|
|
|
Tcpdump Multiple Flaws Let Remote Users View Potentially Sensitive Information, Deny Service, and Execute Arbitrary Code
|
SecurityTracker Alert ID: 1039307 |
SecurityTracker URL: http://securitytracker.com/id/1039307
|
CVE Reference:
CVE-2017-11541, CVE-2017-11542, CVE-2017-11543, CVE-2017-12893, CVE-2017-12894, CVE-2017-12895, CVE-2017-12896, CVE-2017-12897, CVE-2017-12898, CVE-2017-12899, CVE-2017-12900, CVE-2017-12901, CVE-2017-12902, CVE-2017-12985, CVE-2017-12986, CVE-2017-12987, CVE-2017-12988, CVE-2017-12989, CVE-2017-12990, CVE-2017-12991, CVE-2017-12992, CVE-2017-12993, CVE-2017-12994, CVE-2017-12995, CVE-2017-12996, CVE-2017-12997, CVE-2017-12998, CVE-2017-12999, CVE-2017-13000, CVE-2017-13001, CVE-2017-13002, CVE-2017-13003, CVE-2017-13004, CVE-2017-13005, CVE-2017-13006, CVE-2017-13007, CVE-2017-13008, CVE-2017-13009, CVE-2017-13010, CVE-2017-13011, CVE-2017-13012, CVE-2017-13013, CVE-2017-13014, CVE-2017-13015, CVE-2017-13016, CVE-2017-13017, CVE-2017-13018, CVE-2017-13019, CVE-2017-13020, CVE-2017-13021, CVE-2017-13022, CVE-2017-13023, CVE-2017-13024, CVE-2017-13025, CVE-2017-13026, CVE-2017-13027, CVE-2017-13028, CVE-2017-13029, CVE-2017-13030, CVE-2017-13031, CVE-2017-13032, CVE-2017-13033, CVE-2017-13034, CVE-2017-13035, CVE-2017-13036, CVE-2017-13037, CVE-2017-13038, CVE-2017-13039, CVE-2017-13040, CVE-2017-13041, CVE-2017-13042, CVE-2017-13043, CVE-2017-13044, CVE-2017-13045, CVE-2017-13046, CVE-2017-13047, CVE-2017-13048, CVE-2017-13049, CVE-2017-13050, CVE-2017-13051, CVE-2017-13052, CVE-2017-13053, CVE-2017-13054, CVE-2017-13055, CVE-2017-13687, CVE-2017-13688, CVE-2017-13689, CVE-2017-13690, CVE-2017-13725
(Links to External Site)
|
Date: Sep 11 2017
|
Impact:
Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): prior to 4.9.2
|
Description:
Multiple vulnerabilities were reported in Tcpdump. A remote user can execute arbitrary code on the target system. A remote user can cause denial of service conditions on the target system. A remote user can obtain potentially sensitive information on the target system.
A remote user can send specially crafted data to trigger a buffer overflow and execute arbitrary code on the target system.
The SLIP component is affected [CVE-2017-11543].
The bittok2str_internal component is affected [CVE-2017-13011].
A remote user can send specially crafted data to cause the target service to enter an infinite loop.
The RESP component is affected [CVE-2017-12989].
The ISAKMP component is affected [CVE-2017-12990].
The DNS component is affected [CVE-2017-12995].
The LLDP component is affected [CVE-2017-12997].
A remote user can send a specially crafted request to trigger a buffer overread memory error and view potentially sensitive information on the target system.
The safeputs component is affected [CVE-2017-11541].
The PIMv1 component is affected [CVE-2017-11542].
The SMB/CIFS component is affected [CVE-2017-12893].
The lookup_bytestring component is affected [CVE-2017-12894].
The ICMP component is affected [CVE-2017-12895, CVE-2017-13012].
The ISAKMP component is affected [CVE-2017-12896, CVE-2017-13039].
The ISO CLNS component is affected [CVE-2017-12897].
The NFS component is affected [CVE-2017-12898, CVE-2017-13005, CVE-2017-13001].
The DECnet component is affected [CVE-2017-12899].
The tok2strbuf component is affected [CVE-2017-12900].
The EIGRP component is affected [CVE-2017-12901].
The Zephyr component is affected [CVE-2017-12902].
The IPv6 component is affected [CVE-2017-12985].
The IPv6 routing headers component is affected [CVE-2017-12986].
The IPv6 mobility component is affected [CVE-2017-13009, CVE-2017-13023, CVE-2017-13024, CVE-2017-13025].
The IEEE 802.11 component is affected [CVE-2017-12987, CVE-2017-13008].
The telnet component is affected [CVE-2017-12988].
The BGP component is affected [CVE-2017-12991, CVE-2017-12994, CVE-2017-13053, CVE-2017-13046, CVE-2017-13043].
The RIPng component is affected [CVE-2017-12992].
The Juniper component is affected [CVE-2017-12993, CVE-2017-13004].
The PIMv2 component is affected [CVE-2017-12996].
The ISO IS-IS component is affected [CVE-2017-12998, CVE-2017-12999, CVE-2017-13026, CVE-2017-13055, CVE-2017-13035].
The IEEE 802.15.4 component is affected [CVE-2017-13000].
The AODV component is affected [CVE-2017-13002].
The LMP component is affected [CVE-2017-13003].
The L2TP component is affected [CVE-2017-13006].
The Apple PKTAP component is affected [CVE-2017-13007].
The BEEP component is affected [CVE-2017-13010].
The ARP component is affected [CVE-2017-13013].
The White Board component is affected [CVE-2017-13014].
The EAP component is affected [CVE-2017-13015].
The SLIP component is affected [CVE-2017-11543].
The ISO ES-IS component is affected [CVE-2017-13016, CVE-2017-13047].
The DHCPv6 component is affected [CVE-2017-13017].
The PGM component is affected [CVE-2017-13018, CVE-2017-13019, CVE-2017-13034].
The VTP component is affected [CVE-2017-13020, CVE-2017-13033].
The ICMPv6 component is affected [CVE-2017-13021, CVE-2017-13041].
The IP component is affected [CVE-2017-13022].
The LLDP component is affected [CVE-2017-13027, CVE-2017-13054].
The BOOTP component is affected [CVE-2017-13028].
The PPP component is affected [CVE-2017-13029].
The PIM component is affected [CVE-2017-13030].
The IPv6 fragmentation header component is affected [CVE-2017-13031].
The RADIUS component is affected [CVE-2017-13032].
The OSPFv3 component is affected [CVE-2017-13036].
The IP component is affected [CVE-2017-13037].
The PPP component is affected [CVE-2017-13038].
The MPTCP component is affected [CVE-2017-13040].
The HNCP component is affected [CVE-2017-13042, CVE-2017-13044].
The VQP component is affected [CVE-2017-13045].
The RSVP component is affected [CVE-2017-13048, CVE-2017-13051].
The Rx component is affected [CVE-2017-13049].
The RPKI-Router component is affected [CVE-2017-13050].
The CFM component is affected [CVE-2017-13052].
The Cisco HDLC component is affected [CVE-2017-13687].
The OLSR component is affected [CVE-2017-13688].
The IKEv1 component is affected [CVE-2017-13689].
The IKEv2 component is affected [CVE-2017-13690].
The IPv6 routing headers component is affected [CVE-2017-13725].
|
Impact:
A remote user can execute arbitrary code on the target system.
A remote user can cause denial of service conditions.
A remote user can obtain potentially sensitive information on the target system.
|
Solution:
The vendor has issued a fix (4.9.2).
The vendor advisory is available at:
http://www.tcpdump.org/tcpdump-changes.txt
|
Vendor URL: tcpdump.org/ (Links to External Site)
|
Cause:
Access control error, Boundary error, State error
|
Underlying OS: Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
Sep 14 2017 |
(Ubuntu Issues Fix) Tcpdump Multiple Flaws Let Remote Users View Potentially Sensitive Information, Deny Service, and Execute Arbitrary Code
Ubuntu has issued a fix for Ubuntu Linux 14.04 LTS, 16.04 LTS, and 17.04.
|
Sep 14 2017 |
(Ubuntu Issues Fix) Tcpdump Multiple Flaws Let Remote Users View Potentially Sensitive Information, Deny Service, and Execute Arbitrary Code
Ubuntu has issued a fix for Ubuntu Linux 12.04 ESM.
|
Nov 9 2017 |
(IBM Issues Fix for IBM AIX) Tcpdump Multiple Flaws Let Remote Users View Potentially Sensitive Information, Deny Service, and Execute Arbitrary Code
IBM has issued a fix for IBM AIX 5.3.12 , 6.1.9, 7.1.3, 7.1.4, 7.2.0, and 7.2.1.
|
|
Source Message Contents
|
|
[Original Message Not Available for Viewing]
|
|
Go to the Top of This SecurityTracker Archive Page
|