Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
archlinuxArchLinuxASA-201706-29
HistoryJun 23, 2017 - 12:00 a.m.

[ASA-201706-29] tcpreplay: arbitrary code execution

2017-06-2300:00:00
security.archlinux.org
10

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.7%

JSON

Arch Linux Security Advisory ASA-201706-29

Severity: High
Date : 2017-06-23
CVE-ID : CVE-2017-6429
Package : tcpreplay
Type : arbitrary code execution
Remote : No
Link : https://security.archlinux.org/AVG-211

Summary

The package tcpreplay before version 4.2.5-1 is vulnerable to arbitrary
code execution.

Resolution

Upgrade to 4.2.5-1.

pacman -Syu “tcpreplay>=4.2.5-1”

The problem has been fixed upstream in version 4.2.5.

Workaround

None.

Description

Buffer overflow in the tcpcapinfo utility in tcpreplay before 4.2.0
Beta 1 allows attackers to have unspecified impact via a pcap file with
an over-size packet.

Impact

An attacker can provide a crafted pcap file with an over-size packet to
execute arbitrary code with the privileges of the tcpcapinfo process.

References

https://github.com/appneta/tcpreplay/commit/d689d14dbcd768c028eab2fb378d849e543dcfe9
https://github.com/appneta/tcpreplay/issues/278
http://www.securityfocus.com/bid/96579
https://security.archlinux.org/CVE-2017-6429

OSVersionArchitecturePackageVersionFilename
ArchLinuxanyanytcpreplay< 4.2.5-1UNKNOWN

Related

ubuntucve 1
openvas 4
fedora 5
prion 1
nessus 6
debiancve 1
zdt 1
osv 1
cve 1
ubuntucve
ubuntucve
CVE-2017-6429
2017-03-15 00:00:00
openvas
openvas
Fedora Update for tcpreplay FEDORA-2017-936a79ee30
2017-03-18 00:00:00
Fedora Update for tcpreplay FEDORA-2017-dc1828d4f9
2017-03-16 00:00:00
Fedora Update for tcpreplay FEDORA-2017-5e945de883
2017-04-03 00:00:00
fedora
fedora
[SECURITY] Fedora 25 Update: tcpreplay-4.1.2-3.fc25
2017-03-15 18:25:28
[SECURITY] Fedora 24 Update: tcpreplay-4.1.2-3.fc24
2017-03-16 21:19:18
[SECURITY] Fedora 24 Update: tcpreplay-4.2.1-1.fc24
2017-04-01 21:18:04
prion
prion
Buffer overflow
2017-03-15 15:59:00
nessus
nessus
openSUSE Security Update : tcpreplay (openSUSE-2017-390)
2017-03-28 00:00:00
Fedora 24 : tcpreplay (2017-936a79ee30)
2017-03-17 00:00:00
Fedora 26 : tcpreplay (2017-8306577cc7)
2017-07-17 00:00:00
debiancve
debiancve
CVE-2017-6429
2017-03-15 15:59:00
zdt
zdt
Tcpreplay 4.1.2 tcpcapinfo Buffer Overflow Vulnerability
2017-03-06 00:00:00
osv
osv
CVE-2017-6429
2017-03-15 15:59:01
cve
cve
CVE-2017-6429
2017-03-15 15:59:00

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.7%

JSON
Related for ASA-201706-29
ubuntucve1openvas4fedora5prion1nessus6debiancve1zdt1osv1cve1