Vulnerabilities > CVE-2018-19519 - Missing Initialization of Resource vulnerability in Tcpdump 4.9.2
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
In tcpdump 4.9.2, a stack-based buffer over-read exists in the print_prefix function of print-hncp.c via crafted packet data because of missing initialization.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-1559.NASL description This update for tcpdump fixes the following issues : Security issues fixed : - CVE-2018-19519: Fixed a stack-based buffer over-read in the print_prefix function (bsc#1117267) This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-05 modified 2018-12-17 plugin id 119715 published 2018-12-17 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119715 title openSUSE Security Update : tcpdump (openSUSE-2018-1559) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2018-1559. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(119715); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2018-19519"); script_name(english:"openSUSE Security Update : tcpdump (openSUSE-2018-1559)"); script_summary(english:"Check for the openSUSE-2018-1559 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for tcpdump fixes the following issues : Security issues fixed : - CVE-2018-19519: Fixed a stack-based buffer over-read in the print_prefix function (bsc#1117267) This update was imported from the SUSE:SLE-15:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1117267" ); script_set_attribute( attribute:"solution", value:"Update the affected tcpdump packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tcpdump"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tcpdump-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tcpdump-debugsource"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0"); script_set_attribute(attribute:"patch_publication_date", value:"2018/12/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE15.0", reference:"tcpdump-4.9.2-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"tcpdump-debuginfo-4.9.2-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"tcpdump-debugsource-4.9.2-lp150.2.3.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "tcpdump / tcpdump-debuginfo / tcpdump-debugsource"); }NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-4131-1.NASL description This update for tcpdump fixes the following issues : Security issues fixed : CVE-2018-19519: Fixed a stack-based buffer over-read in the print_prefix function (bsc#1117267) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-18 modified 2019-01-02 plugin id 120187 published 2019-01-02 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120187 title SUSE SLED15 / SLES15 Security Update : tcpdump (SUSE-SU-2018:4131-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4252-1.NASL description Multiple security issues were discovered in tcpdump. A remote attacker could use these issues to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 133291 published 2020-01-28 reporter Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133291 title Ubuntu 16.04 LTS / 18.04 LTS : tcpdump vulnerabilities (USN-4252-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-4149-1.NASL description This update for tcpdump fixes the following issues : Security issues fixed : CVE-2018-19519: Fixed a stack-based buffer over-read in the print_prefix function (bsc#1117267) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-28 modified 2018-12-18 plugin id 119742 published 2018-12-18 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119742 title SUSE SLED12 / SLES12 Security Update : tcpdump (SUSE-SU-2018:4149-1) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2019-3976.NASL description An update for tcpdump is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The tcpdump packages contain the tcpdump utility for monitoring network traffic. The tcpdump utility can capture and display the packet headers on a particular network interface or on all interfaces. Security Fix(es) : * tcpdump: Stack-based buffer over-read in print-hncp.c:print_prefix() via crafted pcap (CVE-2018-19519) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 131570 published 2019-12-04 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131570 title CentOS 7 : tcpdump (CESA-2019:3976) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-3976.NASL description An update for tcpdump is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The tcpdump packages contain the tcpdump utility for monitoring network traffic. The tcpdump utility can capture and display the packet headers on a particular network interface or on all interfaces. Security Fix(es) : * tcpdump: Stack-based buffer over-read in print-hncp.c:print_prefix() via crafted pcap (CVE-2018-19519) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 131377 published 2019-11-27 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131377 title RHEL 7 : tcpdump (RHSA-2019:3976) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1016.NASL description This update for tcpdump fixes the following issues : Security issues fixed : - CVE-2018-19519: Fixed a stack-based buffer over-read in the print_prefix function (bsc#1117267) This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 123155 published 2019-03-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123155 title openSUSE Security Update : tcpdump (openSUSE-2019-1016) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1072.NASL description According to the versions of the tcpdump package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: last seen 2020-06-01 modified 2020-06-02 plugin id 132826 published 2020-01-13 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132826 title EulerOS Virtualization for ARM 64 3.0.5.0 : tcpdump (EulerOS-SA-2020-1072) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2233.NASL description According to the versions of the tcpdump package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The victim must open a specially crafted pcap file. (CVE-2019-1010220) - In tcpdump 4.9.2, a stack-based buffer over-read exists in the print_prefix function of print-hncp.c via crafted packet data because of missing initialization.(CVE-2018-19519) - tcpdump 4.9.2 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c.(CVE-2017-16808) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 130695 published 2019-11-08 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130695 title EulerOS 2.0 SP5 : tcpdump (EulerOS-SA-2019-2233) NASL family AIX Local Security Checks NASL id AIX_IJ12983.NASL description http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19519 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19519 Tcpdump is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the print_prefix function of print-hncp.c. By using a specially-crafted packet data, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. last seen 2020-06-01 modified 2020-06-02 plugin id 122429 published 2019-02-26 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122429 title AIX 7.2 TL 3 : tcpdump (IJ12983) NASL family Amazon Linux Local Security Checks NASL id AL2_ALAS-2020-1385.NASL description In tcpdump 4.9.2, a stack-based buffer over-read exists in the print_prefix function of print-hncp.c via crafted packet data because of missing initialization. (CVE-2018-19519) last seen 2020-06-01 modified 2020-06-02 plugin id 133095 published 2020-01-21 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133095 title Amazon Linux 2 : tcpdump (ALAS-2020-1385) NASL family Fedora Local Security Checks NASL id FEDORA_2019-85D92DF70F.NASL description New version 4.9.3, Security fix for CVE-2017-16808, CVE-2018-14468, CVE-2018-14469, CVE-2018-14470, CVE-2018-14466, CVE-2018-14461, CVE-2018-14462, CVE-2018-14465, CVE-2018-14881, CVE-2018-14464, CVE-2018-14463, CVE-2018-14467, CVE-2018-10103, CVE-2018-10105, CVE-2018-14880, CVE-2018-16451, CVE-2018-14882, CVE-2018-16227, CVE-2018-16229, CVE-2018-16301, CVE-2018-16230, CVE-2018-16452, CVE-2018-16300, CVE-2018-16228, CVE-2019-15166, CVE-2019-15167, CVE-2017-16808, CVE-2018-14882, CVE-2018-19519 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 130308 published 2019-10-28 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130308 title Fedora 29 : 14:tcpdump (2019-85d92df70f) NASL family AIX Local Security Checks NASL id AIX_IJ12979.NASL description http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19519 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19519 Tcpdump is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the print_prefix function of print-hncp.c. By using a specially-crafted packet data, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. last seen 2020-06-01 modified 2020-06-02 plugin id 122425 published 2019-02-26 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122425 title AIX 7.1 TL 4 : tcpdump (IJ12979) NASL family Scientific Linux Local Security Checks NASL id SL_20191202_TCPDUMP_ON_SL7_X.NASL description Security Fix(es) : - tcpdump: Stack-based buffer over-read in print-hncp.c:print_prefix() via crafted pcap (CVE-2018-19519) last seen 2020-03-18 modified 2019-12-04 plugin id 131680 published 2019-12-04 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131680 title Scientific Linux Security Update : tcpdump on SL7.x x86_64 (20191202) NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-1589.NASL description This update for tcpdump fixes the following security issue : - CVE-2018-19519: Fixed a stack-based buffer over-read in the print_prefix function (bsc#1117267) This update was imported from the SUSE:SLE-12:Update update project. last seen 2020-06-05 modified 2018-12-24 plugin id 119857 published 2018-12-24 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119857 title openSUSE Security Update : tcpdump (openSUSE-2018-1589) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-1_0-0218_TCPDUMP.NASL description An update of the tcpdump package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 125162 published 2019-05-15 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125162 title Photon OS 1.0: Tcpdump PHSA-2019-1.0-0218 NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0266_TCPDUMP.NASL description The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has tcpdump packages installed that are affected by a vulnerability: - In tcpdump 4.9.2, a stack-based buffer over-read exists in the print_prefix function of print-hncp.c via crafted packet data because of missing initialization. (CVE-2018-19519) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 132500 published 2019-12-31 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132500 title NewStart CGSL CORE 5.04 / MAIN 5.04 : tcpdump Vulnerability (NS-SA-2019-0266) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2257.NASL description According to the versions of the tcpdump package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In tcpdump 4.9.2, a stack-based buffer over-read exists in the print_prefix function of print-hncp.c via crafted packet data because of missing initialization.(CVE-2018-19519) - tcpdump 4.9.2 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c.(CVE-2017-16808) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-11-08 plugin id 130719 published 2019-11-08 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130719 title EulerOS 2.0 SP3 : tcpdump (EulerOS-SA-2019-2257) NASL family Fedora Local Security Checks NASL id FEDORA_2019-D06BC63433.NASL description New version 4.9.3, Security fix for CVE-2017-16808, CVE-2018-14468, CVE-2018-14469, CVE-2018-14470, CVE-2018-14466, CVE-2018-14461, CVE-2018-14462, CVE-2018-14465, CVE-2018-14881, CVE-2018-14464, CVE-2018-14463, CVE-2018-14467, CVE-2018-10103, CVE-2018-10105, CVE-2018-14880, CVE-2018-16451, CVE-2018-14882, CVE-2018-16227, CVE-2018-16229, CVE-2018-16301, CVE-2018-16230, CVE-2018-16452, CVE-2018-16300, CVE-2018-16228, CVE-2019-15166, CVE-2019-15167, CVE-2017-16808, CVE-2018-14882, CVE-2018-19519 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 130321 published 2019-10-28 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130321 title Fedora 30 : 14:tcpdump (2019-d06bc63433) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2020-0008_TCPDUMP.NASL description The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has tcpdump packages installed that are affected by a vulnerability: - In tcpdump 4.9.2, a stack-based buffer over-read exists in the print_prefix function of print-hncp.c via crafted packet data because of missing initialization. (CVE-2018-19519) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 133077 published 2020-01-20 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133077 title NewStart CGSL CORE 5.05 / MAIN 5.05 : tcpdump Vulnerability (NS-SA-2020-0008) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2019-3976.NASL description From Red Hat Security Advisory 2019:3976 : An update for tcpdump is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The tcpdump packages contain the tcpdump utility for monitoring network traffic. The tcpdump utility can capture and display the packet headers on a particular network interface or on all interfaces. Security Fix(es) : * tcpdump: Stack-based buffer over-read in print-hncp.c:print_prefix() via crafted pcap (CVE-2018-19519) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 131518 published 2019-12-03 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131518 title Oracle Linux 7 : tcpdump (ELSA-2019-3976) NASL family AIX Local Security Checks NASL id AIX_IJ12982.NASL description http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19519 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19519 Tcpdump is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the print_prefix function of print-hncp.c. By using a specially-crafted packet data, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. last seen 2020-06-01 modified 2020-06-02 plugin id 122428 published 2019-02-26 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122428 title AIX 7.2 TL 2 : tcpdump (IJ12982) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2305.NASL description According to the versions of the tcpdump package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The tcpdump packages contain the tcpdump utility for monitoring network traffic. The tcpdump utility can capture and display the packet headers on a particular network interface or on all interfaces.Security Fix(es):tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c.(CVE-2017-16808)The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().(CVE-2018-14468)The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().(CVE-2018-14469)The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().(CVE-2018-14470)The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert().(CVE-2018-14466)The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print().(CVE-2018-14461)The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().(CVE-2018-14462)The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().(CVE-2018-14465)The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART).(CVE-2018-14881)The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs().(CVE-2018-144 64)The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print().(CVE-2018-14463)The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP).(CVE-2018-14467)tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2).(CVE-2018-10103)tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2).(CVE-2018-10105)The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().(CVE-2018-14880)The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN.(CVE-2018-16451)The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c.(CVE-2018-14882)The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield.(CVE-2018-16227)The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().(CVE-2018-16229)libpca p before 1.9.1, as used in tcpdump before 4.9.3, has a buffer overflow and/or over-read because of errors in pcapng reading.(CVE-2018-16301)The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI).(CVE-2018-16230)The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion.(CVE-2018-16452)The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion.(CVE-2018-16300)The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().(CVE-2018-16228)lmp_print_d ata_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.(CVE-2019-15166)tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: last seen 2020-05-03 modified 2019-11-27 plugin id 131371 published 2019-11-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131371 title EulerOS 2.0 SP8 : tcpdump (EulerOS-SA-2019-2305) NASL family Fedora Local Security Checks NASL id FEDORA_2019-6DB0D5B9D9.NASL description New version 4.9.3, Security fix for CVE-2017-16808, CVE-2018-14468, CVE-2018-14469, CVE-2018-14470, CVE-2018-14466, CVE-2018-14461, CVE-2018-14462, CVE-2018-14465, CVE-2018-14881, CVE-2018-14464, CVE-2018-14463, CVE-2018-14467, CVE-2018-10103, CVE-2018-10105, CVE-2018-14880, CVE-2018-16451, CVE-2018-14882, CVE-2018-16227, CVE-2018-16229, CVE-2018-16301, CVE-2018-16230, CVE-2018-16452, CVE-2018-16300, CVE-2018-16228, CVE-2019-15166, CVE-2019-15167, CVE-2017-16808, CVE-2018-14882, CVE-2018-19519 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 130370 published 2019-10-30 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130370 title Fedora 31 : 14:tcpdump (2019-6db0d5b9d9) NASL family AIX Local Security Checks NASL id AIX_IJ12980.NASL description http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19519 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19519 Tcpdump is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the print_prefix function of print-hncp.c. By using a specially-crafted packet data, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. last seen 2020-06-01 modified 2020-06-02 plugin id 122426 published 2019-02-26 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122426 title AIX 7.1 TL 5 : tcpdump (IJ12980) NASL family AIX Local Security Checks NASL id AIX_IJ12981.NASL description http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19519 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19519 Tcpdump is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the print_prefix function of print-hncp.c. By using a specially-crafted packet data, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. last seen 2020-06-01 modified 2020-06-02 plugin id 122427 published 2019-02-26 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122427 title AIX 7.2 TL 1 : tcpdump (IJ12981)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- https://github.com/zyingp/temp/blob/master/tcpdump.md
- http://www.securityfocus.com/bid/106098
- https://access.redhat.com/errata/RHSA-2019:3976
- https://usn.ubuntu.com/4252-2/
- https://usn.ubuntu.com/4252-1/
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/