Vulnerabilities > CVE-2018-10932 - Unspecified vulnerability in Intel Lldptool

047910
CVSS 4.3 - MEDIUM
Attack vector
ADJACENT_NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
LOW
Availability impact
NONE
low complexity
intel
nessus

Summary

lldptool version 1.0.1 and older can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed. This may allow an attacker to inject shell control characters into the buffer and impact the behavior of the terminal.

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-3673.NASL
    descriptionAn update for lldpad is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The lldpad packages provide the Linux user space daemon and configuration tool for Intel
    last seen2020-06-01
    modified2020-06-02
    plugin id130563
    published2019-11-06
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130563
    titleRHEL 8 : lldpad (RHSA-2019:3673)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-CEC7093BAA.NASL
    description - Add upstream fix for improper sanitization of shell-escape codes when lldptool parses a mngAddr TLV (CVE-2018-10932). - Add upstream patch to support DSCP selectors in APP TLVs. This allows configuration of DSCP-based packet prioritization on capable network devices. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120803
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120803
    titleFedora 28 : lldpad (2018-cec7093baa)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-E9D1EC6DBC.NASL
    description - Add upstream fix for improper sanitization of shell-escape codes when lldptool parses a mngAddr TLV (CVE-2018-10932). - Add upstream patch to support DSCP selectors in APP TLVs. This allows configuration of DSCP-based packet prioritization on capable network devices. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2018-11-16
    plugin id119008
    published2018-11-16
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119008
    titleFedora 27 : lldpad (2018-e9d1ec6dbc)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-06D56C8C9D.NASL
    description - Add upstream fix for improper sanitization of shell-escape codes when lldptool parses a mngAddr TLV (CVE-2018-10932). - Add upstream patch to support DSCP selectors in APP TLVs. This allows configuration of DSCP-based packet prioritization on capable network devices. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120215
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120215
    titleFedora 29 : lldpad (2018-06d56c8c9d)

Redhat

advisories
bugzilla
id1727326
titlelldpad memory usage increases over time
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 8 is installed
      ovaloval:com.redhat.rhba:tst:20193384074
    • OR
      • AND
        • commentlldpad-debugsource is earlier than 0:1.0.1-13.git036e314.el8
          ovaloval:com.redhat.rhsa:tst:20193673001
        • commentlldpad-debugsource is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20193673002
      • AND
        • commentlldpad is earlier than 0:1.0.1-13.git036e314.el8
          ovaloval:com.redhat.rhsa:tst:20193673003
        • commentlldpad is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20193673004
rhsa
idRHSA-2019:3673
released2019-11-05
severityLow
titleRHSA-2019:3673: lldpad security and bug fix update (Low)
rpms
  • lldpad-0:1.0.1-13.git036e314.el8
  • lldpad-debuginfo-0:1.0.1-13.git036e314.el8
  • lldpad-debugsource-0:1.0.1-13.git036e314.el8