Vulnerabilities > CVE-2018-10932 - Unspecified vulnerability in Intel Lldptool
Attack vector
ADJACENT_NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
LOW Availability impact
NONE Summary
lldptool version 1.0.1 and older can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed. This may allow an attacker to inject shell control characters into the buffer and impact the behavior of the terminal.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 7 |
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-3673.NASL description An update for lldpad is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The lldpad packages provide the Linux user space daemon and configuration tool for Intel last seen 2020-06-01 modified 2020-06-02 plugin id 130563 published 2019-11-06 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130563 title RHEL 8 : lldpad (RHSA-2019:3673) NASL family Fedora Local Security Checks NASL id FEDORA_2018-CEC7093BAA.NASL description - Add upstream fix for improper sanitization of shell-escape codes when lldptool parses a mngAddr TLV (CVE-2018-10932). - Add upstream patch to support DSCP selectors in APP TLVs. This allows configuration of DSCP-based packet prioritization on capable network devices. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2019-01-03 plugin id 120803 published 2019-01-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120803 title Fedora 28 : lldpad (2018-cec7093baa) NASL family Fedora Local Security Checks NASL id FEDORA_2018-E9D1EC6DBC.NASL description - Add upstream fix for improper sanitization of shell-escape codes when lldptool parses a mngAddr TLV (CVE-2018-10932). - Add upstream patch to support DSCP selectors in APP TLVs. This allows configuration of DSCP-based packet prioritization on capable network devices. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-11-16 plugin id 119008 published 2018-11-16 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119008 title Fedora 27 : lldpad (2018-e9d1ec6dbc) NASL family Fedora Local Security Checks NASL id FEDORA_2018-06D56C8C9D.NASL description - Add upstream fix for improper sanitization of shell-escape codes when lldptool parses a mngAddr TLV (CVE-2018-10932). - Add upstream patch to support DSCP selectors in APP TLVs. This allows configuration of DSCP-based packet prioritization on capable network devices. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2019-01-03 plugin id 120215 published 2019-01-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120215 title Fedora 29 : lldpad (2018-06d56c8c9d)
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
References
- https://access.redhat.com/errata/RHSA-2019:3673
- https://access.redhat.com/errata/RHSA-2019:3673
- https://bugzilla.redhat.com/show_bug.cgi?id=1551623
- https://bugzilla.redhat.com/show_bug.cgi?id=1551623
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10932
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10932
- https://github.com/intel/openlldp/pull/7
- https://github.com/intel/openlldp/pull/7