CVE-2017-13725"
      );
    
      script_name(english:"NewStart CGSL CORE 5.04 / MAIN 5.04 : tcpdump Multiple Vulnerabilities (NS-SA-2019-0071)");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote machine is affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has tcpdump packages installed that are affected
    by multiple vulnerabilities:
    
      - Several protocol parsers in tcpdump before 4.9.2 could
        cause a buffer over-read in util-print.c:tok2strbuf().
        (CVE-2017-12900)
    
      - tcpdump 4.9.0 allows remote attackers to cause a denial
        of service (heap-based buffer over-read and application
        crash) via crafted packet data. The crash occurs in the
        EXTRACT_16BITS function, called from the stp_print
        function for the Spanning Tree Protocol.
        (CVE-2017-11108)
    
      - A vulnerability was discovered in tcpdump's handling of
        LINKTYPE_SLIP pcap files. An attacker could craft a
        malicious pcap file that would cause tcpdump to crash
        when attempting to print a summary of packet data within
        the file. (CVE-2017-11543, CVE-2017-11544)
    
      - The ISO CLNS parser in tcpdump before 4.9.2 has a buffer
        over-read in print-isoclns.c:isoclns_print().
        (CVE-2017-12897)
    
      - The ISAKMP parser in tcpdump before 4.9.2 has a buffer
        over-read in print-isakmp.c:isakmp_rfc3948_print().
        (CVE-2017-12896)
    
      - The IPv6 fragmentation header parser in tcpdump before
        4.9.2 has a buffer over-read in print-
        frag6.c:frag6_print(). (CVE-2017-13031)
    
      - The RADIUS parser in tcpdump before 4.9.2 has a buffer
        over-read in print-radius.c:print_attr_string().
        (CVE-2017-13032)
    
      - The IPv6 mobility parser in tcpdump before 4.9.2 has a
        buffer over-read in print-
        mobility.c:mobility_opt_print(). (CVE-2017-13023,
        CVE-2017-13024, CVE-2017-13025)
    
      - The ISO ES-IS parser in tcpdump before 4.9.2 has a
        buffer over-read in print-isoclns.c:esis_print().
        (CVE-2017-13016, CVE-2017-13047)
    
      - The LLDP parser in tcpdump before 4.9.2 has a buffer
        over-read in print-lldp.c:lldp_mgmt_addr_tlv_print().
        (CVE-2017-13027)
    
      - The White Board protocol parser in tcpdump before 4.9.2
        has a buffer over-read in print-wb.c:wb_prep(), several
        functions. (CVE-2017-13014)
    
      - The IS-IS parser in tcpdump before 4.9.2 has a buffer
        over-read in print-isoclns.c:isis_print_extd_ip_reach().
        (CVE-2017-12998)
    
      - The IEEE 802.15.4 parser in tcpdump before 4.9.2 has a
        buffer over-read in
        print-802_15_4.c:ieee802_15_4_if_print().
        (CVE-2017-13000)
    
      - The ISO IS-IS parser in tcpdump before 4.9.2 has a
        buffer over-read in print-isoclns.c:isis_print_id().
        (CVE-2017-13035)
    
      - The OSPFv3 parser in tcpdump before 4.9.2 has a buffer
        over-read in print-ospf6.c:ospf6_decode_v3().
        (CVE-2017-13036)
    
      - The ISO IS-IS parser in tcpdump before 4.9.2 has a
        buffer over-read in print-isoclns.c, several functions.
        (CVE-2017-13026)
    
      - The Juniper protocols parser in tcpdump before 4.9.2 has
        a buffer over-read in print-
        juniper.c:juniper_parse_header(). (CVE-2017-13004)
    
      - The PPP parser in tcpdump before 4.9.2 has a buffer
        over-read in print-ppp.c:print_ccp_config_options().
        (CVE-2017-13029)
    
      - The IPv6 mobility parser in tcpdump before 4.9.2 has a
        buffer over-read in print-mobility.c:mobility_print().
        (CVE-2017-13009)
    
      - The Apple PKTAP parser in tcpdump before 4.9.2 has a
        buffer over-read in print-pktap.c:pktap_if_print().
        (CVE-2017-13007)
    
      - The IEEE 802.11 parser in tcpdump before 4.9.2 has a
        buffer over-read in print-802_11.c:parse_elements().
        (CVE-2017-13008, CVE-2017-12987)
    
      - The Juniper protocols parser in tcpdump before 4.9.2 has
        a buffer over-read in print-juniper.c, several
        functions. (CVE-2017-12993)
    
      - The ISAKMP parser in tcpdump before 4.9.2 has a buffer
        over-read in print-isakmp.c, several functions.
        (CVE-2017-13039)
    
      - The MPTCP parser in tcpdump before 4.9.2 has a buffer
        over-read in print-mptcp.c, several functions.
        (CVE-2017-13040)
    
      - The ICMPv6 parser in tcpdump before 4.9.2 has a buffer
        over-read in print-icmp6.c:icmp6_nodeinfo_print().
        (CVE-2017-13041)
    
      - The BGP parser in tcpdump before 4.9.2 has a buffer
        over-read in print-bgp.c:decode_multicast_vpn().
        (CVE-2017-13043)
    
      - The BGP parser in tcpdump before 4.9.2 has a buffer
        over-read in print-bgp.c:decode_rt_routing_info().
        (CVE-2017-13053)
    
      - The LLDP parser in tcpdump before 4.9.2 has a buffer
        over-read in print-lldp.c:lldp_private_8023_print().
        (CVE-2017-13054)
    
      - The RPKI-Router parser in tcpdump before 4.9.2 has a
        buffer over-read in print-rpki-
        rtr.c:rpki_rtr_pdu_print(). (CVE-2017-13050)
    
      - The IKEv2 parser in tcpdump before 4.9.2 has a buffer
        over-read in print-isakmp.c, several functions.
        (CVE-2017-13690)
    
      - The IPv6 routing header parser in tcpdump before 4.9.2
        has a buffer over-read in print-rt6.c:rt6_print().
        (CVE-2017-13725, CVE-2017-12986)
    
      - The ISO IS-IS parser in tcpdump before 4.9.2 has a
        buffer over-read in print-
        isoclns.c:isis_print_is_reach_subtlv(). (CVE-2017-13055)
    
      - The Cisco HDLC parser in tcpdump before 4.9.2 has a
        buffer over-read in print-chdlc.c:chdlc_print().
        (CVE-2017-13687)
    
      - The RESP parser in tcpdump before 4.9.2 could enter an
        infinite loop due to a bug in print-
        resp.c:resp_get_length(). (CVE-2017-12989)
    
      - The Zephyr parser in tcpdump before 4.9.2 has a buffer
        over-read in print-zephyr.c, several functions.
        (CVE-2017-12902)
    
      - The DNS parser in tcpdump before 4.9.2 could enter an
        infinite loop due to a bug in print-domain.c:ns_print().
        (CVE-2017-12995)
    
      - Several protocol parsers in tcpdump before 4.9.2 could
        cause a buffer over-read in
        addrtoname.c:lookup_bytestring(). (CVE-2017-12894)
    
      - The LLDP parser in tcpdump before 4.9.2 could enter an
        infinite loop due to a bug in print-
        lldp.c:lldp_private_8021_print(). (CVE-2017-12997)
    
      - The ISAKMP parser in tcpdump before 4.9.2 could enter an
        infinite loop due to bugs in print-isakmp.c, several
        functions. (CVE-2017-12990)
    
      - A vulnerability was found in tcpdump's verbose printing
        of packet data. A crafted pcap file or specially crafted
        network traffic could cause tcpdump to write out of
        bounds in the BSS segment, potentially causing tcpdump
        to display truncated or incorrectly decoded fields or
        crash with a segmentation violation. This does not
        affect tcpdump when used with the -w option to save a
        pcap file. (CVE-2017-13011)
    
      - The SMB/CIFS parser in tcpdump before 4.9.2 has a buffer
        over-read in smbutil.c:name_len(). (CVE-2017-12893)
    
      - The ICMP parser in tcpdump before 4.9.2 has a buffer
        over-read in print-icmp.c:icmp_print(). (CVE-2017-12895,
        CVE-2017-13012)
    
      - The NFS parser in tcpdump before 4.9.2 has a buffer
        over-read in print-nfs.c:interp_reply().
        (CVE-2017-12898)
    
      - The DECnet parser in tcpdump before 4.9.2 has a buffer
        over-read in print-decnet.c:decnet_print().
        (CVE-2017-12899)
    
      - The EIGRP parser in tcpdump before 4.9.2 has a buffer
        over-read in print-eigrp.c:eigrp_print().
        (CVE-2017-12901)
    
      - The IPv6 parser in tcpdump before 4.9.2 has a buffer
        over-read in print-ip6.c:ip6_print(). (CVE-2017-12985)
    
      - The telnet parser in tcpdump before 4.9.2 has a buffer
        over-read in print-telnet.c:telnet_parse().
        (CVE-2017-12988)
    
      - The BGP parser in tcpdump before 4.9.2 has a buffer
        over-read in print-bgp.c:bgp_attr_print().
        (CVE-2017-12991, CVE-2017-12994, CVE-2017-13046)
    
      - The RIPng parser in tcpdump before 4.9.2 has a buffer
        over-read in print-ripng.c:ripng_print().
        (CVE-2017-12992)
    
      - The PIMv2 parser in tcpdump before 4.9.2 has a buffer
        over-read in print-pim.c:pimv2_print(). (CVE-2017-12996)
    
      - The IS-IS parser in tcpdump before 4.9.2 has a buffer
        over-read in print-isoclns.c:isis_print().
        (CVE-2017-12999)
    
      - The NFS parser in tcpdump before 4.9.2 has a buffer
        over-read in print-nfs.c:nfs_printfh(). (CVE-2017-13001)
    
      - The AODV parser in tcpdump before 4.9.2 has a buffer
        over-read in print-aodv.c:aodv_extension().
        (CVE-2017-13002)
    
      - The LMP parser in tcpdump before 4.9.2 has a buffer
        over-read in print-lmp.c:lmp_print(). (CVE-2017-13003)
    
      - The NFS parser in tcpdump before 4.9.2 has a buffer
        over-read in print-nfs.c:xid_map_enter().
        (CVE-2017-13005)
    
      - The L2TP parser in tcpdump before 4.9.2 has a buffer
        over-read in print-l2tp.c, several functions.
        (CVE-2017-13006)
    
      - The BEEP parser in tcpdump before 4.9.2 has a buffer
        over-read in print-beep.c:l_strnstart().
        (CVE-2017-13010)
    
      - The ARP parser in tcpdump before 4.9.2 has a buffer
        over-read in print-arp.c, several functions.
        (CVE-2017-13013)
    
      - The EAP parser in tcpdump before 4.9.2 has a buffer
        over-read in print-eap.c:eap_print(). (CVE-2017-13015)
    
      - The DHCPv6 parser in tcpdump before 4.9.2 has a buffer
        over-read in print-dhcp6.c:dhcp6opt_print().
        (CVE-2017-13017)
    
      - The PGM parser in tcpdump before 4.9.2 has a buffer
        over-read in print-pgm.c:pgm_print(). (CVE-2017-13018,
        CVE-2017-13019, CVE-2017-13034)
    
      - The VTP parser in tcpdump before 4.9.2 has a buffer
        over-read in print-vtp.c:vtp_print(). (CVE-2017-13020,
        CVE-2017-13033)
    
      - The ICMPv6 parser in tcpdump before 4.9.2 has a buffer
        over-read in print-icmp6.c:icmp6_print().
        (CVE-2017-13021)
    
      - The IP parser in tcpdump before 4.9.2 has a buffer over-
        read in print-ip.c:ip_printroute(). (CVE-2017-13022)
    
      - The BOOTP parser in tcpdump before 4.9.2 has a buffer
        over-read in print-bootp.c:bootp_print().
        (CVE-2017-13028)
    
      - The PIM parser in tcpdump before 4.9.2 has a buffer
        over-read in print-pim.c, several functions.
        (CVE-2017-13030)
    
      - The IP parser in tcpdump before 4.9.2 has a buffer over-
        read in print-ip.c:ip_printts(). (CVE-2017-13037)
    
      - The PPP parser in tcpdump before 4.9.2 has a buffer
        over-read in print-ppp.c:handle_mlppp().
        (CVE-2017-13038)
    
      - The HNCP parser in tcpdump before 4.9.2 has a buffer
        over-read in print-hncp.c:dhcpv6_print().
        (CVE-2017-13042)
    
      - The HNCP parser in tcpdump before 4.9.2 has a buffer
        over-read in print-hncp.c:dhcpv4_print().
        (CVE-2017-13044)
    
      - The VQP parser in tcpdump before 4.9.2 has a buffer
        over-read in print-vqp.c:vqp_print(). (CVE-2017-13045)
    
      - The RSVP parser in tcpdump before 4.9.2 has a buffer
        over-read in print-rsvp.c:rsvp_obj_print().
        (CVE-2017-13048, CVE-2017-13051)
    
      - The Rx protocol parser in tcpdump before 4.9.2 has a
        buffer over-read in print-rx.c:ubik_print().
        (CVE-2017-13049)
    
      - The CFM parser in tcpdump before 4.9.2 has a buffer
        over-read in print-cfm.c:cfm_print(). (CVE-2017-13052)
    
      - The OLSR parser in tcpdump before 4.9.2 has a buffer
        over-read in print-olsr.c:olsr_print(). (CVE-2017-13688)
    
      - The IKEv1 parser in tcpdump before 4.9.2 has a buffer
        over-read in print-isakmp.c:ikev1_id_print().
        (CVE-2017-13689)
    
      - tcpdump 4.9.0 has a heap-based buffer over-read in the
        lldp_print function in print-lldp.c, related to util-
        print.c. (CVE-2017-11541)
    
      - tcpdump 4.9.0 has a heap-based buffer over-read in the
        pimv1_print function in print-pim.c. (CVE-2017-11542)
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number.");
      script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/notice/NS-SA-2019-0071");
      script_set_attribute(attribute:"solution", value:
    "Upgrade the vulnerable CGSL tcpdump packages. Note that updated packages may not be available yet. Please contact ZTE
    for more information.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-13725");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/07/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/07/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/12");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"NewStart CGSL Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/ZTE-CGSL/release", "Host/ZTE-CGSL/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/ZTE-CGSL/release");
    if (isnull(release) || release !~ "^CGSL (MAIN|CORE)") audit(AUDIT_OS_NOT, "NewStart Carrier Grade Server Linux");
    
    if (release !~ "CGSL CORE 5.04" &&
        release !~ "CGSL MAIN 5.04")
      audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');
    
    if (!get_kb_item("Host/ZTE-CGSL/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "NewStart Carrier Grade Server Linux", cpu);
    
    flag = 0;
    
    pkgs = {
      "CGSL CORE 5.04": [
        "tcpdump-4.9.2-3.el7",
        "tcpdump-debuginfo-4.9.2-3.el7"
      ],
      "CGSL MAIN 5.04": [
        "tcpdump-4.9.2-3.el7",
        "tcpdump-debuginfo-4.9.2-3.el7"
      ]
    };
    pkg_list = pkgs[release];
    
    foreach (pkg in pkg_list)
      if (rpm_check(release:"ZTE " + release, reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "tcpdump");
    }
    
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2017-205-01.NASL
    descriptionNew tcpdump packages are available for Slackware 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id101932
    published2017-07-25
    reporterThis script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/101932
    titleSlackware 13.37 / 14.0 / 14.1 / 14.2 / current : tcpdump (SSA:2017-205-01)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Slackware Security Advisory 2017-205-01. The text 
    # itself is copyright (C) Slackware Linux, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(101932);
      script_version("$Revision: 3.3 $");
      script_cvs_date("$Date: 2018/01/26 17:50:31 $");
    
      script_cve_id("CVE-2017-11108");
      script_xref(name:"SSA", value:"2017-205-01");
    
      script_name(english:"Slackware 13.37 / 14.0 / 14.1 / 14.2 / current : tcpdump (SSA:2017-205-01)");
      script_summary(english:"Checks for updated package in /var/log/packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Slackware host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "New tcpdump packages are available for Slackware 13.37, 14.0, 14.1,
    14.2, and -current to fix a security issue."
      );
      # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.468869
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?b8de90a1"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected tcpdump package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:tcpdump");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:13.37");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/07/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/07/25");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.");
      script_family(english:"Slackware Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("slackware.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware");
    if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu);
    
    
    flag = 0;
    if (slackware_check(osver:"13.37", pkgname:"tcpdump", pkgver:"4.9.1", pkgarch:"i486", pkgnum:"1_slack13.37")) flag++;
    if (slackware_check(osver:"13.37", arch:"x86_64", pkgname:"tcpdump", pkgver:"4.9.1", pkgarch:"x86_64", pkgnum:"1_slack13.37")) flag++;
    
    if (slackware_check(osver:"14.0", pkgname:"tcpdump", pkgver:"4.9.1", pkgarch:"i486", pkgnum:"1_slack14.0")) flag++;
    if (slackware_check(osver:"14.0", arch:"x86_64", pkgname:"tcpdump", pkgver:"4.9.1", pkgarch:"x86_64", pkgnum:"1_slack14.0")) flag++;
    
    if (slackware_check(osver:"14.1", pkgname:"tcpdump", pkgver:"4.9.1", pkgarch:"i486", pkgnum:"1_slack14.1")) flag++;
    if (slackware_check(osver:"14.1", arch:"x86_64", pkgname:"tcpdump", pkgver:"4.9.1", pkgarch:"x86_64", pkgnum:"1_slack14.1")) flag++;
    
    if (slackware_check(osver:"14.2", pkgname:"tcpdump", pkgver:"4.9.1", pkgarch:"i586", pkgnum:"1_slack14.2")) flag++;
    if (slackware_check(osver:"14.2", arch:"x86_64", pkgname:"tcpdump", pkgver:"4.9.1", pkgarch:"x86_64", pkgnum:"1_slack14.2")) flag++;
    
    if (slackware_check(osver:"current", pkgname:"tcpdump", pkgver:"4.9.1", pkgarch:"i586", pkgnum:"1")) flag++;
    if (slackware_check(osver:"current", arch:"x86_64", pkgname:"tcpdump", pkgver:"4.9.1", pkgarch:"x86_64", pkgnum:"1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2690-1.NASL
    descriptionThis update for tcpdump fixes the following issues: Security issues fixed : - CVE-2017-11108: Crafted input allowed remote DoS (bsc#1047873) - CVE-2017-11541: Prevent a heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c (bsc#1057247). - CVE-2017-11542: Prevent a heap-based buffer over-read in the pimv1_print function in print-pim.c (bsc#1057247). - CVE-2017-11543: Prevent a buffer overflow in the sliplink_print function in print-sl.c (bsc#1057247). - CVE-2017-13011: Several protocol parsers in tcpdump could have caused a buffer overflow in util-print.c:bittok2str_internal() (bsc#1057247). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id103769
    published2017-10-11
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103769
    titleSUSE SLES11 Security Update : tcpdump (SUSE-SU-2017:2690-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3971.NASL
    descriptionSeveral vulnerabilities have been discovered in tcpdump, a command-line network traffic analyzer. These vulnerabilities might result in denial of service or, potentially, execution of arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id103148
    published2017-09-13
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103148
    titleDebian DSA-3971-1 : tcpdump - security update
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3415-1.NASL
    descriptionWilfried Kirsch discovered a buffer overflow in the SLIP decoder in tcpdump. A remote attacker could use this to cause a denial of service (application crash) or possibly execute arbitrary code. (CVE-2017-11543) Bhargava Shastry discovered a buffer overflow in the bitfield converter utility function bittok2str_internal() in tcpdump. A remote attacker could use this to cause a denial of service (application crash) or possibly execute arbitrary code. (CVE-2017-13011) Otto Airamo and Antti Levomaki discovered logic errors in different protocol parsers in tcpdump that could lead to an infinite loop. A remote attacker could use these to cause a denial of service (application hang). CVE-2017-12989, CVE-2017-12990, CVE-2017-12995, CVE-2017-12997) Otto Airamo, Brian Carpenter, Yannick Formaggio, Kamil Frankowicz, Katie Holly, Kim Gwan Yeong, Antti Levomaki, Henri Salo, and Bhargava Shastry discovered out-of-bounds reads in muliptle protocol parsers in tcpdump. A remote attacker could use these to cause a denial of service (application crash). (CVE-2017-11108, CVE-2017-11541, CVE-2017-11542, CVE-2017-12893, CVE-2017-12894, CVE-2017-12895, CVE-2017-12896, CVE-2017-12897, CVE-2017-12898, CVE-2017-12899, CVE-2017-12900, CVE-2017-12901, CVE-2017-12902, CVE-2017-12985, CVE-2017-12986, CVE-2017-12987, CVE-2017-12988, CVE-2017-12991, CVE-2017-12992, CVE-2017-12993, CVE-2017-12994, CVE-2017-12996, CVE-2017-12998, CVE-2017-12999, CVE-2017-13000, CVE-2017-13001, CVE-2017-13002, CVE-2017-13003, CVE-2017-13004, CVE-2017-13005, CVE-2017-13006, CVE-2017-13007, CVE-2017-13008, CVE-2017-13009, CVE-2017-13010, CVE-2017-13012, CVE-2017-13013, CVE-2017-13014, CVE-2017-13015, CVE-2017-13016, CVE-2017-13017, CVE-2017-13018, CVE-2017-13019, CVE-2017-13020, CVE-2017-13021, CVE-2017-13022, CVE-2017-13023, CVE-2017-13024, CVE-2017-13025, CVE-2017-13026, CVE-2017-13027, CVE-2017-13028, CVE-2017-13029, CVE-2017-13030, CVE-2017-13031, CVE-2017-13032, CVE-2017-13033, CVE-2017-13034, CVE-2017-13035, CVE-2017-13036, CVE-2017-13037, CVE-2017-13038, CVE-2017-13039, CVE-2017-13040, CVE-2017-13041, CVE-2017-13042, CVE-2017-13043, CVE-2017-13044, CVE-2017-13045, CVE-2017-13046, CVE-2017-13047, CVE-2017-13048, CVE-2017-13049, CVE-2017-13050, CVE-2017-13051, CVE-2017-13052, CVE-2017-13053, CVE-2017-13054, CVE-2017-13055, CVE-2017-13687, CVE-2017-13688, CVE-2017-13689, CVE-2017-13690, CVE-2017-13725). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id103218
    published2017-09-14
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103218
    titleUbuntu 14.04 LTS / 16.04 LTS / 17.04 : tcpdump vulnerabilities (USN-3415-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2674.NASL
    descriptionAccording to the versions of the tcpdump package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - tcpdump 4.9.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packet data. The crash occurs in the EXTRACT_16BITS function, called from the stp_print function for the Spanning Tree Protocol.(CVE-2017-11108) - tcpdump 4.9.0 has a buffer overflow in the sliplink_print function in print-sl.c.(CVE-2017-11543) - tcpdump 4.9.0 has a heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c.(CVE-2017-11541) - tcpdump 4.9.0 has a heap-based buffer over-read in the pimv1_print function in print-pim.c.(CVE-2017-11542) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-12-18
    plugin id132209
    published2019-12-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132209
    titleEulerOS 2.0 SP3 : tcpdump (EulerOS-SA-2019-2674)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201709-23.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201709-23 (Tcpdump: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Tcpdump. Please review the referenced CVE identifiers for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id103462
    published2017-09-26
    reporterThis script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/103462
    titleGLSA-201709-23 : Tcpdump: Multiple vulnerabilities
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1090.NASL
    descriptionSeveral vulnerabilities have been discovered in tcpdump, a command-line network traffic analyzer. These vulnerabilities might result in denial of service (application crash). For Debian 7
    last seen2020-03-17
    modified2017-09-07
    plugin id102982
    published2017-09-07
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102982
    titleDebian DLA-1090-1 : tcpdump security update
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2435.NASL
    descriptionAccording to the versions of the tcpdump package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - tcpdump 4.9.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packet data. The crash occurs in the EXTRACT_16BITS function, called from the stp_print function for the Spanning Tree Protocol.(CVE-2017-11108) - tcpdump 4.9.0 has a heap-based buffer over-read in the pimv1_print function in print-pim.c.(CVE-2017-11542) - tcpdump 4.9.0 has a heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c.(CVE-2017-11541) - tcpdump 4.9.0 has a buffer overflow in the sliplink_print function in print-sl.c.(CVE-2017-11543) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-12-04
    plugin id131589
    published2019-12-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131589
    titleEulerOS 2.0 SP2 : tcpdump (EulerOS-SA-2019-2435)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-1205.NASL
    descriptionThis update for tcpdump to version 4.9.2 fixes several issues. These security issues were fixed : - CVE-2017-11108: Prevent remote attackers to cause DoS (heap-based buffer over-read and application crash) via crafted packet data. The crash occured in the EXTRACT_16BITS function, called from the stp_print function for the Spanning Tree Protocol (bsc#1047873, bsc#1057247). - CVE-2017-11543: Prevent buffer overflow in the sliplink_print function in print-sl.c that allowed remote DoS (bsc#1057247). - CVE-2017-13011: Prevent buffer overflow in bittok2str_internal() that allowed remote DoS (bsc#1057247) - CVE-2017-12989: Prevent infinite loop in the RESP parser that allowed remote DoS (bsc#1057247) - CVE-2017-12990: Prevent infinite loop in the ISAKMP parser that allowed remote DoS (bsc#1057247) - CVE-2017-12995: Prevent infinite loop in the DNS parser that allowed remote DoS (bsc#1057247) - CVE-2017-12997: Prevent infinite loop in the LLDP parser that allowed remote DoS (bsc#1057247) - CVE-2017-11541: Prevent heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c that allowed remote DoS (bsc#1057247). - CVE-2017-11542: Prevent heap-based buffer over-read in the pimv1_print function in print-pim.c that allowed remote DoS (bsc#1057247). - CVE-2017-12893: Prevent buffer over-read in the SMB/CIFS parser that allowed remote DoS (bsc#1057247) - CVE-2017-12894: Prevent buffer over-read in several protocol parsers that allowed remote DoS (bsc#1057247) - CVE-2017-12895: Prevent buffer over-read in the ICMP parser that allowed remote DoS (bsc#1057247) - CVE-2017-12896: Prevent buffer over-read in the ISAKMP parser that allowed remote DoS (bsc#1057247) - CVE-2017-12897: Prevent buffer over-read in the ISO CLNS parser that allowed remote DoS (bsc#1057247) - CVE-2017-12898: Prevent buffer over-read in the NFS parser that allowed remote DoS (bsc#1057247) - CVE-2017-12899: Prevent buffer over-read in the DECnet parser that allowed remote DoS (bsc#1057247) - CVE-2017-12900: Prevent buffer over-read in the in several protocol parsers that allowed remote DoS (bsc#1057247) - CVE-2017-12901: Prevent buffer over-read in the EIGRP parser that allowed remote DoS (bsc#1057247) - CVE-2017-12902: Prevent buffer over-read in the Zephyr parser that allowed remote DoS (bsc#1057247) - CVE-2017-12985: Prevent buffer over-read in the IPv6 parser that allowed remote DoS (bsc#1057247) - CVE-2017-12986: Prevent buffer over-read in the IPv6 routing header parser that allowed remote DoS (bsc#1057247) - CVE-2017-12987: Prevent buffer over-read in the 802.11 parser that allowed remote DoS (bsc#1057247) - CVE-2017-12988: Prevent buffer over-read in the telnet parser that allowed remote DoS (bsc#1057247) - CVE-2017-12991: Prevent buffer over-read in the BGP parser that allowed remote DoS (bsc#1057247) - CVE-2017-12992: Prevent buffer over-read in the RIPng parser that allowed remote DoS (bsc#1057247) - CVE-2017-12993: Prevent buffer over-read in the Juniper protocols parser that allowed remote DoS (bsc#1057247) - CVE-2017-12994: Prevent buffer over-read in the BGP parser that allowed remote DoS (bsc#1057247) - CVE-2017-12996: Prevent buffer over-read in the PIMv2 parser that allowed remote DoS (bsc#1057247) - CVE-2017-12998: Prevent buffer over-read in the IS-IS parser that allowed remote DoS (bsc#1057247) - CVE-2017-12999: Prevent buffer over-read in the IS-IS parser that allowed remote DoS (bsc#1057247) - CVE-2017-13000: Prevent buffer over-read in the IEEE 802.15.4 parser that allowed remote DoS (bsc#1057247) - CVE-2017-13001: Prevent buffer over-read in the NFS parser that allowed remote DoS (bsc#1057247) - CVE-2017-13002: Prevent buffer over-read in the AODV parser that allowed remote DoS (bsc#1057247) - CVE-2017-13003: Prevent buffer over-read in the LMP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13004: Prevent buffer over-read in the Juniper protocols parser that allowed remote DoS (bsc#1057247) - CVE-2017-13005: Prevent buffer over-read in the NFS parser that allowed remote DoS (bsc#1057247) - CVE-2017-13006: Prevent buffer over-read in the L2TP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13007: Prevent buffer over-read in the Apple PKTAP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13008: Prevent buffer over-read in the IEEE 802.11 parser that allowed remote DoS (bsc#1057247) - CVE-2017-13009: Prevent buffer over-read in the IPv6 mobility parser that allowed remote DoS (bsc#1057247) - CVE-2017-13010: Prevent buffer over-read in the BEEP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13012: Prevent buffer over-read in the ICMP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13013: Prevent buffer over-read in the ARP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13014: Prevent buffer over-read in the White Board protocol parser that allowed remote DoS (bsc#1057247) - CVE-2017-13015: Prevent buffer over-read in the EAP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13016: Prevent buffer over-read in the ISO ES-IS parser that allowed remote DoS (bsc#1057247) - CVE-2017-13017: Prevent buffer over-read in the DHCPv6 parser that allowed remote DoS (bsc#1057247) - CVE-2017-13018: Prevent buffer over-read in the PGM parser that allowed remote DoS (bsc#1057247) - CVE-2017-13019: Prevent buffer over-read in the PGM parser that allowed remote DoS (bsc#1057247) - CVE-2017-13020: Prevent buffer over-read in the VTP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13021: Prevent buffer over-read in the ICMPv6 parser that allowed remote DoS (bsc#1057247) - CVE-2017-13022: Prevent buffer over-read in the IP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13023: Prevent buffer over-read in the IPv6 mobility parser that allowed remote DoS (bsc#1057247) - CVE-2017-13024: Prevent buffer over-read in the IPv6 mobility parser that allowed remote DoS (bsc#1057247) - CVE-2017-13025: Prevent buffer over-read in the IPv6 mobility parser that allowed remote DoS (bsc#1057247) - CVE-2017-13026: Prevent buffer over-read in the ISO IS-IS parser that allowed remote DoS (bsc#1057247) - CVE-2017-13027: Prevent buffer over-read in the LLDP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13028: Prevent buffer over-read in the BOOTP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13029: Prevent buffer over-read in the PPP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13030: Prevent buffer over-read in the PIM parser that allowed remote DoS (bsc#1057247) - CVE-2017-13031: Prevent buffer over-read in the IPv6 fragmentation header parser that allowed remote DoS (bsc#1057247) - CVE-2017-13032: Prevent buffer over-read in the RADIUS parser that allowed remote DoS (bsc#1057247) - CVE-2017-13033: Prevent buffer over-read in the VTP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13034: Prevent buffer over-read in the PGM parser that allowed remote DoS (bsc#1057247) - CVE-2017-13035: Prevent buffer over-read in the ISO IS-IS parser that allowed remote DoS (bsc#1057247) - CVE-2017-13036: Prevent buffer over-read in the OSPFv3 parser that allowed remote DoS (bsc#1057247) - CVE-2017-13037: Prevent buffer over-read in the IP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13038: Prevent buffer over-read in the PPP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13039: Prevent buffer over-read in the ISAKMP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13040: Prevent buffer over-read in the MPTCP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13041: Prevent buffer over-read in the ICMPv6 parser that allowed remote DoS (bsc#1057247) - CVE-2017-13042: Prevent buffer over-read in the HNCP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13043: Prevent buffer over-read in the BGP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13044: Prevent buffer over-read in the HNCP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13045: Prevent buffer over-read in the VQP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13046: Prevent buffer over-read in the BGP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13047: Prevent buffer over-read in the ISO ES-IS parser that allowed remote DoS (bsc#1057247) - CVE-2017-13048: Prevent buffer over-read in the RSVP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13049: Prevent buffer over-read in the Rx protocol parser that allowed remote DoS (bsc#1057247) - CVE-2017-13050: Prevent buffer over-read in the RPKI-Router parser that allowed remote DoS (bsc#1057247) - CVE-2017-13051: Prevent buffer over-read in the RSVP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13052: Prevent buffer over-read in the CFM parser that allowed remote DoS (bsc#1057247) - CVE-2017-13053: Prevent buffer over-read in the BGP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13054: Prevent buffer over-read in the LLDP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13055: Prevent buffer over-read in the ISO IS-IS parser that allowed remote DoS (bsc#1057247) - CVE-2017-13687: Prevent buffer over-read in the Cisco HDLC parser that allowed remote DoS (bsc#1057247) - CVE-2017-13688: Prevent buffer over-read in the OLSR parser that allowed remote DoS (bsc#1057247) - CVE-2017-13689: Prevent buffer over-read in the IKEv1 parser that allowed remote DoS (bsc#1057247) - CVE-2017-13690: Prevent buffer over-read in the IKEv2 parser that allowed remote DoS (bsc#1057247) - CVE-2017-13725: Prevent buffer over-read in the IPv6 routing header parser that allowed remote DoS (bsc#1057247) - Prevent segmentation fault in ESP decoder with OpenSSL 1.1 (bsc#1057247) This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-05
    modified2017-10-30
    plugin id104239
    published2017-10-30
    reporterThis script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/104239
    titleopenSUSE Security Update : tcpdump (openSUSE-2017-1205)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2854-1.NASL
    descriptionThis update for tcpdump to version 4.9.2 fixes several issues. These security issues were fixed : - CVE-2017-11108: Prevent remote attackers to cause DoS (heap-based buffer over-read and application crash) via crafted packet data. The crash occured in the EXTRACT_16BITS function, called from the stp_print function for the Spanning Tree Protocol (bsc#1047873, bsc#1057247). - CVE-2017-11543: Prevent buffer overflow in the sliplink_print function in print-sl.c that allowed remote DoS (bsc#1057247). - CVE-2017-13011: Prevent buffer overflow in bittok2str_internal() that allowed remote DoS (bsc#1057247) - CVE-2017-12989: Prevent infinite loop in the RESP parser that allowed remote DoS (bsc#1057247) - CVE-2017-12990: Prevent infinite loop in the ISAKMP parser that allowed remote DoS (bsc#1057247) - CVE-2017-12995: Prevent infinite loop in the DNS parser that allowed remote DoS (bsc#1057247) - CVE-2017-12997: Prevent infinite loop in the LLDP parser that allowed remote DoS (bsc#1057247) - CVE-2017-11541: Prevent heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c that allowed remote DoS (bsc#1057247). - CVE-2017-11542: Prevent heap-based buffer over-read in the pimv1_print function in print-pim.c that allowed remote DoS (bsc#1057247). - CVE-2017-12893: Prevent buffer over-read in the SMB/CIFS parser that allowed remote DoS (bsc#1057247) - CVE-2017-12894: Prevent buffer over-read in several protocol parsers that allowed remote DoS (bsc#1057247) - CVE-2017-12895: Prevent buffer over-read in the ICMP parser that allowed remote DoS (bsc#1057247) - CVE-2017-12896: Prevent buffer over-read in the ISAKMP parser that allowed remote DoS (bsc#1057247) - CVE-2017-12897: Prevent buffer over-read in the ISO CLNS parser that allowed remote DoS (bsc#1057247) - CVE-2017-12898: Prevent buffer over-read in the NFS parser that allowed remote DoS (bsc#1057247) - CVE-2017-12899: Prevent buffer over-read in the DECnet parser that allowed remote DoS (bsc#1057247) - CVE-2017-12900: Prevent buffer over-read in the in several protocol parsers that allowed remote DoS (bsc#1057247) - CVE-2017-12901: Prevent buffer over-read in the EIGRP parser that allowed remote DoS (bsc#1057247) - CVE-2017-12902: Prevent buffer over-read in the Zephyr parser that allowed remote DoS (bsc#1057247) - CVE-2017-12985: Prevent buffer over-read in the IPv6 parser that allowed remote DoS (bsc#1057247) - CVE-2017-12986: Prevent buffer over-read in the IPv6 routing header parser that allowed remote DoS (bsc#1057247) - CVE-2017-12987: Prevent buffer over-read in the 802.11 parser that allowed remote DoS (bsc#1057247) - CVE-2017-12988: Prevent buffer over-read in the telnet parser that allowed remote DoS (bsc#1057247) - CVE-2017-12991: Prevent buffer over-read in the BGP parser that allowed remote DoS (bsc#1057247) - CVE-2017-12992: Prevent buffer over-read in the RIPng parser that allowed remote DoS (bsc#1057247) - CVE-2017-12993: Prevent buffer over-read in the Juniper protocols parser that allowed remote DoS (bsc#1057247) - CVE-2017-12994: Prevent buffer over-read in the BGP parser that allowed remote DoS (bsc#1057247) - CVE-2017-12996: Prevent buffer over-read in the PIMv2 parser that allowed remote DoS (bsc#1057247) - CVE-2017-12998: Prevent buffer over-read in the IS-IS parser that allowed remote DoS (bsc#1057247) - CVE-2017-12999: Prevent buffer over-read in the IS-IS parser that allowed remote DoS (bsc#1057247) - CVE-2017-13000: Prevent buffer over-read in the IEEE 802.15.4 parser that allowed remote DoS (bsc#1057247) - CVE-2017-13001: Prevent buffer over-read in the NFS parser that allowed remote DoS (bsc#1057247) - CVE-2017-13002: Prevent buffer over-read in the AODV parser that allowed remote DoS (bsc#1057247) - CVE-2017-13003: Prevent buffer over-read in the LMP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13004: Prevent buffer over-read in the Juniper protocols parser that allowed remote DoS (bsc#1057247) - CVE-2017-13005: Prevent buffer over-read in the NFS parser that allowed remote DoS (bsc#1057247) - CVE-2017-13006: Prevent buffer over-read in the L2TP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13007: Prevent buffer over-read in the Apple PKTAP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13008: Prevent buffer over-read in the IEEE 802.11 parser that allowed remote DoS (bsc#1057247) - CVE-2017-13009: Prevent buffer over-read in the IPv6 mobility parser that allowed remote DoS (bsc#1057247) - CVE-2017-13010: Prevent buffer over-read in the BEEP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13012: Prevent buffer over-read in the ICMP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13013: Prevent buffer over-read in the ARP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13014: Prevent buffer over-read in the White Board protocol parser that allowed remote DoS (bsc#1057247) - CVE-2017-13015: Prevent buffer over-read in the EAP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13016: Prevent buffer over-read in the ISO ES-IS parser that allowed remote DoS (bsc#1057247) - CVE-2017-13017: Prevent buffer over-read in the DHCPv6 parser that allowed remote DoS (bsc#1057247) - CVE-2017-13018: Prevent buffer over-read in the PGM parser that allowed remote DoS (bsc#1057247) - CVE-2017-13019: Prevent buffer over-read in the PGM parser that allowed remote DoS (bsc#1057247) - CVE-2017-13020: Prevent buffer over-read in the VTP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13021: Prevent buffer over-read in the ICMPv6 parser that allowed remote DoS (bsc#1057247) - CVE-2017-13022: Prevent buffer over-read in the IP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13023: Prevent buffer over-read in the IPv6 mobility parser that allowed remote DoS (bsc#1057247) - CVE-2017-13024: Prevent buffer over-read in the IPv6 mobility parser that allowed remote DoS (bsc#1057247) - CVE-2017-13025: Prevent buffer over-read in the IPv6 mobility parser that allowed remote DoS (bsc#1057247) - CVE-2017-13026: Prevent buffer over-read in the ISO IS-IS parser that allowed remote DoS (bsc#1057247) - CVE-2017-13027: Prevent buffer over-read in the LLDP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13028: Prevent buffer over-read in the BOOTP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13029: Prevent buffer over-read in the PPP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13030: Prevent buffer over-read in the PIM parser that allowed remote DoS (bsc#1057247) - CVE-2017-13031: Prevent buffer over-read in the IPv6 fragmentation header parser that allowed remote DoS (bsc#1057247) - CVE-2017-13032: Prevent buffer over-read in the RADIUS parser that allowed remote DoS (bsc#1057247) - CVE-2017-13033: Prevent buffer over-read in the VTP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13034: Prevent buffer over-read in the PGM parser that allowed remote DoS (bsc#1057247) - CVE-2017-13035: Prevent buffer over-read in the ISO IS-IS parser that allowed remote DoS (bsc#1057247) - CVE-2017-13036: Prevent buffer over-read in the OSPFv3 parser that allowed remote DoS (bsc#1057247) - CVE-2017-13037: Prevent buffer over-read in the IP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13038: Prevent buffer over-read in the PPP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13039: Prevent buffer over-read in the ISAKMP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13040: Prevent buffer over-read in the MPTCP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13041: Prevent buffer over-read in the ICMPv6 parser that allowed remote DoS (bsc#1057247) - CVE-2017-13042: Prevent buffer over-read in the HNCP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13043: Prevent buffer over-read in the BGP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13044: Prevent buffer over-read in the HNCP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13045: Prevent buffer over-read in the VQP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13046: Prevent buffer over-read in the BGP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13047: Prevent buffer over-read in the ISO ES-IS parser that allowed remote DoS (bsc#1057247) - CVE-2017-13048: Prevent buffer over-read in the RSVP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13049: Prevent buffer over-read in the Rx protocol parser that allowed remote DoS (bsc#1057247) - CVE-2017-13050: Prevent buffer over-read in the RPKI-Router parser that allowed remote DoS (bsc#1057247) - CVE-2017-13051: Prevent buffer over-read in the RSVP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13052: Prevent buffer over-read in the CFM parser that allowed remote DoS (bsc#1057247) - CVE-2017-13053: Prevent buffer over-read in the BGP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13054: Prevent buffer over-read in the LLDP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13055: Prevent buffer over-read in the ISO IS-IS parser that allowed remote DoS (bsc#1057247) - CVE-2017-13687: Prevent buffer over-read in the Cisco HDLC parser that allowed remote DoS (bsc#1057247) - CVE-2017-13688: Prevent buffer over-read in the OLSR parser that allowed remote DoS (bsc#1057247) - CVE-2017-13689: Prevent buffer over-read in the IKEv1 parser that allowed remote DoS (bsc#1057247) - CVE-2017-13690: Prevent buffer over-read in the IKEv2 parser that allowed remote DoS (bsc#1057247) - CVE-2017-13725: Prevent buffer over-read in the IPv6 routing header parser that allowed remote DoS (bsc#1057247) - Prevent segmentation fault in ESP decoder with OpenSSL 1.1 (bsc#1057247) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id104208
    published2017-10-27
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104208
    titleSUSE SLED12 / SLES12 Security Update : tcpdump (SUSE-SU-2017:2854-1)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOS_10_13_1.NASL
    descriptionThe remote host is running a version of Mac OS X that is 10.13.x prior to 10.13.1. It is, therefore, affected by multiple vulnerabilities in the following components : - APFS - curl - Dictionary Widget - Kernel - StreamingZip - tcpdump - Wi-Fi Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id104378
    published2017-11-03
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104378
    titlemacOS 10.13.x < 10.13.1 Multiple Vulnerabilities

Redhat

advisories
rhsa
idRHEA-2018:0705
rpms
  • tcpdump-14:4.9.2-3.el7
  • tcpdump-debuginfo-14:4.9.2-3.el7