Lucene search

K
archlinux
ArchLinuxASA-201702-1
HistoryFeb 02, 2017 - 12:00 a.m.

[ASA-201702-1] tcpdump: arbitrary code execution

2017-02-0200:00:00
security.archlinux.org
7

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.378 Low

EPSS

Percentile

97.1%

Arch Linux Security Advisory ASA-201702-1

Severity: Critical
Date : 2017-02-02
CVE-ID : CVE-2016-7922 CVE-2016-7923 CVE-2016-7924 CVE-2016-7925
CVE-2016-7926 CVE-2016-7927 CVE-2016-7928 CVE-2016-7929
CVE-2016-7930 CVE-2016-7931 CVE-2016-7932 CVE-2016-7933
CVE-2016-7934 CVE-2016-7935 CVE-2016-7936 CVE-2016-7937
CVE-2016-7938 CVE-2016-7939 CVE-2016-7940 CVE-2016-7973
CVE-2016-7974 CVE-2016-7975 CVE-2016-7983 CVE-2016-7984
CVE-2016-7985 CVE-2016-7986 CVE-2016-7992 CVE-2016-7993
CVE-2016-8574 CVE-2016-8575 CVE-2017-5202 CVE-2017-5203
CVE-2017-5204 CVE-2017-5205 CVE-2017-5341 CVE-2017-5342
CVE-2017-5482 CVE-2017-5483 CVE-2017-5484 CVE-2017-5485
CVE-2017-5486
Package : tcpdump
Type : arbitrary code execution
Remote : Yes
Link : https://security.archlinux.org/AVG-161

Summary

The package tcpdump before version 4.9.0-1 is vulnerable to arbitrary
code execution.

Resolution

Upgrade to 4.9.0-1.

pacman -Syu “tcpdump>=4.9.0-1”

The problems have been fixed upstream in version 4.9.0.

Workaround

None.

Description

  • CVE-2016-7922 (arbitrary code execution)

The AH parser in tcpdump before 4.9.0 has a buffer overflow in print-
ah.c:ah_print().

  • CVE-2016-7923 (arbitrary code execution)

The ARP parser in tcpdump before 4.9.0 has a buffer overflow in print-
arp.c:arp_print().

  • CVE-2016-7924 (arbitrary code execution)

The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-
atm.c:oam_print().

  • CVE-2016-7925 (arbitrary code execution)

The compressed SLIP parser in tcpdump before 4.9.0 has a buffer
overflow in print-sl.c:sl_if_print().

  • CVE-2016-7926 (arbitrary code execution)

The Ethernet parser in tcpdump before 4.9.0 has a buffer overflow in
print-ether.c:ethertype_print().

  • CVE-2016-7927 (arbitrary code execution)

The IEEE 802.11 parser in tcpdump before 4.9.0 has a buffer overflow in
print-802_11.c:ieee802_11_radio_print().

  • CVE-2016-7928 (arbitrary code execution)

The IPComp parser in tcpdump before 4.9.0 has a buffer overflow in
print-ipcomp.c:ipcomp_print().

  • CVE-2016-7929 (arbitrary code execution)

The Juniper PPPoE ATM parser in tcpdump before 4.9.0 has a buffer
overflow in print-juniper.c:juniper_parse_header().

  • CVE-2016-7930 (arbitrary code execution)

The LLC/SNAP parser in tcpdump before 4.9.0 has a buffer overflow in
print-llc.c:llc_print().

  • CVE-2016-7931 (arbitrary code execution)

The MPLS parser in tcpdump before 4.9.0 has a buffer overflow in print-
mpls.c:mpls_print().

  • CVE-2016-7932 (arbitrary code execution)

The PIM parser in tcpdump before 4.9.0 has a buffer overflow in print-
pim.c:pimv2_check_checksum().

  • CVE-2016-7933 (arbitrary code execution)

The PPP parser in tcpdump before 4.9.0 has a buffer overflow in print-
ppp.c:ppp_hdlc_if_print().

  • CVE-2016-7934 (arbitrary code execution)

The RTCP parser in tcpdump before 4.9.0 has a buffer overflow in print-
udp.c:rtcp_print().

  • CVE-2016-7935 (arbitrary code execution)

The RTP parser in tcpdump before 4.9.0 has a buffer overflow in print-
udp.c:rtp_print().

  • CVE-2016-7936 (arbitrary code execution)

The UDP parser in tcpdump before 4.9.0 has a buffer overflow in print-
udp.c:udp_print().

  • CVE-2016-7937 (arbitrary code execution)

The VAT parser in tcpdump before 4.9.0 has a buffer overflow in print-
udp.c:vat_print().

  • CVE-2016-7938 (arbitrary code execution)

The ZeroMQ parser in tcpdump before 4.9.0 has an integer overflow in
print-zeromq.c:zmtp1_print_frame().

  • CVE-2016-7939 (arbitrary code execution)

The GRE parser in tcpdump before 4.9.0 has a buffer overflow in print-
gre.c, multiple functions.

  • CVE-2016-7940 (arbitrary code execution)

The STP parser in tcpdump before 4.9.0 has a buffer overflow in print-
stp.c, multiple functions.

  • CVE-2016-7973 (arbitrary code execution)

The AppleTalk parser in tcpdump before 4.9.0 has a buffer overflow in
print-atalk.c, multiple functions.

  • CVE-2016-7974 (arbitrary code execution)

The IP parser in tcpdump before 4.9.0 has a buffer overflow in print-
ip.c, multiple functions.

  • CVE-2016-7975 (arbitrary code execution)

The TCP parser in tcpdump before 4.9.0 has a buffer overflow in print-
tcp.c:tcp_print().

  • CVE-2016-7983 (arbitrary code execution)

The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in
print-bootp.c:bootp_print().

  • CVE-2016-7984 (arbitrary code execution)

The TFTP parser in tcpdump before 4.9.0 has a buffer overflow in print-
tftp.c:tftp_print().

  • CVE-2016-7985 (arbitrary code execution)

The CALM FAST parser in tcpdump before 4.9.0 has a buffer overflow in
print-calm-fast.c:calm_fast_print().

  • CVE-2016-7986 (arbitrary code execution)

The GeoNetworking parser in tcpdump before 4.9.0 has a buffer overflow
in print-geonet.c, multiple functions.

  • CVE-2016-7992 (arbitrary code execution)

The Classical IP over ATM parser in tcpdump before 4.9.0 has a buffer
overflow in print-cip.c:cip_if_print().

  • CVE-2016-7993 (arbitrary code execution)

A bug in util-print.c:relts_print() in tcpdump before 4.9.0 could cause
a buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP,
lightweight resolver protocol, PIM).

  • CVE-2016-8574 (arbitrary code execution)

The FRF.15 parser in tcpdump before 4.9.0 has a buffer overflow in
print-fr.c:frf15_print().

  • CVE-2016-8575 (arbitrary code execution)

The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in
print-fr.c:q933_print(), a different vulnerability than CVE-2017-5482.

  • CVE-2017-5202 (arbitrary code execution)

The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in
print-isoclns.c:clnp_print().

  • CVE-2017-5203 (arbitrary code execution)

The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in
print-bootp.c:bootp_print().

  • CVE-2017-5204 (arbitrary code execution)

The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print-
ip6.c:ip6_print().

  • CVE-2017-5205 (arbitrary code execution)

The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in
print-isakmp.c:ikev2_e_print().

  • CVE-2017-5341 (arbitrary code execution)

The OTV parser in tcpdump before 4.9.0 has a buffer overflow in print-
otv.c:otv_print().

  • CVE-2017-5342 (arbitrary code execution)

In tcpdump before 4.9.0, a bug in multiple protocol parsers (Geneve,
GRE, NSH, OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in
print-ether.c:ether_print().

  • CVE-2017-5482 (arbitrary code execution)

The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in
print-fr.c:q933_print(), a different vulnerability than CVE-2016-8575.

  • CVE-2017-5483 (arbitrary code execution)

The SNMP parser in tcpdump before 4.9.0 has a buffer overflow in print-
snmp.c:asn1_parse().

  • CVE-2017-5484 (arbitrary code execution)

The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-
atm.c:sig_print().

  • CVE-2017-5485 (arbitrary code execution)

The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in
addrtoname.c:lookup_nsap().

  • CVE-2017-5486 (arbitrary code execution)

The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in
print-isoclns.c:clnp_print().

Impact

A remote attacker can execute arbitrary code on the affected host by
crafting network packets.

References

https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html
https://security.archlinux.org/CVE-2016-7922
https://security.archlinux.org/CVE-2016-7923
https://security.archlinux.org/CVE-2016-7924
https://security.archlinux.org/CVE-2016-7925
https://security.archlinux.org/CVE-2016-7926
https://security.archlinux.org/CVE-2016-7927
https://security.archlinux.org/CVE-2016-7928
https://security.archlinux.org/CVE-2016-7929
https://security.archlinux.org/CVE-2016-7930
https://security.archlinux.org/CVE-2016-7931
https://security.archlinux.org/CVE-2016-7932
https://security.archlinux.org/CVE-2016-7933
https://security.archlinux.org/CVE-2016-7934
https://security.archlinux.org/CVE-2016-7935
https://security.archlinux.org/CVE-2016-7936
https://security.archlinux.org/CVE-2016-7937
https://security.archlinux.org/CVE-2016-7938
https://security.archlinux.org/CVE-2016-7939
https://security.archlinux.org/CVE-2016-7940
https://security.archlinux.org/CVE-2016-7973
https://security.archlinux.org/CVE-2016-7974
https://security.archlinux.org/CVE-2016-7975
https://security.archlinux.org/CVE-2016-7983
https://security.archlinux.org/CVE-2016-7984
https://security.archlinux.org/CVE-2016-7985
https://security.archlinux.org/CVE-2016-7986
https://security.archlinux.org/CVE-2016-7992
https://security.archlinux.org/CVE-2016-7993
https://security.archlinux.org/CVE-2016-8574
https://security.archlinux.org/CVE-2016-8575
https://security.archlinux.org/CVE-2017-5202
https://security.archlinux.org/CVE-2017-5203
https://security.archlinux.org/CVE-2017-5204
https://security.archlinux.org/CVE-2017-5205
https://security.archlinux.org/CVE-2017-5341
https://security.archlinux.org/CVE-2017-5342
https://security.archlinux.org/CVE-2017-5482
https://security.archlinux.org/CVE-2017-5483
https://security.archlinux.org/CVE-2017-5484
https://security.archlinux.org/CVE-2017-5485
https://security.archlinux.org/CVE-2017-5486

OSVersionArchitecturePackageVersionFilename
ArchLinuxanyanytcpdump< 4.9.0-1UNKNOWN

References

Use Vulners API to create your own security tool

API usage cases
  • Network scanning
  • Linux Patch management
  • Threat protection
  • No network audit solution

Ways of integration

Integrate Vulners API

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.378 Low

EPSS

Percentile

97.1%

Related for ASA-201702-1