CVE-2018-16227

2019-10-03T16:15:12

Description

The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield.

Affected Software

CPE Name	Name	Version
tcpdump:tcpdump	tcpdump	4.9.3

{"id": "CVE-2018-16227", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2018-16227", "description": "The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield.", "published": "2019-10-03T16:15:12", "modified": "2023-11-07T02:53:43", "epss": [{"cve": "CVE-2018-16227", "epss": 0.00327, "percentile": 0.67612, "modified": "2023-11-27"}], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0}, "severity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH"}}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16227", "reporter": "cve@mitre.org", "references": ["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html", "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html", "http://seclists.org/fulldisclosure/2019/Dec/26", "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", "https://github.com/the-tcpdump-group/tcpdump/commit/4846b3c5d0a850e860baf4f07340495d29837d09", "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/", "https://seclists.org/bugtraq/2019/Dec/23", "https://seclists.org/bugtraq/2019/Oct/28", "https://security.netapp.com/advisory/ntap-20200120-0001/", "https://support.apple.com/kb/HT210788", "https://usn.ubuntu.com/4252-1/", "https://usn.ubuntu.com/4252-2/", "https://www.debian.org/security/2019/dsa-4547"], "cvelist": ["CVE-2018-16227"], "immutableFields": [], "lastseen": "2023-11-28T15:13:09", "viewCount": 201, "enchantments": {"dependencies": {"references": [{"type": "aix", "idList": ["TCPDUMP_ADVISORY5.ASC"]}, {"type": "almalinux", "idList": ["ALSA-2020:4760"]}, {"type": "alpinelinux", "idList": ["ALPINE:CVE-2018-16227"]}, {"type": "apple", "idList": ["APPLE:FE34E67588C6E371B47F8C80ED459F90", "APPLE:HT210788"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:40DA9EC9652A3858F9F7AF08C709173D"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1955-1:22EE5", "DEBIAN:DLA-1955-1:52801", "DEBIAN:DSA-4547-1:D6E02"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2018-16227"]}, {"type": "f5", "idList": ["F5:K44551633"]}, {"type": "fedora", "idList": ["FEDORA:24BBA6076F61", "FEDORA:2D179607011A", "FEDORA:30E0D6049C87"]}, {"type": "hackerone", "idList": ["H1:724243"]}, {"type": "ibm", "idList": ["19BD9444E195601BE99DC098E9C970C68F2E7A0306271E91599BA5B3726DD8AA"]}, {"type": "mageia", "idList": ["MGASA-2019-0297"]}, {"type": "nessus", "idList": ["AIX_IJ20783.NASL", "AIX_IJ20784.NASL", "AIX_IJ20785.NASL", "AIX_IJ20786.NASL", "DEBIAN_DLA-1955.NASL", "DEBIAN_DSA-4547.NASL", "EULEROS_SA-2019-2305.NASL", "EULEROS_SA-2019-2551.NASL", "EULEROS_SA-2020-1072.NASL", "EULEROS_SA-2020-1437.NASL", "F5_BIGIP_SOL44551633.NASL", "FEDORA_2019-6DB0D5B9D9.NASL", "FEDORA_2019-85D92DF70F.NASL", "FEDORA_2019-D06BC63433.NASL", "MACOS_HT210788.NASL", "NEWSTART_CGSL_NS-SA-2021-0082_TCPDUMP.NASL", "OPENSUSE-2019-2344.NASL", "OPENSUSE-2019-2348.NASL", "ORACLELINUX_ELSA-2020-4760.NASL", "PHOTONOS_PHSA-2019-2_0-0182_TCPDUMP.NASL", "PHOTONOS_PHSA-2019-3_0-0034_TCPDUMP.NASL", "REDHAT-RHSA-2020-4760.NASL", "ROCKY_LINUX_RLSA-2020-4760.NASL", "SLACKWARE_SSA_2019-274-01.NASL", "SUSE_SU-2019-2674-1.NASL", "SUSE_SU-2020-3360-1.NASL", "UBUNTU_USN-4252-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310113543", "OPENVAS:1361412562310704547", "OPENVAS:1361412562310815874", "OPENVAS:1361412562310844311", "OPENVAS:1361412562310852744", "OPENVAS:1361412562310852829", "OPENVAS:1361412562310876932", "OPENVAS:1361412562310876949", "OPENVAS:1361412562310877172", "OPENVAS:1361412562310891955", "OPENVAS:1361412562311220192305", "OPENVAS:1361412562311220192551", "OPENVAS:1361412562311220201072", "OPENVAS:1361412562311220201437"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-4760"]}, {"type": "osv", "idList": ["OSV:DLA-1955-1"]}, {"type": "photon", "idList": ["PHSA-2019-0034", "PHSA-2019-0182", "PHSA-2019-0255", "PHSA-2019-1.0-0255", "PHSA-2019-2.0-0182", "PHSA-2019-3.0-0034"]}, {"type": "prion", "idList": ["PRION:CVE-2018-16227"]}, {"type": "redhat", "idList": ["RHSA-2020:4760", "RHSA-2020:5605", "RHSA-2020:5633", "RHSA-2021:0799"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-16227"]}, {"type": "rocky", "idList": ["RLSA-2020:4760"]}, {"type": "rosalinux", "idList": ["ROSA-SA-2021-1985"]}, {"type": "slackware", "idList": ["SSA-2019-274-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:2344-1", "OPENSUSE-SU-2019:2348-1"]}, {"type": "ubuntu", "idList": ["USN-4252-1", "USN-4252-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-16227"]}, {"type": "veracode", "idList": ["VERACODE:26194"]}]}, "score": {"value": 8.5, "uncertanity": 0.6, "vector": "NONE"}, "backreferences": {"references": [{"type": "aix", "idList": ["TCPDUMP_ADVISORY5.ASC"]}, {"type": "almalinux", "idList": ["ALSA-2020:4760"]}, {"type": "apple", "idList": ["APPLE:FE34E67588C6E371B47F8C80ED459F90"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:40DA9EC9652A3858F9F7AF08C709173D"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1955-1:22EE5", "DEBIAN:DSA-4547-1:D6E02"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2018-16227"]}, {"type": "f5", "idList": ["F5:K44551633"]}, {"type": "fedora", "idList": ["FEDORA:24BBA6076F61", "FEDORA:2D179607011A", "FEDORA:30E0D6049C87"]}, {"type": "hackerone", "idList": ["H1:724243"]}, {"type": "ibm", "idList": ["19BD9444E195601BE99DC098E9C970C68F2E7A0306271E91599BA5B3726DD8AA"]}, {"type": "nessus", "idList": ["AIX_IJ20783.NASL", "AIX_IJ20784.NASL", "AIX_IJ20785.NASL", "AIX_IJ20786.NASL", "DEBIAN_DLA-1955.NASL", "DEBIAN_DSA-4547.NASL", "EULEROS_SA-2020-1072.NASL", "ORACLELINUX_ELSA-2020-4760.NASL", "PHOTONOS_PHSA-2019-2_0-0182_TCPDUMP.NASL", "PHOTONOS_PHSA-2019-3_0-0034_TCPDUMP.NASL", "SLACKWARE_SSA_2019-274-01.NASL", "UBUNTU_USN-4252-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310113543", "OPENVAS:1361412562310704547", "OPENVAS:1361412562310844311", "OPENVAS:1361412562310852744", "OPENVAS:1361412562310852829", "OPENVAS:1361412562310877172", "OPENVAS:1361412562310891955", "OPENVAS:1361412562311220192305", "OPENVAS:1361412562311220192551", "OPENVAS:1361412562311220201072"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-4760"]}, {"type": "photon", "idList": ["PHSA-2019-2.0-0182", "PHSA-2019-3.0-0034"]}, {"type": "redhat", "idList": ["RHSA-2020:4760"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-16227"]}, {"type": "slackware", "idList": ["SSA-2019-274-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:2344-1", "OPENSUSE-SU-2019:2348-1"]}, {"type": "ubuntu", "idList": ["USN-4252-1", "USN-4252-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-16227"]}]}, "exploitation": null, "affected_software": {"major_version": [{"name": "tcpdump", "version": 4}, {"name": "apple mac os x", "version": 10}, {"name": "debian debian linux", "version": 8}, {"name": "debian debian linux", "version": 9}, {"name": "debian debian linux", "version": 10}, {"name": "fedoraproject fedora", "version": 29}, {"name": "fedoraproject fedora", "version": 30}, {"name": "fedoraproject fedora", "version": 31}, {"name": "opensuse leap", "version": 15}, {"name": "opensuse leap", "version": 15}, {"name": "redhat enterprise linux", "version": 7}, {"name": "redhat enterprise linux", "version": 8}]}, "epss": [{"cve": "CVE-2018-16227", "epss": 0.00327, "percentile": 0.66428, "modified": "2023-05-06"}], "vulnersScore": 8.5}, "_state": {"dependencies": 1701186201, "score": 1701184817, "affected_software_major_version": 0, "epss": 0}, "_internal": {"score_hash": "9f300c9a85fb1451845bd5088760a10d"}, "cna_cvss": {"cna": "mitre", "cvss": {}}, "cpe": [], "cpe23": [], "cwe": ["CWE-125"], "affectedSoftware": [{"cpeName": "tcpdump:tcpdump", "version": "4.9.3", "operator": "lt", "name": "tcpdump"}], "affectedConfiguration": [], "cpeConfiguration": {"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:tcpdump:tcpdump:4.9.3:*:*:*:*:*:*:*", "versionEndExcluding": "4.9.3", "matchCriteriaId": "CA59BD9C-6C0C-4584-A8CC-8C652E9D36AF"}]}]}, "extraReferences": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}, {"url": "http://seclists.org/fulldisclosure/2019/Dec/26", "source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", "source": "cve@mitre.org", "tags": ["Release Notes", "Third Party Advisory"]}, {"url": "https://github.com/the-tcpdump-group/tcpdump/commit/4846b3c5d0a850e860baf4f07340495d29837d09", "source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/", "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/", "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/", "source": "cve@mitre.org"}, {"url": "https://seclists.org/bugtraq/2019/Dec/23", "source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://seclists.org/bugtraq/2019/Oct/28", "source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://security.netapp.com/advisory/ntap-20200120-0001/", "source": "cve@mitre.org"}, {"url": "https://support.apple.com/kb/HT210788", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}, {"url": "https://usn.ubuntu.com/4252-1/", "source": "cve@mitre.org"}, {"url": "https://usn.ubuntu.com/4252-2/", "source": "cve@mitre.org"}, {"url": "https://www.debian.org/security/2019/dsa-4547", "source": "cve@mitre.org", "tags": ["Third Party Advisory"]}], "product_info": [{"vendor": "Tcpdump", "product": "Tcpdump"}], "solutions": [], "workarounds": [], "impacts": [], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "exploits": [], "assigned": "2018-08-30T00:00:00"}

{"veracode": [{"lastseen": "2022-07-26T16:41:26", "description": "tcpdump is vulnerable to denial of service (DoS). The vulnerability exists as the IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-08-06T21:35:29", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16227"], "modified": "2022-04-19T18:46:08", "id": "VERACODE:26194", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-26194/summary", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ubuntucve": [{"lastseen": "2023-11-28T14:27:01", "description": "The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in\nprint-802_11.c for the Mesh Flags subfield.", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2019-09-30T00:00:00", "type": "ubuntucve", "title": "CVE-2018-16227", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16227"], "modified": "2019-09-30T00:00:00", "id": "UB:CVE-2018-16227", "href": "https://ubuntu.com/security/CVE-2018-16227", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "alpinelinux": [{"lastseen": "2023-11-27T23:24:28", "description": "The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield.", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2019-10-03T16:15:12", "type": "alpinelinux", "title": "CVE-2018-16227", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16227"], "modified": "2023-11-07T02:53:43", "id": "ALPINE:CVE-2018-16227", "href": "https://security.alpinelinux.org/vuln/CVE-2018-16227", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "hackerone": [{"lastseen": "2023-10-17T07:36:12", "bounty": 0.0, "description": "Versions of tcpdump before 4.9.3 are vulnerable to a buffer over-read in print-802_11.c. This vulnerability was disclosed to the tcpdump maintainers and was recently patched in version 4.9.3 and disclosed as (CVE-2018-16227).\n\nI was credited with finding and disclosing this vulnerability: https://www.tcpdump.org/public-cve-list.txt\n```\nCVE-2018-16227,tcpdump,ieee802.11_meshhdr-oobr.pcap,\"Ryan Ackroyd\",2018/05/26,Y,4846b3c5d0a850e860baf4f07340495d29837d09,4.9.3,,\n```\nThis vulnerability was found and tested on tcpdump 4.9.2 after compiling tcpdump with Address Sanitizer (ASAN) support and fuzzing tcpdump with mutated packets, I have attached a working test-case as a Proof of Concept to this report named \"fuzzer06:id:000021,sig:11,src:008627,op:havoc,rep:2\". \n\nThis vulnerability can be triggered using the following command: \n\n```\ntcpdump -e -vvvv -H -u -nn -r fuzzer06:id:000021,sig:11,src:008627,op:havoc,rep:2\n```\n\nThe above command produces the following output, ASAN marks this as a \"heap-buffer-overflow \":\n\n```\nreading from file fuzzer06:id:000021,sig:11,src:008627,op:havoc,rep:2, link-type IEEE802_11_RADIO (802.11 plus radiotap header)\n12:05:07.276297 15738588889088us tsft 4096 MHz 11n 19dBm signal antenna 20 52.0 Mb/s MCS 25 20 MHz long GI LDPC FEC More Data 44us BSSID:20:7c:8f:50:3f:3a DA:68:a3:c4:03:46:da SA:20:7c:8f:50:3f:3a ReAssoc Request[|802.11]\n=================================================================\n==5793==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf4a01801 at pc 0x08090ae9 bp 0xffc10aa8 sp 0xffc10a98\nREAD of size 1 at 0xf4a01801 thread T0\n #0 0x8090ae8 in ctrl_body_print print-802_11.c:1676\n #1 0x8090ae8 in ieee802_11_print print-802_11.c:2092\n #2 0x809297b in ieee802_11_radio_print print-802_11.c:3257\n #3 0x809297b in ieee802_11_radio_if_print print-802_11.c:3352\n #4 0x80844b4 in pretty_print_packet print.c:332\n #5 0x8065ce8 in print_packet tcpdump.c:2497\n #6 0x83fcb6a in pcap_offline_read savefile.c:527\n #7 0x8346bfe in pcap_loop pcap.c:890\n #8 0x805afb8 in main tcpdump.c:2000\n #9 0xf700a636 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x18636)\n #10 0x806226a (/home/user/targets/builds33/tcpdump-4.9.2/tcpdump+0x806226a)\n\n0xf4a01801 is located 1 bytes to the right of 64-byte region [0xf4a017c0,0xf4a01800)\nallocated by thread T0 here:\n #0 0xf723edee in malloc (/usr/lib32/libasan.so.2+0x96dee)\n #1 0x8400752 in pcap_check_header sf-pcap.c:401\n\nSUMMARY: AddressSanitizer: heap-buffer-overflow print-802_11.c:1676 ctrl_body_print\nShadow bytes around the buggy address:\n 0x3e9402b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x3e9402c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x3e9402d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x3e9402e0: fa fa fa fa fa fa fa fa fa fa fa fa fd fd fd fd\n 0x3e9402f0: fd fd fd fd fa fa fa fa 00 00 00 00 00 00 00 00\n=>0x3e940300:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x3e940310: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x3e940320: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x3e940330: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x3e940340: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x3e940350: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\nShadow byte legend (one shadow byte represents 8 application bytes):\n Addressable: 00\n Partially addressable: 01 02 03 04 05 06 07 \n Heap left redzone: fa\n Heap right redzone: fb\n Freed heap region: fd\n Stack left redzone: f1\n Stack mid redzone: f2\n Stack right redzone: f3\n Stack partial redzone: f4\n Stack after return: f5\n Stack use after scope: f8\n Global redzone: f9\n Global init order: f6\n Poisoned by user: f7\n Container overflow: fc\n Array cookie: ac\n Intra object redzone: bb\n ASan internal: fe\n==5793==ABORTING\n```\n\nMore information about this vulnerability can be found in the following locations: \n\nNVD: https://nvd.nist.gov/vuln/detail/CVE-2018-16227\nCVE details: https://www.cvedetails.com/cve/CVE-2018-16227/\n\n## Impact\n\nThis vulnerability can lead to significant information disclosure and allow an attacker to modify system files remotely, across a network with no interaction from the victim.\n\nCVSS v3.1 Severity and Metrics:\n\nBase Score: 9.8 CRITICAL\nVector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (V3.1 legend)\nImpact Score: 5.9\nExploitability Score: 3.9\n\nAttack Vector (AV): Network\nAttack Complexity (AC): Low\nPrivileges Required (PR): None\nUser Interaction (UI): None\nScope (S): Unchanged\nConfidentiality (C): High\nIntegrity (I): High\nAvailability (A): High", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-10-28T23:03:20", "type": "hackerone", "title": "Internet Bug Bounty: Tcpdump before 4.9.3 has a buffer over-read in print-802_11.c (CVE-2018-16227)", "bulletinFamily": "bugbounty", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16227"], "modified": "2020-02-13T21:27:26", "id": "H1:724243", "href": "https://hackerone.com/reports/724243", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "prion": [{"lastseen": "2023-11-22T02:36:35", "description": "The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield.", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2019-10-03T16:15:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16227"], "modified": "2020-01-20T13:15:00", "id": "PRION:CVE-2018-16227", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2018-16227", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "redhatcve": [{"lastseen": "2023-11-25T23:45:16", "description": "An out-of-bounds read vulnerability was discovered in tcpdump while printing IEEE 802.11 packets captured in a pcap file or coming from the network. A remote attacker may abuse this flaw by sending specially crafted packets that, when printed, would trigger the flaw and crash the application.\n", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2019-10-10T18:18:00", "type": "redhatcve", "title": "CVE-2018-16227", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16227"], "modified": "2023-09-07T21:06:27", "id": "RH:CVE-2018-16227", "href": "https://access.redhat.com/security/cve/cve-2018-16227", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "debiancve": [{"lastseen": "2023-11-28T02:27:40", "description": "The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield.", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2019-10-03T16:15:12", "type": "debiancve", "title": "CVE-2018-16227", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16227"], "modified": "2019-10-03T16:15:12", "id": "DEBIANCVE:CVE-2018-16227", "href": "https://security-tracker.debian.org/tracker/CVE-2018-16227", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "f5": [{"lastseen": "2023-02-08T16:58:23", "description": " * [CVE-2018-10103](<https://vulners.com/cve/CVE-2018-10103>)\n\ntcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2).\n\n * [CVE-2018-10105](<https://vulners.com/cve/CVE-2018-10105>)\n\ntcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2).\n\n * [CVE-2018-14882](<https://vulners.com/cve/CVE-2018-14882>)\n\nThe ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c.\n\n * [CVE-2019-15166](<https://vulners.com/cve/CVE-2019-15166>)\n\nlmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks. \n\n * [CVE-2018-16230](<https://vulners.com/cve/CVE-2018-16230>)\n\nThe BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI).\n\n * [CVE-2018-16300](<https://vulners.com/cve/CVE-2018-16300>)\n\nThe BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion.\n\n * [CVE-2018-14881](<https://vulners.com/cve/CVE-2018-14881>)\n\nThe BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART). \n\n * [CVE-2018-16229](<https://vulners.com/cve/CVE-2018-16229>)\n\nThe DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option(). \n\n * [CVE-2018-16228](<https://vulners.com/cve/CVE-2018-16228>)\n\nThe HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().\n\n * [CVE-2018-16227](<https://vulners.com/cve/CVE-2018-16227>)\n\nThe IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield.\n\n * [CVE-2018-16451](<https://vulners.com/cve/CVE-2018-16451>)\n\nThe SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN.\n\n * [CVE-2018-16452](<https://vulners.com/cve/CVE-2018-16452>)\n\nThe SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion.\n\nImpact\n\nThese vulnerabilities can result in denial of service (DoS) or, potentially, execution of arbitrary code.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-11-11T16:50:00", "type": "f5", "title": "Multiple tcpdump vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16451", "CVE-2018-16452", "CVE-2019-15166"], "modified": "2021-06-02T06:12:00", "id": "F5:K44551633", "href": "https://support.f5.com/csp/article/K44551633", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-05-18T15:03:35", "description": "CVE-2018-10103\n\ntcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2).\n\nCVE-2018-10105 tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2).\n\nCVE-2018-14882 The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c.\n\nCVE-2019-15166 lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.\n\nCVE-2018-16230 The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI).\n\nCVE-2018-16300 The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion.\n\nCVE-2018-14881 The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART).\n\nCVE-2018-16229 The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().\n\nCVE-2018-16228 The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().\n\nCVE-2018-16227 The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield.\n\nCVE-2018-16451 The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN.\n\nCVE-2018-16452 The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion.\n\nImpact\n\nThese vulnerabilities can result in denial of service (DoS) or, potentially, execution of arbitrary code.", "cvss3": {}, "published": "2020-07-09T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : Multiple tcpdump vulnerabilities (K44551633)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16451", "CVE-2018-16452", "CVE-2019-15166"], "modified": "2021-06-03T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/h:f5:big-ip"], "id": "F5_BIGIP_SOL44551633.NASL", "href": "https://www.tenable.com/plugins/nessus/138231", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K44551633.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138231);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/03\");\n\n script_cve_id(\"CVE-2018-10103\", \"CVE-2018-10105\", \"CVE-2018-14881\", \"CVE-2018-14882\", \"CVE-2018-16227\", \"CVE-2018-16228\", \"CVE-2018-16229\", \"CVE-2018-16230\", \"CVE-2018-16300\", \"CVE-2018-16451\", \"CVE-2018-16452\", \"CVE-2019-15166\");\n\n script_name(english:\"F5 Networks BIG-IP : Multiple tcpdump vulnerabilities (K44551633)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"CVE-2018-10103\n\ntcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of\n2).\n\nCVE-2018-10105 tcpdump before 4.9.3 mishandles the printing of SMB\ndata (issue 2 of 2).\n\nCVE-2018-14882 The ICMPv6 parser in tcpdump before 4.9.3 has a buffer\nover-read in print-icmp6.c.\n\nCVE-2019-15166 lmp_print_data_link_subobjs() in print-lmp.c in tcpdump\nbefore 4.9.3 lacks certain bounds checks.\n\nCVE-2018-16230 The BGP parser in tcpdump before 4.9.3 has a buffer\nover-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI).\n\nCVE-2018-16300 The BGP parser in tcpdump before 4.9.3 allows stack\nconsumption in print-bgp.c:bgp_attr_print() because of unlimited\nrecursion.\n\nCVE-2018-14881 The BGP parser in tcpdump before 4.9.3 has a buffer\nover-read in print-bgp.c:bgp_capabilities_print()\n(BGP_CAPCODE_RESTART).\n\nCVE-2018-16229 The DCCP parser in tcpdump before 4.9.3 has a buffer\nover-read in print-dccp.c:dccp_print_option().\n\nCVE-2018-16228 The HNCP parser in tcpdump before 4.9.3 has a buffer\nover-read in print-hncp.c:print_prefix().\n\nCVE-2018-16227 The IEEE 802.11 parser in tcpdump before 4.9.3 has a\nbuffer over-read in print-802_11.c for the Mesh Flags subfield.\n\nCVE-2018-16451 The SMB parser in tcpdump before 4.9.3 has buffer\nover-reads in print-smb.c:print_trans() for \\MAILSLOT\\BROWSE and\n\\PIPE\\LANMAN.\n\nCVE-2018-16452 The SMB parser in tcpdump before 4.9.3 has stack\nexhaustion in smbutil.c:smb_fdata() via recursion.\n\nImpact\n\nThese vulnerabilities can result in denial of service (DoS) or,\npotentially, execution of arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K44551633\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K44551633.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K44551633\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"15.0.0-15.1.2\",\"14.0.0-14.1.3\",\"13.1.0-13.1.4\",\"12.1.0-12.1.6\",\"11.5.2-11.6.5\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"16.0.0\",\"15.1.3\",\"14.1.3.1\",\"13.1.4.1\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"15.0.0-15.1.2\",\"14.0.0-14.1.3\",\"13.1.0-13.1.4\",\"12.1.0-12.1.6\",\"11.5.2-11.6.5\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"16.0.0\",\"15.1.3\",\"14.1.3.1\",\"13.1.4.1\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"15.0.0-15.1.2\",\"14.0.0-14.1.3\",\"13.1.0-13.1.4\",\"12.1.0-12.1.6\",\"11.5.2-11.6.5\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"16.0.0\",\"15.1.3\",\"14.1.3.1\",\"13.1.4.1\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"15.0.0-15.1.2\",\"14.0.0-14.1.3\",\"13.1.0-13.1.4\",\"12.1.0-12.1.6\",\"11.5.2-11.6.5\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"16.0.0\",\"15.1.3\",\"14.1.3.1\",\"13.1.4.1\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"15.0.0-15.1.2\",\"14.0.0-14.1.3\",\"13.1.0-13.1.4\",\"12.1.0-12.1.6\",\"11.5.2-11.6.5\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"16.0.0\",\"15.1.3\",\"14.1.3.1\",\"13.1.4.1\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"15.0.0-15.1.2\",\"14.0.0-14.1.3\",\"13.1.0-13.1.4\",\"12.1.0-12.1.6\",\"11.5.2-11.6.5\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"16.0.0\",\"15.1.3\",\"14.1.3.1\",\"13.1.4.1\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"15.0.0-15.1.2\",\"14.0.0-14.1.3\",\"13.1.0-13.1.4\",\"12.1.0-12.1.6\",\"11.5.2-11.6.5\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"16.0.0\",\"15.1.3\",\"14.1.3.1\",\"13.1.4.1\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"15.0.0-15.1.2\",\"14.0.0-14.1.3\",\"13.1.0-13.1.4\",\"12.1.0-12.1.6\",\"11.5.2-11.6.5\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"16.0.0\",\"15.1.3\",\"14.1.3.1\",\"13.1.4.1\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"15.0.0-15.1.2\",\"14.0.0-14.1.3\",\"13.1.0-13.1.4\",\"12.1.0-12.1.6\",\"11.5.2-11.6.5\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"16.0.0\",\"15.1.3\",\"14.1.3.1\",\"13.1.4.1\");\n\n# WAM\nvmatrix[\"WAM\"] = make_array();\nvmatrix[\"WAM\"][\"affected\" ] = make_list(\"15.0.0-15.1.2\",\"14.0.0-14.1.3\",\"13.1.0-13.1.4\",\"12.1.0-12.1.6\",\"11.5.2-11.6.5\");\nvmatrix[\"WAM\"][\"unaffected\"] = make_list(\"16.0.0\",\"15.1.3\",\"14.1.3.1\",\"13.1.4.1\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-05T15:35:12", "description": "According to the versions of the tcpdump package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print().(CVE-2018-14461)\n\n - The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().(CVE-2018-14462)\n\n - The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print().(CVE-2018-14463)\n\n - The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs().(CVE-2018-144 64)\n\n - The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().(CVE-2018-14465)\n\n - The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert().(CVE-2018-14466)\n\n - The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP).(CVE-2018-14467)\n\n - The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().(CVE-2018-14469)\n\n - The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().(CVE-2018-14470)\n\n - The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file().(CVE-2018-14879)\n\n - The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().(CVE-2018-14880)\n\n - The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART).(CVE-2018-14881)\n\n - The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield.(CVE-2018-16227)\n\n - The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().(CVE-2018-16229)\n\n - The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI).(CVE-2018-16230)\n\n - The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion.(CVE-2018-16300)\n\n - The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN.(CVE-2018-16451)\n\n - The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion.(CVE-2018-16452)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-12-09T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : tcpdump (EulerOS-SA-2019-2551)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-16227", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16451", "CVE-2018-16452"], "modified": "2021-01-29T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:tcpdump", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2551.NASL", "href": "https://www.tenable.com/plugins/nessus/131825", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131825);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/29\");\n\n script_cve_id(\n \"CVE-2018-14461\",\n \"CVE-2018-14462\",\n \"CVE-2018-14463\",\n \"CVE-2018-14464\",\n \"CVE-2018-14465\",\n \"CVE-2018-14466\",\n \"CVE-2018-14467\",\n \"CVE-2018-14469\",\n \"CVE-2018-14470\",\n \"CVE-2018-14879\",\n \"CVE-2018-14880\",\n \"CVE-2018-14881\",\n \"CVE-2018-16227\",\n \"CVE-2018-16229\",\n \"CVE-2018-16230\",\n \"CVE-2018-16300\",\n \"CVE-2018-16451\",\n \"CVE-2018-16452\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : tcpdump (EulerOS-SA-2019-2551)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the tcpdump package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The LDP parser in tcpdump before 4.9.3 has a buffer\n over-read in\n print-ldp.c:ldp_tlv_print().(CVE-2018-14461)\n\n - The ICMP parser in tcpdump before 4.9.3 has a buffer\n over-read in print-icmp.c:icmp_print().(CVE-2018-14462)\n\n - The VRRP parser in tcpdump before 4.9.3 has a buffer\n over-read in print-vrrp.c:vrrp_print().(CVE-2018-14463)\n\n - The LMP parser in tcpdump before 4.9.3 has a buffer\n over-read in\n print-lmp.c:lmp_print_data_link_subobjs().(CVE-2018-144\n 64)\n\n - The RSVP parser in tcpdump before 4.9.3 has a buffer\n over-read in\n print-rsvp.c:rsvp_obj_print().(CVE-2018-14465)\n\n - The Rx parser in tcpdump before 4.9.3 has a buffer\n over-read in print-rx.c:rx_cache_find() and\n rx_cache_insert().(CVE-2018-14466)\n\n - The BGP parser in tcpdump before 4.9.3 has a buffer\n over-read in print-bgp.c:bgp_capabilities_print()\n (BGP_CAPCODE_MP).(CVE-2018-14467)\n\n - The IKEv1 parser in tcpdump before 4.9.3 has a buffer\n over-read in\n print-isakmp.c:ikev1_n_print().(CVE-2018-14469)\n\n - The Babel parser in tcpdump before 4.9.3 has a buffer\n over-read in\n print-babel.c:babel_print_v2().(CVE-2018-14470)\n\n - The command-line argument parser in tcpdump before\n 4.9.3 has a buffer overflow in\n tcpdump.c:get_next_file().(CVE-2018-14879)\n\n - The OSPFv3 parser in tcpdump before 4.9.3 has a buffer\n over-read in\n print-ospf6.c:ospf6_print_lshdr().(CVE-2018-14880)\n\n - The BGP parser in tcpdump before 4.9.3 has a buffer\n over-read in print-bgp.c:bgp_capabilities_print()\n (BGP_CAPCODE_RESTART).(CVE-2018-14881)\n\n - The IEEE 802.11 parser in tcpdump before 4.9.3 has a\n buffer over-read in print-802_11.c for the Mesh Flags\n subfield.(CVE-2018-16227)\n\n - The DCCP parser in tcpdump before 4.9.3 has a buffer\n over-read in\n print-dccp.c:dccp_print_option().(CVE-2018-16229)\n\n - The BGP parser in tcpdump before 4.9.3 has a buffer\n over-read in print-bgp.c:bgp_attr_print()\n (MP_REACH_NLRI).(CVE-2018-16230)\n\n - The BGP parser in tcpdump before 4.9.3 allows stack\n consumption in print-bgp.c:bgp_attr_print() because of\n unlimited recursion.(CVE-2018-16300)\n\n - The SMB parser in tcpdump before 4.9.3 has buffer\n over-reads in print-smb.c:print_trans() for\n \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN.(CVE-2018-16451)\n\n - The SMB parser in tcpdump before 4.9.3 has stack\n exhaustion in smbutil.c:smb_fdata() via\n recursion.(CVE-2018-16452)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2551\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6997f598\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected tcpdump packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-14879\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"tcpdump-4.9.2-3.h2.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tcpdump\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-05T15:29:42", "description": "An update of the tcpdump package has been released.", "cvss3": {}, "published": "2019-10-22T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Tcpdump PHSA-2019-2.0-0182", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16301", "CVE-2018-16451", "CVE-2018-16452", "CVE-2019-15166"], "modified": "2019-12-17T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:tcpdump", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2019-2_0-0182_TCPDUMP.NASL", "href": "https://www.tenable.com/plugins/nessus/130118", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-2.0-0182. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130118);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/17\");\n\n script_cve_id(\n \"CVE-2018-10103\",\n \"CVE-2018-10105\",\n \"CVE-2018-14461\",\n \"CVE-2018-14462\",\n \"CVE-2018-14463\",\n \"CVE-2018-14464\",\n \"CVE-2018-14465\",\n \"CVE-2018-14466\",\n \"CVE-2018-14467\",\n \"CVE-2018-14468\",\n \"CVE-2018-14469\",\n \"CVE-2018-14470\",\n \"CVE-2018-14879\",\n \"CVE-2018-14880\",\n \"CVE-2018-14881\",\n \"CVE-2018-14882\",\n \"CVE-2018-16227\",\n \"CVE-2018-16228\",\n \"CVE-2018-16229\",\n \"CVE-2018-16230\",\n \"CVE-2018-16300\",\n \"CVE-2018-16301\",\n \"CVE-2018-16451\",\n \"CVE-2018-16452\",\n \"CVE-2019-15166\"\n );\n\n script_name(english:\"Photon OS 2.0: Tcpdump PHSA-2019-2.0-0182\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the tcpdump package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-182.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-15166\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"tcpdump-4.9.3-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"tcpdump-debuginfo-4.9.3-1.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tcpdump\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-05T15:31:15", "description": "Several vulnerabilities have been discovered in tcpdump, a command-line network traffic analyzer. These vulnerabilities might result in denial of service or, potentially, execution of arbitrary code.", "cvss3": {}, "published": "2019-10-22T00:00:00", "type": "nessus", "title": "Debian DSA-4547-1 : tcpdump - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16451", "CVE-2018-16452", "CVE-2019-15166"], "modified": "2019-12-18T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:tcpdump", "cpe:/o:debian:debian_linux:10.0", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4547.NASL", "href": "https://www.tenable.com/plugins/nessus/130135", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4547. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130135);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/12/18\");\n\n script_cve_id(\"CVE-2018-10103\", \"CVE-2018-10105\", \"CVE-2018-14461\", \"CVE-2018-14462\", \"CVE-2018-14463\", \"CVE-2018-14464\", \"CVE-2018-14465\", \"CVE-2018-14466\", \"CVE-2018-14467\", \"CVE-2018-14468\", \"CVE-2018-14469\", \"CVE-2018-14470\", \"CVE-2018-14879\", \"CVE-2018-14880\", \"CVE-2018-14881\", \"CVE-2018-14882\", \"CVE-2018-16227\", \"CVE-2018-16228\", \"CVE-2018-16229\", \"CVE-2018-16230\", \"CVE-2018-16300\", \"CVE-2018-16451\", \"CVE-2018-16452\", \"CVE-2019-15166\");\n script_xref(name:\"DSA\", value:\"4547\");\n\n script_name(english:\"Debian DSA-4547-1 : tcpdump - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in tcpdump, a\ncommand-line network traffic analyzer. These vulnerabilities might\nresult in denial of service or, potentially, execution of arbitrary\ncode.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/tcpdump\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/tcpdump\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/tcpdump\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2019/dsa-4547\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the tcpdump packages.\n\nFor the oldstable distribution (stretch), these problems have been\nfixed in version 4.9.3-1~deb9u1.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 4.9.3-1~deb10u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"tcpdump\", reference:\"4.9.3-1~deb10u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"tcpdump\", reference:\"4.9.3-1~deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-05T15:29:58", "description": "Several vulnerabilities have been discovered in tcpdump, a command-line network traffic analyzer. These security vulnerabilities might result in denial of service or, potentially, execution of arbitrary code.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 4.9.3-1~deb8u1.\n\nWe recommend that you upgrade your tcpdump packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-10-14T00:00:00", "type": "nessus", "title": "Debian DLA-1955-1 : tcpdump security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16451", "CVE-2018-16452", "CVE-2019-15166"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:tcpdump", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1955.NASL", "href": "https://www.tenable.com/plugins/nessus/129828", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1955-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129828);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2018-10103\", \"CVE-2018-10105\", \"CVE-2018-14461\", \"CVE-2018-14462\", \"CVE-2018-14463\", \"CVE-2018-14464\", \"CVE-2018-14465\", \"CVE-2018-14466\", \"CVE-2018-14467\", \"CVE-2018-14468\", \"CVE-2018-14469\", \"CVE-2018-14470\", \"CVE-2018-14879\", \"CVE-2018-14880\", \"CVE-2018-14881\", \"CVE-2018-14882\", \"CVE-2018-16227\", \"CVE-2018-16228\", \"CVE-2018-16229\", \"CVE-2018-16230\", \"CVE-2018-16300\", \"CVE-2018-16451\", \"CVE-2018-16452\", \"CVE-2019-15166\");\n\n script_name(english:\"Debian DLA-1955-1 : tcpdump security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in tcpdump, a\ncommand-line network traffic analyzer. These security vulnerabilities\nmight result in denial of service or, potentially, execution of\narbitrary code.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n4.9.3-1~deb8u1.\n\nWe recommend that you upgrade your tcpdump packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/tcpdump\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected tcpdump package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"tcpdump\", reference:\"4.9.3-1~deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-05T14:34:43", "description": "https://vulners.com/cve/CVE-2018-14467 https://vulners.com/cve/CVE-2018-14467 The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP). The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print(). The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs(). The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2(). tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2). The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print(). tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2).\nTcpdump is vulnerable to a buffer overflow, caused by improper bounds checking by the lmp_print_data_link_subobjs function in print-lmp.c.\nBy sending specially-crafted data, a remote attacker could overflow a buffer and cause the application to crash. The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert(). The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print(). The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print(). The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART). The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print(). The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr(). The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print(). The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN. The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion. The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI). lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks. The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file(). The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix(). The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option(). The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield. The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion. The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c. tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c.", "cvss3": {}, "published": "2020-01-09T00:00:00", "type": "nessus", "title": "AIX 7.2 TL 3 : tcpdump (IJ20785)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-16808", "CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16451", "CVE-2018-16452", "CVE-2019-15166", "CVE-2019-15167"], "modified": "2023-04-20T00:00:00", "cpe": ["cpe:/o:ibm:aix:7.2"], "id": "AIX_IJ20785.NASL", "href": "https://www.tenable.com/plugins/nessus/132732", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory tcpdump_advisory5.asc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132732);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/20\");\n\n script_cve_id(\"CVE-2017-16808\", \"CVE-2018-10103\", \"CVE-2018-10105\", \"CVE-2018-14461\", \"CVE-2018-14462\", \"CVE-2018-14463\", \"CVE-2018-14464\", \"CVE-2018-14465\", \"CVE-2018-14466\", \"CVE-2018-14467\", \"CVE-2018-14468\", \"CVE-2018-14469\", \"CVE-2018-14470\", \"CVE-2018-14879\", \"CVE-2018-14880\", \"CVE-2018-14881\", \"CVE-2018-14882\", \"CVE-2018-16227\", \"CVE-2018-16228\", \"CVE-2018-16229\", \"CVE-2018-16230\", \"CVE-2018-16300\", \"CVE-2018-16451\", \"CVE-2018-16452\", \"CVE-2019-15166\", \"CVE-2019-15167\");\n\n script_name(english:\"AIX 7.2 TL 3 : tcpdump (IJ20785)\");\n script_summary(english:\"Check for APAR IJ20785\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote AIX host is missing a security patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14467\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14467 The BGP\nparser in tcpdump before 4.9.3 has a buffer over-read in\nprint-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP). The VRRP parser\nin tcpdump before 4.9.3 has a buffer over-read in\nprint-vrrp.c:vrrp_print(). The LMP parser in tcpdump before 4.9.3 has\na buffer over-read in print-lmp.c:lmp_print_data_link_subobjs(). The\nBabel parser in tcpdump before 4.9.3 has a buffer over-read in\nprint-babel.c:babel_print_v2(). tcpdump before 4.9.3 mishandles the\nprinting of SMB data (issue 2 of 2). The LDP parser in tcpdump before\n4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print(). tcpdump\nbefore 4.9.3 mishandles the printing of SMB data (issue 1 of 2).\nTcpdump is vulnerable to a buffer overflow, caused by improper bounds\nchecking by the lmp_print_data_link_subobjs function in print-lmp.c.\nBy sending specially-crafted data, a remote attacker could overflow a\nbuffer and cause the application to crash. The Rx parser in tcpdump\nbefore 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and\nrx_cache_insert(). The IKEv1 parser in tcpdump before 4.9.3 has a\nbuffer over-read in print-isakmp.c:ikev1_n_print(). The FRF.16 parser\nin tcpdump before 4.9.3 has a buffer over-read in\nprint-fr.c:mfr_print(). The BGP parser in tcpdump before 4.9.3 has a\nbuffer over-read in print-bgp.c:bgp_capabilities_print()\n(BGP_CAPCODE_RESTART). The ICMP parser in tcpdump before 4.9.3 has a\nbuffer over-read in print-icmp.c:icmp_print(). The OSPFv3 parser in\ntcpdump before 4.9.3 has a buffer over-read in\nprint-ospf6.c:ospf6_print_lshdr(). The RSVP parser in tcpdump before\n4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print(). The SMB\nparser in tcpdump before 4.9.3 has buffer over-reads in\nprint-smb.c:print_trans() for \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN. The\nSMB parser in tcpdump before 4.9.3 has stack exhaustion in\nsmbutil.c:smb_fdata() via recursion. The BGP parser in tcpdump before\n4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print()\n(MP_REACH_NLRI). lmp_print_data_link_subobjs() in print-lmp.c in\ntcpdump before 4.9.3 lacks certain bounds checks. The command-line\nargument parser in tcpdump before 4.9.3 has a buffer overflow in\ntcpdump.c:get_next_file(). The HNCP parser in tcpdump before 4.9.3 has\na buffer over-read in print-hncp.c:print_prefix(). The DCCP parser in\ntcpdump before 4.9.3 has a buffer over-read in\nprint-dccp.c:dccp_print_option(). The IEEE 802.11 parser in tcpdump\nbefore 4.9.3 has a buffer over-read in print-802_11.c for the Mesh\nFlags subfield. The BGP parser in tcpdump before 4.9.3 allows stack\nconsumption in print-bgp.c:bgp_attr_print() because of unlimited\nrecursion. The ICMPv6 parser in tcpdump before 4.9.3 has a buffer\nover-read in print-icmp6.c. tcpdump before 4.9.3 has a heap-based\nbuffer over-read related to aoe_print in print-aoe.c and lookup_emem\nin addrtoname.c.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory5.asc\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Install the appropriate interim fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:7.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"7.2\", ml:\"03\", sp:\"01\", patch:\"IJ20785s1a\", package:\"bos.net.tcp.tcpdump\", minfilesetver:\"7.2.3.0\", maxfilesetver:\"7.2.3.16\") < 0) flag++;\nif (aix_check_ifix(release:\"7.2\", ml:\"03\", sp:\"02\", patch:\"IJ20785s2a\", package:\"bos.net.tcp.tcpdump\", minfilesetver:\"7.2.3.0\", maxfilesetver:\"7.2.3.16\") < 0) flag++;\nif (aix_check_ifix(release:\"7.2\", ml:\"03\", sp:\"03\", patch:\"IJ20785s3a\", package:\"bos.net.tcp.tcpdump\", minfilesetver:\"7.2.3.0\", maxfilesetver:\"7.2.3.16\") < 0) flag++;\nif (aix_check_ifix(release:\"7.2\", ml:\"03\", sp:\"04\", patch:\"IJ20785s3a\", package:\"bos.net.tcp.tcpdump\", minfilesetver:\"7.2.3.0\", maxfilesetver:\"7.2.3.16\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:aix_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-05T14:34:43", "description": "https://vulners.com/cve/CVE-2018-14467 https://vulners.com/cve/CVE-2018-14467 The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP). The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print(). The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs(). The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2(). tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2). The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print(). tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2).\nTcpdump is vulnerable to a buffer overflow, caused by improper bounds checking by the lmp_print_data_link_subobjs function in print-lmp.c.\nBy sending specially-crafted data, a remote attacker could overflow a buffer and cause the application to crash. The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert(). The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print(). The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print(). The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART). The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print(). The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr(). The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print(). The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN. The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion. The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI). lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks. The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file(). The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix(). The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option(). The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield. The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion. The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c. tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c.", "cvss3": {}, "published": "2020-01-09T00:00:00", "type": "nessus", "title": "AIX 7.2 TL 4 : tcpdump (IJ20786)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-16808", "CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16451", "CVE-2018-16452", "CVE-2019-15166", "CVE-2019-15167"], "modified": "2023-04-20T00:00:00", "cpe": ["cpe:/o:ibm:aix:7.2"], "id": "AIX_IJ20786.NASL", "href": "https://www.tenable.com/plugins/nessus/132733", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory tcpdump_advisory5.asc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132733);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/20\");\n\n script_cve_id(\"CVE-2017-16808\", \"CVE-2018-10103\", \"CVE-2018-10105\", \"CVE-2018-14461\", \"CVE-2018-14462\", \"CVE-2018-14463\", \"CVE-2018-14464\", \"CVE-2018-14465\", \"CVE-2018-14466\", \"CVE-2018-14467\", \"CVE-2018-14468\", \"CVE-2018-14469\", \"CVE-2018-14470\", \"CVE-2018-14879\", \"CVE-2018-14880\", \"CVE-2018-14881\", \"CVE-2018-14882\", \"CVE-2018-16227\", \"CVE-2018-16228\", \"CVE-2018-16229\", \"CVE-2018-16230\", \"CVE-2018-16300\", \"CVE-2018-16451\", \"CVE-2018-16452\", \"CVE-2019-15166\", \"CVE-2019-15167\");\n\n script_name(english:\"AIX 7.2 TL 4 : tcpdump (IJ20786)\");\n script_summary(english:\"Check for APAR IJ20786\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote AIX host is missing a security patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14467\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14467 The BGP\nparser in tcpdump before 4.9.3 has a buffer over-read in\nprint-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP). The VRRP parser\nin tcpdump before 4.9.3 has a buffer over-read in\nprint-vrrp.c:vrrp_print(). The LMP parser in tcpdump before 4.9.3 has\na buffer over-read in print-lmp.c:lmp_print_data_link_subobjs(). The\nBabel parser in tcpdump before 4.9.3 has a buffer over-read in\nprint-babel.c:babel_print_v2(). tcpdump before 4.9.3 mishandles the\nprinting of SMB data (issue 2 of 2). The LDP parser in tcpdump before\n4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print(). tcpdump\nbefore 4.9.3 mishandles the printing of SMB data (issue 1 of 2).\nTcpdump is vulnerable to a buffer overflow, caused by improper bounds\nchecking by the lmp_print_data_link_subobjs function in print-lmp.c.\nBy sending specially-crafted data, a remote attacker could overflow a\nbuffer and cause the application to crash. The Rx parser in tcpdump\nbefore 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and\nrx_cache_insert(). The IKEv1 parser in tcpdump before 4.9.3 has a\nbuffer over-read in print-isakmp.c:ikev1_n_print(). The FRF.16 parser\nin tcpdump before 4.9.3 has a buffer over-read in\nprint-fr.c:mfr_print(). The BGP parser in tcpdump before 4.9.3 has a\nbuffer over-read in print-bgp.c:bgp_capabilities_print()\n(BGP_CAPCODE_RESTART). The ICMP parser in tcpdump before 4.9.3 has a\nbuffer over-read in print-icmp.c:icmp_print(). The OSPFv3 parser in\ntcpdump before 4.9.3 has a buffer over-read in\nprint-ospf6.c:ospf6_print_lshdr(). The RSVP parser in tcpdump before\n4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print(). The SMB\nparser in tcpdump before 4.9.3 has buffer over-reads in\nprint-smb.c:print_trans() for \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN. The\nSMB parser in tcpdump before 4.9.3 has stack exhaustion in\nsmbutil.c:smb_fdata() via recursion. The BGP parser in tcpdump before\n4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print()\n(MP_REACH_NLRI). lmp_print_data_link_subobjs() in print-lmp.c in\ntcpdump before 4.9.3 lacks certain bounds checks. The command-line\nargument parser in tcpdump before 4.9.3 has a buffer overflow in\ntcpdump.c:get_next_file(). The HNCP parser in tcpdump before 4.9.3 has\na buffer over-read in print-hncp.c:print_prefix(). The DCCP parser in\ntcpdump before 4.9.3 has a buffer over-read in\nprint-dccp.c:dccp_print_option(). The IEEE 802.11 parser in tcpdump\nbefore 4.9.3 has a buffer over-read in print-802_11.c for the Mesh\nFlags subfield. The BGP parser in tcpdump before 4.9.3 allows stack\nconsumption in print-bgp.c:bgp_attr_print() because of unlimited\nrecursion. The ICMPv6 parser in tcpdump before 4.9.3 has a buffer\nover-read in print-icmp6.c. tcpdump before 4.9.3 has a heap-based\nbuffer over-read related to aoe_print in print-aoe.c and lookup_emem\nin addrtoname.c.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory5.asc\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Install the appropriate interim fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:7.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"7.2\", ml:\"04\", sp:\"00\", patch:\"IJ20786s1a\", package:\"bos.net.tcp.tcpdump\", minfilesetver:\"7.2.4.0\", maxfilesetver:\"7.2.4.0\") < 0) flag++;\nif (aix_check_ifix(release:\"7.2\", ml:\"04\", sp:\"01\", patch:\"IJ20786s1a\", package:\"bos.net.tcp.tcpdump\", minfilesetver:\"7.2.4.0\", maxfilesetver:\"7.2.4.0\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:aix_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-05T14:34:43", "description": "https://vulners.com/cve/CVE-2018-14467 https://vulners.com/cve/CVE-2018-14467 The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP). The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print(). The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs(). The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2(). tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2). The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print(). tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2).\nTcpdump is vulnerable to a buffer overflow, caused by improper bounds checking by the lmp_print_data_link_subobjs function in print-lmp.c.\nBy sending specially-crafted data, a remote attacker could overflow a buffer and cause the application to crash. The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert(). The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print(). The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print(). The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART). The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print(). The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr(). The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print(). The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN. The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion. The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI). lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks. The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file(). The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix(). The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option(). The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield. The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion. The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c. tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c.", "cvss3": {}, "published": "2020-01-09T00:00:00", "type": "nessus", "title": "AIX 7.1 TL 5 : tcpdump (IJ20783)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-16808", "CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16451", "CVE-2018-16452", "CVE-2019-15166", "CVE-2019-15167"], "modified": "2023-04-20T00:00:00", "cpe": ["cpe:/o:ibm:aix:7.1"], "id": "AIX_IJ20783.NASL", "href": "https://www.tenable.com/plugins/nessus/132730", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory tcpdump_advisory5.asc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132730);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/20\");\n\n script_cve_id(\"CVE-2017-16808\", \"CVE-2018-10103\", \"CVE-2018-10105\", \"CVE-2018-14461\", \"CVE-2018-14462\", \"CVE-2018-14463\", \"CVE-2018-14464\", \"CVE-2018-14465\", \"CVE-2018-14466\", \"CVE-2018-14467\", \"CVE-2018-14468\", \"CVE-2018-14469\", \"CVE-2018-14470\", \"CVE-2018-14879\", \"CVE-2018-14880\", \"CVE-2018-14881\", \"CVE-2018-14882\", \"CVE-2018-16227\", \"CVE-2018-16228\", \"CVE-2018-16229\", \"CVE-2018-16230\", \"CVE-2018-16300\", \"CVE-2018-16451\", \"CVE-2018-16452\", \"CVE-2019-15166\", \"CVE-2019-15167\");\n\n script_name(english:\"AIX 7.1 TL 5 : tcpdump (IJ20783)\");\n script_summary(english:\"Check for APAR IJ20783\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote AIX host is missing a security patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14467\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14467 The BGP\nparser in tcpdump before 4.9.3 has a buffer over-read in\nprint-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP). The VRRP parser\nin tcpdump before 4.9.3 has a buffer over-read in\nprint-vrrp.c:vrrp_print(). The LMP parser in tcpdump before 4.9.3 has\na buffer over-read in print-lmp.c:lmp_print_data_link_subobjs(). The\nBabel parser in tcpdump before 4.9.3 has a buffer over-read in\nprint-babel.c:babel_print_v2(). tcpdump before 4.9.3 mishandles the\nprinting of SMB data (issue 2 of 2). The LDP parser in tcpdump before\n4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print(). tcpdump\nbefore 4.9.3 mishandles the printing of SMB data (issue 1 of 2).\nTcpdump is vulnerable to a buffer overflow, caused by improper bounds\nchecking by the lmp_print_data_link_subobjs function in print-lmp.c.\nBy sending specially-crafted data, a remote attacker could overflow a\nbuffer and cause the application to crash. The Rx parser in tcpdump\nbefore 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and\nrx_cache_insert(). The IKEv1 parser in tcpdump before 4.9.3 has a\nbuffer over-read in print-isakmp.c:ikev1_n_print(). The FRF.16 parser\nin tcpdump before 4.9.3 has a buffer over-read in\nprint-fr.c:mfr_print(). The BGP parser in tcpdump before 4.9.3 has a\nbuffer over-read in print-bgp.c:bgp_capabilities_print()\n(BGP_CAPCODE_RESTART). The ICMP parser in tcpdump before 4.9.3 has a\nbuffer over-read in print-icmp.c:icmp_print(). The OSPFv3 parser in\ntcpdump before 4.9.3 has a buffer over-read in\nprint-ospf6.c:ospf6_print_lshdr(). The RSVP parser in tcpdump before\n4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print(). The SMB\nparser in tcpdump before 4.9.3 has buffer over-reads in\nprint-smb.c:print_trans() for \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN. The\nSMB parser in tcpdump before 4.9.3 has stack exhaustion in\nsmbutil.c:smb_fdata() via recursion. The BGP parser in tcpdump before\n4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print()\n(MP_REACH_NLRI). lmp_print_data_link_subobjs() in print-lmp.c in\ntcpdump before 4.9.3 lacks certain bounds checks. The command-line\nargument parser in tcpdump before 4.9.3 has a buffer overflow in\ntcpdump.c:get_next_file(). The HNCP parser in tcpdump before 4.9.3 has\na buffer over-read in print-hncp.c:print_prefix(). The DCCP parser in\ntcpdump before 4.9.3 has a buffer over-read in\nprint-dccp.c:dccp_print_option(). The IEEE 802.11 parser in tcpdump\nbefore 4.9.3 has a buffer over-read in print-802_11.c for the Mesh\nFlags subfield. The BGP parser in tcpdump before 4.9.3 allows stack\nconsumption in print-bgp.c:bgp_attr_print() because of unlimited\nrecursion. The ICMPv6 parser in tcpdump before 4.9.3 has a buffer\nover-read in print-icmp6.c. tcpdump before 4.9.3 has a heap-based\nbuffer over-read related to aoe_print in print-aoe.c and lookup_emem\nin addrtoname.c.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory5.asc\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Install the appropriate interim fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:7.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"7.1\", ml:\"05\", sp:\"03\", patch:\"IJ20783s5a\", package:\"bos.net.tcp.server\", minfilesetver:\"7.1.5.0\", maxfilesetver:\"7.1.5.32\") < 0) flag++;\nif (aix_check_ifix(release:\"7.1\", ml:\"05\", sp:\"04\", patch:\"IJ20783s4a\", package:\"bos.net.tcp.server\", minfilesetver:\"7.1.5.0\", maxfilesetver:\"7.1.5.32\") < 0) flag++;\nif (aix_check_ifix(release:\"7.1\", ml:\"05\", sp:\"05\", patch:\"IJ20783s5a\", package:\"bos.net.tcp.server\", minfilesetver:\"7.1.5.0\", maxfilesetver:\"7.1.5.32\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:aix_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-12T13:33:57", "description": "The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:4760 advisory.\n\n - tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2). (CVE-2018-10103)\n\n - tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2). (CVE-2018-10105)\n\n - The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print().\n (CVE-2018-14461)\n\n - The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().\n (CVE-2018-14462)\n\n - The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 2, a different vulnerability than CVE-2019-15167. (CVE-2018-14463)\n\n - The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print- lmp.c:lmp_print_data_link_subobjs(). (CVE-2018-14464)\n\n - The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().\n (CVE-2018-14465)\n\n - The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert(). (CVE-2018-14466)\n\n - The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP). (CVE-2018-14467)\n\n - The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().\n (CVE-2018-14468)\n\n - The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().\n (CVE-2018-14469)\n\n - The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().\n (CVE-2018-14470)\n\n - The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file(). (CVE-2018-14879)\n\n - The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().\n (CVE-2018-14880)\n\n - The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART). (CVE-2018-14881)\n\n - The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c. (CVE-2018-14882)\n\n - The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield. (CVE-2018-16227)\n\n - The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().\n (CVE-2018-16228)\n\n - The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().\n (CVE-2018-16229)\n\n - The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI). (CVE-2018-16230)\n\n - The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion. (CVE-2018-16300)\n\n - The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN. (CVE-2018-16451)\n\n - The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion.\n (CVE-2018-16452)\n\n - lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.\n (CVE-2019-15166)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-11-06T00:00:00", "type": "nessus", "title": "Rocky Linux 8 : tcpdump (RLSA-2020:4760)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16451", "CVE-2018-16452", "CVE-2019-15166", "CVE-2019-15167"], "modified": "2023-11-06T00:00:00", "cpe": ["p-cpe:/a:rocky:linux:tcpdump", "p-cpe:/a:rocky:linux:tcpdump-debuginfo", "p-cpe:/a:rocky:linux:tcpdump-debugsource", "cpe:/o:rocky:linux:8"], "id": "ROCKY_LINUX_RLSA-2020-4760.NASL", "href": "https://www.tenable.com/plugins/nessus/184759", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# Rocky Linux Security Advisory RLSA-2020:4760.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(184759);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/06\");\n\n script_cve_id(\n \"CVE-2018-10103\",\n \"CVE-2018-10105\",\n \"CVE-2018-14461\",\n \"CVE-2018-14462\",\n \"CVE-2018-14463\",\n \"CVE-2018-14464\",\n \"CVE-2018-14465\",\n \"CVE-2018-14466\",\n \"CVE-2018-14467\",\n \"CVE-2018-14468\",\n \"CVE-2018-14469\",\n \"CVE-2018-14470\",\n \"CVE-2018-14879\",\n \"CVE-2018-14880\",\n \"CVE-2018-14881\",\n \"CVE-2018-14882\",\n \"CVE-2018-16227\",\n \"CVE-2018-16228\",\n \"CVE-2018-16229\",\n \"CVE-2018-16230\",\n \"CVE-2018-16300\",\n \"CVE-2018-16451\",\n \"CVE-2018-16452\",\n \"CVE-2019-15166\"\n );\n script_xref(name:\"RLSA\", value:\"2020:4760\");\n\n script_name(english:\"Rocky Linux 8 : tcpdump (RLSA-2020:4760)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Rocky Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nRLSA-2020:4760 advisory.\n\n - tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2). (CVE-2018-10103)\n\n - tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2). (CVE-2018-10105)\n\n - The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print().\n (CVE-2018-14461)\n\n - The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().\n (CVE-2018-14462)\n\n - The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP\n version 2, a different vulnerability than CVE-2019-15167. (CVE-2018-14463)\n\n - The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-\n lmp.c:lmp_print_data_link_subobjs(). (CVE-2018-14464)\n\n - The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().\n (CVE-2018-14465)\n\n - The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and\n rx_cache_insert(). (CVE-2018-14466)\n\n - The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print()\n (BGP_CAPCODE_MP). (CVE-2018-14467)\n\n - The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().\n (CVE-2018-14468)\n\n - The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().\n (CVE-2018-14469)\n\n - The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().\n (CVE-2018-14470)\n\n - The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in\n tcpdump.c:get_next_file(). (CVE-2018-14879)\n\n - The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().\n (CVE-2018-14880)\n\n - The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print()\n (BGP_CAPCODE_RESTART). (CVE-2018-14881)\n\n - The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c. (CVE-2018-14882)\n\n - The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags\n subfield. (CVE-2018-16227)\n\n - The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().\n (CVE-2018-16228)\n\n - The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().\n (CVE-2018-16229)\n\n - The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print()\n (MP_REACH_NLRI). (CVE-2018-16230)\n\n - The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of\n unlimited recursion. (CVE-2018-16300)\n\n - The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for\n \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN. (CVE-2018-16451)\n\n - The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion.\n (CVE-2018-16452)\n\n - lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.\n (CVE-2019-15166)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.rockylinux.org/RLSA-2020:4760\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1760430\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1760445\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1760447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1760449\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1760453\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1760455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1760457\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1760458\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1760461\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1760463\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1760464\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1760468\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1760504\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1760505\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1760506\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1760507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1760509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1760512\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1760513\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1760514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1760516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1760517\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1760518\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1760520\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1804063\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected tcpdump, tcpdump-debuginfo and / or tcpdump-debugsource packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-10105\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/11/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:tcpdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:tcpdump-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:rocky:linux:8\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Rocky Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RockyLinux/release\", \"Host/RockyLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RockyLinux/release');\nif (isnull(os_release) || 'Rocky Linux' >!< os_release) audit(AUDIT_OS_NOT, 'Rocky Linux');\nvar os_ver = pregmatch(pattern: \"Rocky(?: Linux)? release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Rocky Linux 8.x', 'Rocky Linux ' + os_ver);\n\nif (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);\n\nvar pkgs = [\n {'reference':'tcpdump-4.9.3-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'14'},\n {'reference':'tcpdump-4.9.3-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'14'},\n {'reference':'tcpdump-debuginfo-4.9.3-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'14'},\n {'reference':'tcpdump-debuginfo-4.9.3-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'14'},\n {'reference':'tcpdump-debugsource-4.9.3-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'14'},\n {'reference':'tcpdump-debugsource-4.9.3-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'14'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'Rocky-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'tcpdump / tcpdump-debuginfo / tcpdump-debugsource');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-06T14:59:49", "description": "According to the versions of the tcpdump package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2).(CVE-2018-10103)\n\n - tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2).(CVE-2018-10105)\n\n - The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().(CVE-2018-14468)\n\n - The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c.(CVE-2018-14882)\n\n - lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.(CVE-2019-15166)\n\n - The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print().(CVE-2018-14461)\n\n - The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().(CVE-2018-14462)\n\n - The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print().(CVE-2018-14463)\n\n - The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs().(CVE-2018-144 64)\n\n - The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().(CVE-2018-14465)\n\n - The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert().(CVE-2018-14466)\n\n - The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP).(CVE-2018-14467)\n\n - The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().(CVE-2018-14469)\n\n - The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().(CVE-2018-14470)\n\n - The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file().(CVE-2018-14879)\n\n - The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().(CVE-2018-14880)\n\n - The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART).(CVE-2018-14881)\n\n - The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield.(CVE-2018-16227)\n\n - The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().(CVE-2018-16229)\n\n - The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI).(CVE-2018-16230)\n\n - The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion.(CVE-2018-16300)\n\n - The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN.(CVE-2018-16451)\n\n - The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion.(CVE-2018-16452)\n\n - The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().(CVE-2018-16228)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-04-15T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : tcpdump (EulerOS-SA-2020-1437)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16451", "CVE-2018-16452", "CVE-2019-15166"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:tcpdump", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1437.NASL", "href": "https://www.tenable.com/plugins/nessus/135566", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135566);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-10103\",\n \"CVE-2018-10105\",\n \"CVE-2018-14461\",\n \"CVE-2018-14462\",\n \"CVE-2018-14463\",\n \"CVE-2018-14464\",\n \"CVE-2018-14465\",\n \"CVE-2018-14466\",\n \"CVE-2018-14467\",\n \"CVE-2018-14468\",\n \"CVE-2018-14469\",\n \"CVE-2018-14470\",\n \"CVE-2018-14879\",\n \"CVE-2018-14880\",\n \"CVE-2018-14881\",\n \"CVE-2018-14882\",\n \"CVE-2018-16227\",\n \"CVE-2018-16228\",\n \"CVE-2018-16229\",\n \"CVE-2018-16230\",\n \"CVE-2018-16300\",\n \"CVE-2018-16451\",\n \"CVE-2018-16452\",\n \"CVE-2019-15166\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : tcpdump (EulerOS-SA-2020-1437)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the tcpdump package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - tcpdump before 4.9.3 mishandles the printing of SMB\n data (issue 1 of 2).(CVE-2018-10103)\n\n - tcpdump before 4.9.3 mishandles the printing of SMB\n data (issue 2 of 2).(CVE-2018-10105)\n\n - The FRF.16 parser in tcpdump before 4.9.3 has a buffer\n over-read in print-fr.c:mfr_print().(CVE-2018-14468)\n\n - The ICMPv6 parser in tcpdump before 4.9.3 has a buffer\n over-read in print-icmp6.c.(CVE-2018-14882)\n\n - lmp_print_data_link_subobjs() in print-lmp.c in tcpdump\n before 4.9.3 lacks certain bounds\n checks.(CVE-2019-15166)\n\n - The LDP parser in tcpdump before 4.9.3 has a buffer\n over-read in\n print-ldp.c:ldp_tlv_print().(CVE-2018-14461)\n\n - The ICMP parser in tcpdump before 4.9.3 has a buffer\n over-read in print-icmp.c:icmp_print().(CVE-2018-14462)\n\n - The VRRP parser in tcpdump before 4.9.3 has a buffer\n over-read in print-vrrp.c:vrrp_print().(CVE-2018-14463)\n\n - The LMP parser in tcpdump before 4.9.3 has a buffer\n over-read in\n print-lmp.c:lmp_print_data_link_subobjs().(CVE-2018-144\n 64)\n\n - The RSVP parser in tcpdump before 4.9.3 has a buffer\n over-read in\n print-rsvp.c:rsvp_obj_print().(CVE-2018-14465)\n\n - The Rx parser in tcpdump before 4.9.3 has a buffer\n over-read in print-rx.c:rx_cache_find() and\n rx_cache_insert().(CVE-2018-14466)\n\n - The BGP parser in tcpdump before 4.9.3 has a buffer\n over-read in print-bgp.c:bgp_capabilities_print()\n (BGP_CAPCODE_MP).(CVE-2018-14467)\n\n - The IKEv1 parser in tcpdump before 4.9.3 has a buffer\n over-read in\n print-isakmp.c:ikev1_n_print().(CVE-2018-14469)\n\n - The Babel parser in tcpdump before 4.9.3 has a buffer\n over-read in\n print-babel.c:babel_print_v2().(CVE-2018-14470)\n\n - The command-line argument parser in tcpdump before\n 4.9.3 has a buffer overflow in\n tcpdump.c:get_next_file().(CVE-2018-14879)\n\n - The OSPFv3 parser in tcpdump before 4.9.3 has a buffer\n over-read in\n print-ospf6.c:ospf6_print_lshdr().(CVE-2018-14880)\n\n - The BGP parser in tcpdump before 4.9.3 has a buffer\n over-read in print-bgp.c:bgp_capabilities_print()\n (BGP_CAPCODE_RESTART).(CVE-2018-14881)\n\n - The IEEE 802.11 parser in tcpdump before 4.9.3 has a\n buffer over-read in print-802_11.c for the Mesh Flags\n subfield.(CVE-2018-16227)\n\n - The DCCP parser in tcpdump before 4.9.3 has a buffer\n over-read in\n print-dccp.c:dccp_print_option().(CVE-2018-16229)\n\n - The BGP parser in tcpdump before 4.9.3 has a buffer\n over-read in print-bgp.c:bgp_attr_print()\n (MP_REACH_NLRI).(CVE-2018-16230)\n\n - The BGP parser in tcpdump before 4.9.3 allows stack\n consumption in print-bgp.c:bgp_attr_print() because of\n unlimited recursion.(CVE-2018-16300)\n\n - The SMB parser in tcpdump before 4.9.3 has buffer\n over-reads in print-smb.c:print_trans() for\n \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN.(CVE-2018-16451)\n\n - The SMB parser in tcpdump before 4.9.3 has stack\n exhaustion in smbutil.c:smb_fdata() via\n recursion.(CVE-2018-16452)\n\n - The HNCP parser in tcpdump before 4.9.3 has a buffer\n over-read in\n print-hncp.c:print_prefix().(CVE-2018-16228)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1437\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7825f0c3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected tcpdump packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"tcpdump-4.9.0-5.h179\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tcpdump\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-06T15:24:24", "description": "The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:4760 advisory.\n\n - tcpdump: SMB data printing mishandled (CVE-2018-10103, CVE-2018-10105)\n\n - tcpdump: Buffer over-read in ldp_tlv_print() function in print-ldp.c (CVE-2018-14461)\n\n - tcpdump: Buffer over-read in icmp_print() function in print-icmp.c (CVE-2018-14462)\n\n - tcpdump: Buffer over-read in vrrp_print() function in print-vrrp.c (CVE-2018-14463)\n\n - tcpdump: Buffer over-read in lmp_print_data_link_subobjs() function in print-lmp.c (CVE-2018-14464)\n\n - tcpdump: Buffer over-read in rsvp_obj_print() function in print-rsvp.c (CVE-2018-14465)\n\n - tcpdump: Buffer over-read in print-icmp6.c (CVE-2018-14466)\n\n - tcpdump: Buffer over-read in bgp_capabilities_print() in print-bgp.c (CVE-2018-14467)\n\n - tcpdump: Buffer over-read in mfr_print() function in print-fr.c (CVE-2018-14468)\n\n - tcpdump: Buffer over-read in ikev1_n_print() function in print-isakmp.c (CVE-2018-14469)\n\n - tcpdump: Buffer over-read in babel_print_v2() in print-babel.c (CVE-2018-14470)\n\n - tcpdump: Out of bounds read/write in in get_next_file() in tcpdump.c (CVE-2018-14879)\n\n - tcpdump: Buffer over-read in ospf6_print_lshdr() function in print-ospf6.c (CVE-2018-14880)\n\n - tcpdump: Buffer over-read in bgp_capabilities_print() function in print-bgp.c (CVE-2018-14881)\n\n - tcpdump: Buffer over-read in function rpl_dio_printopt in print-icmp6.c (CVE-2018-14882)\n\n - tcpdump: Buffer over-read in print-802_11.c (CVE-2018-16227)\n\n - tcpdump: Access to uninitialized buffer in print_prefix() function in print-hncp.c (CVE-2018-16228)\n\n - tcpdump: Buffer over-read in dccp_print_option() function in print-dccp.c (CVE-2018-16229)\n\n - tcpdump: Buffer over-read in bgp_attr_print() function in print-bgp.c (CVE-2018-16230)\n\n - tcpdump: Resource exhaustion in bgp_attr_print() function in print-bgp.c (CVE-2018-16300)\n\n - tcpdump: Buffer over-read in print_trans() function in print-smb.c (CVE-2018-16451)\n\n - tcpdump: Resource exhaustion in smb_fdata() funtion in smbutil.c (CVE-2018-16452)\n\n - tcpdump: Buffer overflow in lmp_print_data_link_subobjs() in print-lmp.c (CVE-2019-15166)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-11-04T00:00:00", "type": "nessus", "title": "RHEL 8 : tcpdump (RHSA-2020:4760)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16451", "CVE-2018-16452", "CVE-2019-15166"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.4", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:tcpdump"], "id": "REDHAT-RHSA-2020-4760.NASL", "href": "https://www.tenable.com/plugins/nessus/142444", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:4760. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142444);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2018-10103\",\n \"CVE-2018-10105\",\n \"CVE-2018-14461\",\n \"CVE-2018-14462\",\n \"CVE-2018-14463\",\n \"CVE-2018-14464\",\n \"CVE-2018-14465\",\n \"CVE-2018-14466\",\n \"CVE-2018-14467\",\n \"CVE-2018-14468\",\n \"CVE-2018-14469\",\n \"CVE-2018-14470\",\n \"CVE-2018-14879\",\n \"CVE-2018-14880\",\n \"CVE-2018-14881\",\n \"CVE-2018-14882\",\n \"CVE-2018-16227\",\n \"CVE-2018-16228\",\n \"CVE-2018-16229\",\n \"CVE-2018-16230\",\n \"CVE-2018-16300\",\n \"CVE-2018-16451\",\n \"CVE-2018-16452\",\n \"CVE-2019-15166\"\n );\n script_xref(name:\"RHSA\", value:\"2020:4760\");\n\n script_name(english:\"RHEL 8 : tcpdump (RHSA-2020:4760)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:4760 advisory.\n\n - tcpdump: SMB data printing mishandled (CVE-2018-10103, CVE-2018-10105)\n\n - tcpdump: Buffer over-read in ldp_tlv_print() function in print-ldp.c (CVE-2018-14461)\n\n - tcpdump: Buffer over-read in icmp_print() function in print-icmp.c (CVE-2018-14462)\n\n - tcpdump: Buffer over-read in vrrp_print() function in print-vrrp.c (CVE-2018-14463)\n\n - tcpdump: Buffer over-read in lmp_print_data_link_subobjs() function in print-lmp.c (CVE-2018-14464)\n\n - tcpdump: Buffer over-read in rsvp_obj_print() function in print-rsvp.c (CVE-2018-14465)\n\n - tcpdump: Buffer over-read in print-icmp6.c (CVE-2018-14466)\n\n - tcpdump: Buffer over-read in bgp_capabilities_print() in print-bgp.c (CVE-2018-14467)\n\n - tcpdump: Buffer over-read in mfr_print() function in print-fr.c (CVE-2018-14468)\n\n - tcpdump: Buffer over-read in ikev1_n_print() function in print-isakmp.c (CVE-2018-14469)\n\n - tcpdump: Buffer over-read in babel_print_v2() in print-babel.c (CVE-2018-14470)\n\n - tcpdump: Out of bounds read/write in in get_next_file() in tcpdump.c (CVE-2018-14879)\n\n - tcpdump: Buffer over-read in ospf6_print_lshdr() function in print-ospf6.c (CVE-2018-14880)\n\n - tcpdump: Buffer over-read in bgp_capabilities_print() function in print-bgp.c (CVE-2018-14881)\n\n - tcpdump: Buffer over-read in function rpl_dio_printopt in print-icmp6.c (CVE-2018-14882)\n\n - tcpdump: Buffer over-read in print-802_11.c (CVE-2018-16227)\n\n - tcpdump: Access to uninitialized buffer in print_prefix() function in print-hncp.c (CVE-2018-16228)\n\n - tcpdump: Buffer over-read in dccp_print_option() function in print-dccp.c (CVE-2018-16229)\n\n - tcpdump: Buffer over-read in bgp_attr_print() function in print-bgp.c (CVE-2018-16230)\n\n - tcpdump: Resource exhaustion in bgp_attr_print() function in print-bgp.c (CVE-2018-16300)\n\n - tcpdump: Buffer over-read in print_trans() function in print-smb.c (CVE-2018-16451)\n\n - tcpdump: Resource exhaustion in smb_fdata() funtion in smbutil.c (CVE-2018-16452)\n\n - tcpdump: Buffer overflow in lmp_print_data_link_subobjs() in print-lmp.c (CVE-2019-15166)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-10103\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-10105\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-14461\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-14462\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-14463\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-14464\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-14465\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-14466\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-14467\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-14468\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-14469\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-14470\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-14879\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-14880\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-14881\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-14882\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-16227\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-16228\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-16229\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-16230\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-16300\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-16451\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-16452\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-15166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:4760\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760430\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760445\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760449\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760453\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760457\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760458\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760461\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760463\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760464\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760468\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760504\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760505\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760506\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760512\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760513\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760517\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760518\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760520\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected tcpdump package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-10105\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 119, 125, 400, 665);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tcpdump\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/aarch64/appstream/debug',\n 'content/e4s/rhel8/8.4/aarch64/appstream/os',\n 'content/e4s/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/aarch64/baseos/debug',\n 'content/e4s/rhel8/8.4/aarch64/baseos/os',\n 'content/e4s/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.4/s390x/appstream/debug',\n 'content/e4s/rhel8/8.4/s390x/appstream/os',\n 'content/e4s/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/s390x/baseos/debug',\n 'content/e4s/rhel8/8.4/s390x/baseos/os',\n 'content/e4s/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/nfv/debug',\n 'content/e4s/rhel8/8.4/x86_64/nfv/os',\n 'content/e4s/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/appstream/debug',\n 'content/eus/rhel8/8.4/aarch64/appstream/os',\n 'content/eus/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/baseos/debug',\n 'content/eus/rhel8/8.4/aarch64/baseos/os',\n 'content/eus/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.4/aarch64/highavailability/os',\n 'content/eus/rhel8/8.4/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.4/aarch64/supplementary/os',\n 'content/eus/rhel8/8.4/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.4/ppc64le/appstream/os',\n 'content/eus/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.4/ppc64le/baseos/os',\n 'content/eus/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap/os',\n 'content/eus/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/appstream/debug',\n 'content/eus/rhel8/8.4/s390x/appstream/os',\n 'content/eus/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/baseos/debug',\n 'content/eus/rhel8/8.4/s390x/baseos/os',\n 'content/eus/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/highavailability/debug',\n 'content/eus/rhel8/8.4/s390x/highavailability/os',\n 'content/eus/rhel8/8.4/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/sap/debug',\n 'content/eus/rhel8/8.4/s390x/sap/os',\n 'content/eus/rhel8/8.4/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/supplementary/debug',\n 'content/eus/rhel8/8.4/s390x/supplementary/os',\n 'content/eus/rhel8/8.4/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'tcpdump-4.9.3-1.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'14'}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'tcpdump-4.9.3-1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'14'}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'tcpdump-4.9.3-1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'14'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'tcpdump');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-05T15:29:44", "description": "An update of the tcpdump package has been released.", "cvss3": {}, "published": "2019-10-22T00:00:00", "type": "nessus", "title": "Photon OS 3.0: Tcpdump PHSA-2019-3.0-0034", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16301", "CVE-2018-16451", "CVE-2018-16452", "CVE-2019-15166"], "modified": "2019-12-17T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:tcpdump", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2019-3_0-0034_TCPDUMP.NASL", "href": "https://www.tenable.com/plugins/nessus/130122", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-3.0-0034. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130122);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/17\");\n\n script_cve_id(\n \"CVE-2018-10103\",\n \"CVE-2018-10105\",\n \"CVE-2018-14461\",\n \"CVE-2018-14462\",\n \"CVE-2018-14463\",\n \"CVE-2018-14464\",\n \"CVE-2018-14465\",\n \"CVE-2018-14466\",\n \"CVE-2018-14467\",\n \"CVE-2018-14468\",\n \"CVE-2018-14469\",\n \"CVE-2018-14470\",\n \"CVE-2018-14879\",\n \"CVE-2018-14880\",\n \"CVE-2018-14881\",\n \"CVE-2018-14882\",\n \"CVE-2018-16227\",\n \"CVE-2018-16228\",\n \"CVE-2018-16229\",\n \"CVE-2018-16230\",\n \"CVE-2018-16300\",\n \"CVE-2018-16301\",\n \"CVE-2018-16451\",\n \"CVE-2018-16452\",\n \"CVE-2019-15166\"\n );\n\n script_name(english:\"Photon OS 3.0: Tcpdump PHSA-2019-3.0-0034\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the tcpdump package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-0034.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-15166\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 3.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"tcpdump-4.9.3-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"tcpdump-debuginfo-4.9.3-1.ph3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tcpdump\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-05T15:02:05", "description": "The remote NewStart CGSL host, running version MAIN 6.02, has tcpdump packages installed that are affected by multiple vulnerabilities:\n\n - The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().\n (CVE-2018-14462)\n\n - The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c. (CVE-2018-14882)\n\n - The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion. (CVE-2018-16300)\n\n - The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().\n (CVE-2018-14469)\n\n - The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().\n (CVE-2018-14465)\n\n - The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print().\n (CVE-2018-14463)\n\n - The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file(). (CVE-2018-14879)\n\n - The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().\n (CVE-2018-16229)\n\n - The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield. (CVE-2018-16227)\n\n - The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART). (CVE-2018-14881)\n\n - The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().\n (CVE-2018-14468)\n\n - The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().\n (CVE-2018-14880)\n\n - The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print().\n (CVE-2018-14461)\n\n - The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print- lmp.c:lmp_print_data_link_subobjs(). (CVE-2018-14464)\n\n - The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert(). (CVE-2018-14466)\n\n - The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP). (CVE-2018-14467)\n\n - The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().\n (CVE-2018-14470)\n\n - The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().\n (CVE-2018-16228)\n\n - The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI). (CVE-2018-16230)\n\n - The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN. (CVE-2018-16451)\n\n - The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion.\n (CVE-2018-16452)\n\n - lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.\n (CVE-2019-15166)\n\n - tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2). (CVE-2018-10103)\n\n - tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2). (CVE-2018-10105)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-10T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 6.02 : tcpdump Multiple Vulnerabilities (NS-SA-2021-0082)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16451", "CVE-2018-16452", "CVE-2019-15166"], "modified": "2021-03-10T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2021-0082_TCPDUMP.NASL", "href": "https://www.tenable.com/plugins/nessus/147275", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2021-0082. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147275);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/10\");\n\n script_cve_id(\n \"CVE-2018-10103\",\n \"CVE-2018-10105\",\n \"CVE-2018-14461\",\n \"CVE-2018-14462\",\n \"CVE-2018-14463\",\n \"CVE-2018-14464\",\n \"CVE-2018-14465\",\n \"CVE-2018-14466\",\n \"CVE-2018-14467\",\n \"CVE-2018-14468\",\n \"CVE-2018-14469\",\n \"CVE-2018-14470\",\n \"CVE-2018-14879\",\n \"CVE-2018-14880\",\n \"CVE-2018-14881\",\n \"CVE-2018-14882\",\n \"CVE-2018-16227\",\n \"CVE-2018-16228\",\n \"CVE-2018-16229\",\n \"CVE-2018-16230\",\n \"CVE-2018-16300\",\n \"CVE-2018-16451\",\n \"CVE-2018-16452\",\n \"CVE-2019-15166\"\n );\n\n script_name(english:\"NewStart CGSL MAIN 6.02 : tcpdump Multiple Vulnerabilities (NS-SA-2021-0082)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 6.02, has tcpdump packages installed that are affected by multiple\nvulnerabilities:\n\n - The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().\n (CVE-2018-14462)\n\n - The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c. (CVE-2018-14882)\n\n - The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of\n unlimited recursion. (CVE-2018-16300)\n\n - The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().\n (CVE-2018-14469)\n\n - The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().\n (CVE-2018-14465)\n\n - The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print().\n (CVE-2018-14463)\n\n - The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in\n tcpdump.c:get_next_file(). (CVE-2018-14879)\n\n - The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().\n (CVE-2018-16229)\n\n - The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags\n subfield. (CVE-2018-16227)\n\n - The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print()\n (BGP_CAPCODE_RESTART). (CVE-2018-14881)\n\n - The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().\n (CVE-2018-14468)\n\n - The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().\n (CVE-2018-14880)\n\n - The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print().\n (CVE-2018-14461)\n\n - The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-\n lmp.c:lmp_print_data_link_subobjs(). (CVE-2018-14464)\n\n - The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and\n rx_cache_insert(). (CVE-2018-14466)\n\n - The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print()\n (BGP_CAPCODE_MP). (CVE-2018-14467)\n\n - The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().\n (CVE-2018-14470)\n\n - The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().\n (CVE-2018-16228)\n\n - The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print()\n (MP_REACH_NLRI). (CVE-2018-16230)\n\n - The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for\n \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN. (CVE-2018-16451)\n\n - The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion.\n (CVE-2018-16452)\n\n - lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.\n (CVE-2019-15166)\n\n - tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2). (CVE-2018-10103)\n\n - tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2). (CVE-2018-10105)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2021-0082\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL tcpdump packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-10105\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL MAIN 6.02\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 6.02');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL MAIN 6.02': [\n 'tcpdump-4.9.3-1.el8',\n 'tcpdump-debuginfo-4.9.3-1.el8',\n 'tcpdump-debugsource-4.9.3-1.el8'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'tcpdump');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-06T15:22:43", "description": "The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-4760 advisory.\n\n - The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().\n (CVE-2018-14468)\n\n - tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2). (CVE-2018-10105)\n\n - The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print().\n (CVE-2018-14461)\n\n - The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print().\n (CVE-2018-14463)\n\n - The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print- lmp.c:lmp_print_data_link_subobjs(). (CVE-2018-14464)\n\n - The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().\n (CVE-2018-14465)\n\n - tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2). (CVE-2018-10103)\n\n - The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().\n (CVE-2018-14462)\n\n - The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert(). (CVE-2018-14466)\n\n - The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file(). (CVE-2018-14879)\n\n - The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield. (CVE-2018-16227)\n\n - The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP). (CVE-2018-14467)\n\n - The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().\n (CVE-2018-14469)\n\n - The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().\n (CVE-2018-14470)\n\n - The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().\n (CVE-2018-14880)\n\n - The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART). (CVE-2018-14881)\n\n - The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c. (CVE-2018-14882)\n\n - The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().\n (CVE-2018-16228)\n\n - The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().\n (CVE-2018-16229)\n\n - The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI). (CVE-2018-16230)\n\n - The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion. (CVE-2018-16300)\n\n - The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN. (CVE-2018-16451)\n\n - The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion.\n (CVE-2018-16452)\n\n - lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.\n (CVE-2019-15166)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-11-12T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : tcpdump (ELSA-2020-4760)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16451", "CVE-2018-16452", "CVE-2019-15166"], "modified": "2020-11-13T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:tcpdump"], "id": "ORACLELINUX_ELSA-2020-4760.NASL", "href": "https://www.tenable.com/plugins/nessus/142765", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-4760.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142765);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/13\");\n\n script_cve_id(\n \"CVE-2018-10103\",\n \"CVE-2018-10105\",\n \"CVE-2018-14461\",\n \"CVE-2018-14462\",\n \"CVE-2018-14463\",\n \"CVE-2018-14464\",\n \"CVE-2018-14465\",\n \"CVE-2018-14466\",\n \"CVE-2018-14467\",\n \"CVE-2018-14468\",\n \"CVE-2018-14469\",\n \"CVE-2018-14470\",\n \"CVE-2018-14879\",\n \"CVE-2018-14880\",\n \"CVE-2018-14881\",\n \"CVE-2018-14882\",\n \"CVE-2018-16227\",\n \"CVE-2018-16228\",\n \"CVE-2018-16229\",\n \"CVE-2018-16230\",\n \"CVE-2018-16300\",\n \"CVE-2018-16451\",\n \"CVE-2018-16452\",\n \"CVE-2019-15166\"\n );\n\n script_name(english:\"Oracle Linux 8 : tcpdump (ELSA-2020-4760)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nELSA-2020-4760 advisory.\n\n - The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().\n (CVE-2018-14468)\n\n - tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2). (CVE-2018-10105)\n\n - The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print().\n (CVE-2018-14461)\n\n - The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print().\n (CVE-2018-14463)\n\n - The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-\n lmp.c:lmp_print_data_link_subobjs(). (CVE-2018-14464)\n\n - The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().\n (CVE-2018-14465)\n\n - tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2). (CVE-2018-10103)\n\n - The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().\n (CVE-2018-14462)\n\n - The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and\n rx_cache_insert(). (CVE-2018-14466)\n\n - The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in\n tcpdump.c:get_next_file(). (CVE-2018-14879)\n\n - The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags\n subfield. (CVE-2018-16227)\n\n - The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print()\n (BGP_CAPCODE_MP). (CVE-2018-14467)\n\n - The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().\n (CVE-2018-14469)\n\n - The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().\n (CVE-2018-14470)\n\n - The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().\n (CVE-2018-14880)\n\n - The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print()\n (BGP_CAPCODE_RESTART). (CVE-2018-14881)\n\n - The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c. (CVE-2018-14882)\n\n - The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().\n (CVE-2018-16228)\n\n - The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().\n (CVE-2018-16229)\n\n - The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print()\n (MP_REACH_NLRI). (CVE-2018-16230)\n\n - The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of\n unlimited recursion. (CVE-2018-16300)\n\n - The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for\n \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN. (CVE-2018-16451)\n\n - The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion.\n (CVE-2018-16452)\n\n - lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.\n (CVE-2019-15166)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-4760.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected tcpdump package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-10105\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tcpdump\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\npkgs = [\n {'reference':'tcpdump-4.9.3-1.el8', 'cpu':'aarch64', 'release':'8', 'epoch':'14'},\n {'reference':'tcpdump-4.9.3-1.el8', 'cpu':'x86_64', 'release':'8', 'epoch':'14'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'tcpdump');\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-05T14:35:10", "description": "https://vulners.com/cve/CVE-2018-14467 https://vulners.com/cve/CVE-2018-14467 The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP). The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print(). The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs(). The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2(). tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2). The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print(). tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2).\nTcpdump is vulnerable to a buffer overflow, caused by improper bounds checking by the lmp_print_data_link_subobjs function in print-lmp.c.\nBy sending specially-crafted data, a remote attacker could overflow a buffer and cause the application to crash. The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert(). The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print(). The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print(). The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART). The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print(). The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr(). The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print(). The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN. The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion. The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI). lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks. The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file(). The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix(). The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option(). The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield. The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion. The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c. tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c.", "cvss3": {}, "published": "2020-01-09T00:00:00", "type": "nessus", "title": "AIX 7.2 TL 2 : tcpdump (IJ20784)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-16808", "CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16451", "CVE-2018-16452", "CVE-2019-15166", "CVE-2019-15167"], "modified": "2023-04-20T00:00:00", "cpe": ["cpe:/o:ibm:aix:7.2"], "id": "AIX_IJ20784.NASL", "href": "https://www.tenable.com/plugins/nessus/132731", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory tcpdump_advisory5.asc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132731);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/20\");\n\n script_cve_id(\"CVE-2017-16808\", \"CVE-2018-10103\", \"CVE-2018-10105\", \"CVE-2018-14461\", \"CVE-2018-14462\", \"CVE-2018-14463\", \"CVE-2018-14464\", \"CVE-2018-14465\", \"CVE-2018-14466\", \"CVE-2018-14467\", \"CVE-2018-14468\", \"CVE-2018-14469\", \"CVE-2018-14470\", \"CVE-2018-14879\", \"CVE-2018-14880\", \"CVE-2018-14881\", \"CVE-2018-14882\", \"CVE-2018-16227\", \"CVE-2018-16228\", \"CVE-2018-16229\", \"CVE-2018-16230\", \"CVE-2018-16300\", \"CVE-2018-16451\", \"CVE-2018-16452\", \"CVE-2019-15166\", \"CVE-2019-15167\");\n\n script_name(english:\"AIX 7.2 TL 2 : tcpdump (IJ20784)\");\n script_summary(english:\"Check for APAR IJ20784\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote AIX host is missing a security patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14467\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14467 The BGP\nparser in tcpdump before 4.9.3 has a buffer over-read in\nprint-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP). The VRRP parser\nin tcpdump before 4.9.3 has a buffer over-read in\nprint-vrrp.c:vrrp_print(). The LMP parser in tcpdump before 4.9.3 has\na buffer over-read in print-lmp.c:lmp_print_data_link_subobjs(). The\nBabel parser in tcpdump before 4.9.3 has a buffer over-read in\nprint-babel.c:babel_print_v2(). tcpdump before 4.9.3 mishandles the\nprinting of SMB data (issue 2 of 2). The LDP parser in tcpdump before\n4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print(). tcpdump\nbefore 4.9.3 mishandles the printing of SMB data (issue 1 of 2).\nTcpdump is vulnerable to a buffer overflow, caused by improper bounds\nchecking by the lmp_print_data_link_subobjs function in print-lmp.c.\nBy sending specially-crafted data, a remote attacker could overflow a\nbuffer and cause the application to crash. The Rx parser in tcpdump\nbefore 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and\nrx_cache_insert(). The IKEv1 parser in tcpdump before 4.9.3 has a\nbuffer over-read in print-isakmp.c:ikev1_n_print(). The FRF.16 parser\nin tcpdump before 4.9.3 has a buffer over-read in\nprint-fr.c:mfr_print(). The BGP parser in tcpdump before 4.9.3 has a\nbuffer over-read in print-bgp.c:bgp_capabilities_print()\n(BGP_CAPCODE_RESTART). The ICMP parser in tcpdump before 4.9.3 has a\nbuffer over-read in print-icmp.c:icmp_print(). The OSPFv3 parser in\ntcpdump before 4.9.3 has a buffer over-read in\nprint-ospf6.c:ospf6_print_lshdr(). The RSVP parser in tcpdump before\n4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print(). The SMB\nparser in tcpdump before 4.9.3 has buffer over-reads in\nprint-smb.c:print_trans() for \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN. The\nSMB parser in tcpdump before 4.9.3 has stack exhaustion in\nsmbutil.c:smb_fdata() via recursion. The BGP parser in tcpdump before\n4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print()\n(MP_REACH_NLRI). lmp_print_data_link_subobjs() in print-lmp.c in\ntcpdump before 4.9.3 lacks certain bounds checks. The command-line\nargument parser in tcpdump before 4.9.3 has a buffer overflow in\ntcpdump.c:get_next_file(). The HNCP parser in tcpdump before 4.9.3 has\na buffer over-read in print-hncp.c:print_prefix(). The DCCP parser in\ntcpdump before 4.9.3 has a buffer over-read in\nprint-dccp.c:dccp_print_option(). The IEEE 802.11 parser in tcpdump\nbefore 4.9.3 has a buffer over-read in print-802_11.c for the Mesh\nFlags subfield. The BGP parser in tcpdump before 4.9.3 allows stack\nconsumption in print-bgp.c:bgp_attr_print() because of unlimited\nrecursion. The ICMPv6 parser in tcpdump before 4.9.3 has a buffer\nover-read in print-icmp6.c. tcpdump before 4.9.3 has a heap-based\nbuffer over-read related to aoe_print in print-aoe.c and lookup_emem\nin addrtoname.c.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory5.asc\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Install the appropriate interim fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:7.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"7.2\", ml:\"02\", sp:\"02\", patch:\"IJ20784s2a\", package:\"bos.net.tcp.tcpdump\", minfilesetver:\"7.2.2.0\", maxfilesetver:\"7.2.2.17\") < 0) flag++;\nif (aix_check_ifix(release:\"7.2\", ml:\"02\", sp:\"03\", patch:\"IJ20784s3a\", package:\"bos.net.tcp.tcpdump\", minfilesetver:\"7.2.2.0\", maxfilesetver:\"7.2.2.17\") < 0) flag++;\nif (aix_check_ifix(release:\"7.2\", ml:\"02\", sp:\"04\", patch:\"IJ20784s4a\", package:\"bos.net.tcp.tcpdump\", minfilesetver:\"7.2.2.0\", maxfilesetver:\"7.2.2.17\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:aix_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-05T15:31:20", "description": "New version 4.9.3, Security fix for CVE-2017-16808, CVE-2018-14468, CVE-2018-14469, CVE-2018-14470, CVE-2018-14466, CVE-2018-14461, CVE-2018-14462, CVE-2018-14465, CVE-2018-14881, CVE-2018-14464, CVE-2018-14463, CVE-2018-14467, CVE-2018-10103, CVE-2018-10105, CVE-2018-14880, CVE-2018-16451, CVE-2018-14882, CVE-2018-16227, CVE-2018-16229, CVE-2018-16301, CVE-2018-16230, CVE-2018-16452, CVE-2018-16300, CVE-2018-16228, CVE-2019-15166, CVE-2019-15167, CVE-2017-16808, CVE-2018-14882, CVE-2018-19519\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-10-28T00:00:00", "type": "nessus", "title": "Fedora 30 : 14:tcpdump (2019-d06bc63433)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-16808", "CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16301", "CVE-2018-16451", "CVE-2018-16452", "CVE-2018-19519", "CVE-2019-1010220", "CVE-2019-15166", "CVE-2019-15167"], "modified": "2019-12-18T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:14:tcpdump", "cpe:/o:fedoraproject:fedora:30"], "id": "FEDORA_2019-D06BC63433.NASL", "href": "https://www.tenable.com/plugins/nessus/130321", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-d06bc63433.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130321);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/12/18\");\n\n script_cve_id(\"CVE-2017-16808\", \"CVE-2018-10103\", \"CVE-2018-10105\", \"CVE-2018-14461\", \"CVE-2018-14462\", \"CVE-2018-14463\", \"CVE-2018-14464\", \"CVE-2018-14465\", \"CVE-2018-14466\", \"CVE-2018-14467\", \"CVE-2018-14468\", \"CVE-2018-14469\", \"CVE-2018-14470\", \"CVE-2018-14879\", \"CVE-2018-14880\", \"CVE-2018-14881\", \"CVE-2018-14882\", \"CVE-2018-16227\", \"CVE-2018-16228\", \"CVE-2018-16229\", \"CVE-2018-16230\", \"CVE-2018-16300\", \"CVE-2018-16301\", \"CVE-2018-16451\", \"CVE-2018-16452\", \"CVE-2018-19519\", \"CVE-2019-1010220\", \"CVE-2019-15166\", \"CVE-2019-15167\");\n script_xref(name:\"FEDORA\", value:\"2019-d06bc63433\");\n\n script_name(english:\"Fedora 30 : 14:tcpdump (2019-d06bc63433)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New version 4.9.3, Security fix for CVE-2017-16808, CVE-2018-14468,\nCVE-2018-14469, CVE-2018-14470, CVE-2018-14466, CVE-2018-14461,\nCVE-2018-14462, CVE-2018-14465, CVE-2018-14881, CVE-2018-14464,\nCVE-2018-14463, CVE-2018-14467, CVE-2018-10103, CVE-2018-10105,\nCVE-2018-14880, CVE-2018-16451, CVE-2018-14882, CVE-2018-16227,\nCVE-2018-16229, CVE-2018-16301, CVE-2018-16230, CVE-2018-16452,\nCVE-2018-16300, CVE-2018-16228, CVE-2019-15166, CVE-2019-15167,\nCVE-2017-16808, CVE-2018-14882, CVE-2018-19519\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-d06bc63433\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 14:tcpdump package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:14:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"tcpdump-4.9.3-1.fc30\", epoch:\"14\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"14:tcpdump\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-05T15:30:57", "description": "New version 4.9.3, Security fix for CVE-2017-16808, CVE-2018-14468, CVE-2018-14469, CVE-2018-14470, CVE-2018-14466, CVE-2018-14461, CVE-2018-14462, CVE-2018-14465, CVE-2018-14881, CVE-2018-14464, CVE-2018-14463, CVE-2018-14467, CVE-2018-10103, CVE-2018-10105, CVE-2018-14880, CVE-2018-16451, CVE-2018-14882, CVE-2018-16227, CVE-2018-16229, CVE-2018-16301, CVE-2018-16230, CVE-2018-16452, CVE-2018-16300, CVE-2018-16228, CVE-2019-15166, CVE-2019-15167, CVE-2017-16808, CVE-2018-14882, CVE-2018-19519\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-10-30T00:00:00", "type": "nessus", "title": "Fedora 31 : 14:tcpdump (2019-6db0d5b9d9)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-16808", "CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16301", "CVE-2018-16451", "CVE-2018-16452", "CVE-2018-19519", "CVE-2019-1010220", "CVE-2019-15166", "CVE-2019-15167"], "modified": "2019-12-17T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:14:tcpdump", "cpe:/o:fedoraproject:fedora:31"], "id": "FEDORA_2019-6DB0D5B9D9.NASL", "href": "https://www.tenable.com/plugins/nessus/130370", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-6db0d5b9d9.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130370);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/12/17\");\n\n script_cve_id(\"CVE-2017-16808\", \"CVE-2018-10103\", \"CVE-2018-10105\", \"CVE-2018-14461\", \"CVE-2018-14462\", \"CVE-2018-14463\", \"CVE-2018-14464\", \"CVE-2018-14465\", \"CVE-2018-14466\", \"CVE-2018-14467\", \"CVE-2018-14468\", \"CVE-2018-14469\", \"CVE-2018-14470\", \"CVE-2018-14879\", \"CVE-2018-14880\", \"CVE-2018-14881\", \"CVE-2018-14882\", \"CVE-2018-16227\", \"CVE-2018-16228\", \"CVE-2018-16229\", \"CVE-2018-16230\", \"CVE-2018-16300\", \"CVE-2018-16301\", \"CVE-2018-16451\", \"CVE-2018-16452\", \"CVE-2018-19519\", \"CVE-2019-1010220\", \"CVE-2019-15166\", \"CVE-2019-15167\");\n script_xref(name:\"FEDORA\", value:\"2019-6db0d5b9d9\");\n\n script_name(english:\"Fedora 31 : 14:tcpdump (2019-6db0d5b9d9)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New version 4.9.3, Security fix for CVE-2017-16808, CVE-2018-14468,\nCVE-2018-14469, CVE-2018-14470, CVE-2018-14466, CVE-2018-14461,\nCVE-2018-14462, CVE-2018-14465, CVE-2018-14881, CVE-2018-14464,\nCVE-2018-14463, CVE-2018-14467, CVE-2018-10103, CVE-2018-10105,\nCVE-2018-14880, CVE-2018-16451, CVE-2018-14882, CVE-2018-16227,\nCVE-2018-16229, CVE-2018-16301, CVE-2018-16230, CVE-2018-16452,\nCVE-2018-16300, CVE-2018-16228, CVE-2019-15166, CVE-2019-15167,\nCVE-2017-16808, CVE-2018-14882, CVE-2018-19519\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-6db0d5b9d9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 14:tcpdump package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:14:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"tcpdump-4.9.3-1.fc31\", epoch:\"14\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"14:tcpdump\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-05T15:32:02", "description": "According to the versions of the tcpdump package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The tcpdump packages contain the tcpdump utility for monitoring network traffic. The tcpdump utility can capture and display the packet headers on a particular network interface or on all interfaces.Security Fix(es):tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c.(CVE-2017-16808)The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().(CVE-2018-14468)The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().(CVE-2018-14469)The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().(CVE-2018-14470)The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert().(CVE-2018-14466)The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print().(CVE-2018-14461)The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().(CVE-2018-14462)The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().(CVE-2018-14465)The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART).(CVE-2018-14881)The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs().(CVE-2018-144 64)The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print().(CVE-2018-14463)The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP).(CVE-2018-14467)tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2).(CVE-2018-10103)tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2).(CVE-2018-10105)The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().(CVE-2018-14880)The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN.(CVE-2018-16451)The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c.(CVE-2018-14882)The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield.(CVE-2018-16227)The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().(CVE-2018-16229)libpca p before 1.9.1, as used in tcpdump before 4.9.3, has a buffer overflow and/or over-read because of errors in pcapng reading.(CVE-2018-16301)The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI).(CVE-2018-16230)The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion.(CVE-2018-16452)The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion.(CVE-2018-16300)The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().(CVE-2018-16228)lmp_print_d ata_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.(CVE-2019-15166)tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is:\n May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: 'ND_PRINT((ndo, '%s', buf))', in function named 'print_prefix', in 'print-hncp.c'. The attack vector is: The victim must open a specially crafted pcap file.(CVE-2019-1010220)In tcpdump 4.9.2, a stack-based buffer over-read exists in the print_prefix function of print-hncp.c via crafted packet data because of missing initialization.(CVE-2018-19519)The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file().(CVE-2018-14879)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-11-27T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : tcpdump (EulerOS-SA-2019-2305)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-16808", "CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16301", "CVE-2018-16451", "CVE-2018-16452", "CVE-2018-19519", "CVE-2019-1010220", "CVE-2019-15166"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:tcpdump", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2305.NASL", "href": "https://www.tenable.com/plugins/nessus/131371", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131371);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-16808\",\n \"CVE-2018-10103\",\n \"CVE-2018-10105\",\n \"CVE-2018-14461\",\n \"CVE-2018-14462\",\n \"CVE-2018-14463\",\n \"CVE-2018-14464\",\n \"CVE-2018-14465\",\n \"CVE-2018-14466\",\n \"CVE-2018-14467\",\n \"CVE-2018-14468\",\n \"CVE-2018-14469\",\n \"CVE-2018-14470\",\n \"CVE-2018-14879\",\n \"CVE-2018-14880\",\n \"CVE-2018-14881\",\n \"CVE-2018-14882\",\n \"CVE-2018-16227\",\n \"CVE-2018-16228\",\n \"CVE-2018-16229\",\n \"CVE-2018-16230\",\n \"CVE-2018-16300\",\n \"CVE-2018-16301\",\n \"CVE-2018-16451\",\n \"CVE-2018-16452\",\n \"CVE-2018-19519\",\n \"CVE-2019-1010220\",\n \"CVE-2019-15166\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : tcpdump (EulerOS-SA-2019-2305)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the tcpdump package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The tcpdump packages contain the tcpdump utility for\n monitoring network traffic. The tcpdump utility can\n capture and display the packet headers on a particular\n network interface or on all interfaces.Security\n Fix(es):tcpdump before 4.9.3 has a heap-based buffer\n over-read related to aoe_print in print-aoe.c and\n lookup_emem in addrtoname.c.(CVE-2017-16808)The FRF.16\n parser in tcpdump before 4.9.3 has a buffer over-read\n in print-fr.c:mfr_print().(CVE-2018-14468)The IKEv1\n parser in tcpdump before 4.9.3 has a buffer over-read\n in print-isakmp.c:ikev1_n_print().(CVE-2018-14469)The\n Babel parser in tcpdump before 4.9.3 has a buffer\n over-read in\n print-babel.c:babel_print_v2().(CVE-2018-14470)The Rx\n parser in tcpdump before 4.9.3 has a buffer over-read\n in print-rx.c:rx_cache_find() and\n rx_cache_insert().(CVE-2018-14466)The LDP parser in\n tcpdump before 4.9.3 has a buffer over-read in\n print-ldp.c:ldp_tlv_print().(CVE-2018-14461)The ICMP\n parser in tcpdump before 4.9.3 has a buffer over-read\n in print-icmp.c:icmp_print().(CVE-2018-14462)The RSVP\n parser in tcpdump before 4.9.3 has a buffer over-read\n in print-rsvp.c:rsvp_obj_print().(CVE-2018-14465)The\n BGP parser in tcpdump before 4.9.3 has a buffer\n over-read in print-bgp.c:bgp_capabilities_print()\n (BGP_CAPCODE_RESTART).(CVE-2018-14881)The LMP parser in\n tcpdump before 4.9.3 has a buffer over-read in\n print-lmp.c:lmp_print_data_link_subobjs().(CVE-2018-144\n 64)The VRRP parser in tcpdump before 4.9.3 has a buffer\n over-read in\n print-vrrp.c:vrrp_print().(CVE-2018-14463)The BGP\n parser in tcpdump before 4.9.3 has a buffer over-read\n in print-bgp.c:bgp_capabilities_print()\n (BGP_CAPCODE_MP).(CVE-2018-14467)tcpdump before 4.9.3\n mishandles the printing of SMB data (issue 1 of\n 2).(CVE-2018-10103)tcpdump before 4.9.3 mishandles the\n printing of SMB data (issue 2 of 2).(CVE-2018-10105)The\n OSPFv3 parser in tcpdump before 4.9.3 has a buffer\n over-read in\n print-ospf6.c:ospf6_print_lshdr().(CVE-2018-14880)The\n SMB parser in tcpdump before 4.9.3 has buffer\n over-reads in print-smb.c:print_trans() for\n \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN.(CVE-2018-16451)The\n ICMPv6 parser in tcpdump before 4.9.3 has a buffer\n over-read in print-icmp6.c.(CVE-2018-14882)The IEEE\n 802.11 parser in tcpdump before 4.9.3 has a buffer\n over-read in print-802_11.c for the Mesh Flags\n subfield.(CVE-2018-16227)The DCCP parser in tcpdump\n before 4.9.3 has a buffer over-read in\n print-dccp.c:dccp_print_option().(CVE-2018-16229)libpca\n p before 1.9.1, as used in tcpdump before 4.9.3, has a\n buffer overflow and/or over-read because of errors in\n pcapng reading.(CVE-2018-16301)The BGP parser in\n tcpdump before 4.9.3 has a buffer over-read in\n print-bgp.c:bgp_attr_print()\n (MP_REACH_NLRI).(CVE-2018-16230)The SMB parser in\n tcpdump before 4.9.3 has stack exhaustion in\n smbutil.c:smb_fdata() via recursion.(CVE-2018-16452)The\n BGP parser in tcpdump before 4.9.3 allows stack\n consumption in print-bgp.c:bgp_attr_print() because of\n unlimited recursion.(CVE-2018-16300)The HNCP parser in\n tcpdump before 4.9.3 has a buffer over-read in\n print-hncp.c:print_prefix().(CVE-2018-16228)lmp_print_d\n ata_link_subobjs() in print-lmp.c in tcpdump before\n 4.9.3 lacks certain bounds\n checks.(CVE-2019-15166)tcpdump.org tcpdump 4.9.2 is\n affected by: CWE-126: Buffer Over-read. The impact is:\n May expose Saved Frame Pointer, Return Address etc. on\n stack. The component is: line 234: 'ND_PRINT((ndo,\n '%s', buf))', in function named 'print_prefix', in\n 'print-hncp.c'. The attack vector is: The victim must\n open a specially crafted pcap file.(CVE-2019-1010220)In\n tcpdump 4.9.2, a stack-based buffer over-read exists in\n the print_prefix function of print-hncp.c via crafted\n packet data because of missing\n initialization.(CVE-2018-19519)The command-line\n argument parser in tcpdump before 4.9.3 has a buffer\n overflow in tcpdump.c:get_next_file().(CVE-2018-14879)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2305\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?18e70f62\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected tcpdump packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"tcpdump-4.9.3-1.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tcpdump\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-05T15:29:55", "description": "This update for tcpdump fixes the following issues :\n\nCVE-2017-16808: Fixed a heap-based buffer over-read related to aoe_print and lookup_emem (bsc#1068716 bsc#1153098).\n\nCVE-2018-10103: Fixed a mishandling of the printing of SMB data (bsc#1153098).\n\nCVE-2018-10105: Fixed a mishandling of the printing of SMB data (bsc#1153098).\n\nCVE-2018-14461: Fixed a buffer over-read in print-ldp.c:ldp_tlv_print (bsc#1153098).\n\nCVE-2018-14462: Fixed a buffer over-read in print-icmp.c:icmp_print (bsc#1153098).\n\nCVE-2018-14463: Fixed a buffer over-read in print-vrrp.c:vrrp_print (bsc#1153098).\n\nCVE-2018-14464: Fixed a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs (bsc#1153098).\n\nCVE-2018-14465: Fixed a buffer over-read in print-rsvp.c:rsvp_obj_print (bsc#1153098).\n\nCVE-2018-14466: Fixed a buffer over-read in print-rx.c:rx_cache_find (bsc#1153098).\n\nCVE-2018-14467: Fixed a buffer over-read in print-bgp.c:bgp_capabilities_print (bsc#1153098).\n\nCVE-2018-14468: Fixed a buffer over-read in print-fr.c:mfr_print (bsc#1153098).\n\nCVE-2018-14469: Fixed a buffer over-read in print-isakmp.c:ikev1_n_print (bsc#1153098).\n\nCVE-2018-14470: Fixed a buffer over-read in print-babel.c:babel_print_v2 (bsc#1153098).\n\nCVE-2018-14879: Fixed a buffer overflow in the command-line argument parser (bsc#1153098).\n\nCVE-2018-14880: Fixed a buffer over-read in the OSPFv3 parser (bsc#1153098).\n\nCVE-2018-14881: Fixed a buffer over-read in the BGP parser (bsc#1153098).\n\nCVE-2018-14882: Fixed a buffer over-read in the ICMPv6 parser (bsc#1153098).\n\nCVE-2018-16227: Fixed a buffer over-read in the IEEE 802.11 parser in print-802_11.c for the Mesh Flags subfield (bsc#1153098).\n\nCVE-2018-16228: Fixed a buffer over-read in the HNCP parser (bsc#1153098).\n\nCVE-2018-16229: Fixed a buffer over-read in the DCCP parser (bsc#1153098).\n\nCVE-2018-16230: Fixed a buffer over-read in the BGP parser in print-bgp.c:bgp_attr_print (bsc#1153098).\n\nCVE-2018-16300: Fixed an unlimited recursion in the BGP parser that allowed denial-of-service by stack consumption (bsc#1153098).\n\nCVE-2018-16301: Fixed a buffer overflow (bsc#1153332 bsc#1153098).\n\nCVE-2018-16451: Fixed several buffer over-reads in print-smb.c:print_trans() for \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN (bsc#1153098).\n\nCVE-2018-16452: Fixed a stack exhaustion in smbutil.c:smb_fdata (bsc#1153098).\n\nCVE-2019-15166: Fixed a bounds check in lmp_print_data_link_subobjs (bsc#1153098).\n\nCVE-2019-15167: Fixed a vulnerability in VRRP (bsc#1153098).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-10-16T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : tcpdump (SUSE-SU-2019:2674-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-16808", "CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16301", "CVE-2018-16451", "CVE-2018-16452", "CVE-2019-1010220", "CVE-2019-15166", "CVE-2019-15167"], "modified": "2019-12-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:tcpdump", "p-cpe:/a:novell:suse_linux:tcpdump-debuginfo", "p-cpe:/a:novell:suse_linux:tcpdump-debugsource", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2019-2674-1.NASL", "href": "https://www.tenable.com/plugins/nessus/129966", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2674-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129966);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/12/19\");\n\n script_cve_id(\"CVE-2017-16808\", \"CVE-2018-10103\", \"CVE-2018-10105\", \"CVE-2018-14461\", \"CVE-2018-14462\", \"CVE-2018-14463\", \"CVE-2018-14464\", \"CVE-2018-14465\", \"CVE-2018-14466\", \"CVE-2018-14467\", \"CVE-2018-14468\", \"CVE-2018-14469\", \"CVE-2018-14470\", \"CVE-2018-14879\", \"CVE-2018-14880\", \"CVE-2018-14881\", \"CVE-2018-14882\", \"CVE-2018-16227\", \"CVE-2018-16228\", \"CVE-2018-16229\", \"CVE-2018-16230\", \"CVE-2018-16300\", \"CVE-2018-16301\", \"CVE-2018-16451\", \"CVE-2018-16452\", \"CVE-2019-1010220\", \"CVE-2019-15166\", \"CVE-2019-15167\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : tcpdump (SUSE-SU-2019:2674-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for tcpdump fixes the following issues :\n\nCVE-2017-16808: Fixed a heap-based buffer over-read related to\naoe_print and lookup_emem (bsc#1068716 bsc#1153098).\n\nCVE-2018-10103: Fixed a mishandling of the printing of SMB data\n(bsc#1153098).\n\nCVE-2018-10105: Fixed a mishandling of the printing of SMB data\n(bsc#1153098).\n\nCVE-2018-14461: Fixed a buffer over-read in print-ldp.c:ldp_tlv_print\n(bsc#1153098).\n\nCVE-2018-14462: Fixed a buffer over-read in print-icmp.c:icmp_print\n(bsc#1153098).\n\nCVE-2018-14463: Fixed a buffer over-read in print-vrrp.c:vrrp_print\n(bsc#1153098).\n\nCVE-2018-14464: Fixed a buffer over-read in\nprint-lmp.c:lmp_print_data_link_subobjs (bsc#1153098).\n\nCVE-2018-14465: Fixed a buffer over-read in\nprint-rsvp.c:rsvp_obj_print (bsc#1153098).\n\nCVE-2018-14466: Fixed a buffer over-read in print-rx.c:rx_cache_find\n(bsc#1153098).\n\nCVE-2018-14467: Fixed a buffer over-read in\nprint-bgp.c:bgp_capabilities_print (bsc#1153098).\n\nCVE-2018-14468: Fixed a buffer over-read in print-fr.c:mfr_print\n(bsc#1153098).\n\nCVE-2018-14469: Fixed a buffer over-read in\nprint-isakmp.c:ikev1_n_print (bsc#1153098).\n\nCVE-2018-14470: Fixed a buffer over-read in\nprint-babel.c:babel_print_v2 (bsc#1153098).\n\nCVE-2018-14879: Fixed a buffer overflow in the command-line argument\nparser (bsc#1153098).\n\nCVE-2018-14880: Fixed a buffer over-read in the OSPFv3 parser\n(bsc#1153098).\n\nCVE-2018-14881: Fixed a buffer over-read in the BGP parser\n(bsc#1153098).\n\nCVE-2018-14882: Fixed a buffer over-read in the ICMPv6 parser\n(bsc#1153098).\n\nCVE-2018-16227: Fixed a buffer over-read in the IEEE 802.11 parser in\nprint-802_11.c for the Mesh Flags subfield (bsc#1153098).\n\nCVE-2018-16228: Fixed a buffer over-read in the HNCP parser\n(bsc#1153098).\n\nCVE-2018-16229: Fixed a buffer over-read in the DCCP parser\n(bsc#1153098).\n\nCVE-2018-16230: Fixed a buffer over-read in the BGP parser in\nprint-bgp.c:bgp_attr_print (bsc#1153098).\n\nCVE-2018-16300: Fixed an unlimited recursion in the BGP parser that\nallowed denial-of-service by stack consumption (bsc#1153098).\n\nCVE-2018-16301: Fixed a buffer overflow (bsc#1153332 bsc#1153098).\n\nCVE-2018-16451: Fixed several buffer over-reads in\nprint-smb.c:print_trans() for \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN\n(bsc#1153098).\n\nCVE-2018-16452: Fixed a stack exhaustion in smbutil.c:smb_fdata\n(bsc#1153098).\n\nCVE-2019-15166: Fixed a bounds check in lmp_print_data_link_subobjs\n(bsc#1153098).\n\nCVE-2019-15167: Fixed a vulnerability in VRRP (bsc#1153098).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1068716\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153098\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153332\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-16808/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10103/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10105/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14461/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14462/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14463/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14464/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14465/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14466/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14467/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14468/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14469/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14470/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14879/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14880/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14881/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14882/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16227/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16228/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16229/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16230/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16300/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16301/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16451/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16452/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-1010220/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-15166/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-15167/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192674-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f7524703\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-SP1-2019-2674=1\n\nSUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-2019-2674=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:tcpdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:tcpdump-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0/1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"tcpdump-4.9.2-3.9.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"tcpdump-debuginfo-4.9.2-3.9.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"tcpdump-debugsource-4.9.2-3.9.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"tcpdump-4.9.2-3.9.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"tcpdump-debuginfo-4.9.2-3.9.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"tcpdump-debugsource-4.9.2-3.9.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"tcpdump-4.9.2-3.9.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"tcpdump-debuginfo-4.9.2-3.9.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"tcpdump-debugsource-4.9.2-3.9.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"tcpdump-4.9.2-3.9.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"tcpdump-debuginfo-4.9.2-3.9.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"tcpdump-debugsource-4.9.2-3.9.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tcpdump\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-21T15:14:51", "description": "Multiple security issues were discovered in tcpdump. A remote attacker could use these issues to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-01-28T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS : tcpdump vulnerabilities (USN-4252-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-16808", "CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16451", "CVE-2018-16452", "CVE-2018-19519", "CVE-2019-1010220", "CVE-2019-15166", "CVE-2019-15167"], "modified": "2023-10-20T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:tcpdump", "cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts"], "id": "UBUNTU_USN-4252-1.NASL", "href": "https://www.tenable.com/plugins/nessus/133291", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4252-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133291);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\n \"CVE-2017-16808\",\n \"CVE-2018-10103\",\n \"CVE-2018-10105\",\n \"CVE-2018-14461\",\n \"CVE-2018-14462\",\n \"CVE-2018-14463\",\n \"CVE-2018-14464\",\n \"CVE-2018-14465\",\n \"CVE-2018-14466\",\n \"CVE-2018-14467\",\n \"CVE-2018-14468\",\n \"CVE-2018-14469\",\n \"CVE-2018-14470\",\n \"CVE-2018-14879\",\n \"CVE-2018-14880\",\n \"CVE-2018-14881\",\n \"CVE-2018-14882\",\n \"CVE-2018-16227\",\n \"CVE-2018-16228\",\n \"CVE-2018-16229\",\n \"CVE-2018-16230\",\n \"CVE-2018-16300\",\n \"CVE-2018-16451\",\n \"CVE-2018-16452\",\n \"CVE-2018-19519\",\n \"CVE-2019-1010220\",\n \"CVE-2019-15166\",\n \"CVE-2019-15167\"\n );\n script_xref(name:\"USN\", value:\"4252-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS : tcpdump vulnerabilities (USN-4252-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"Multiple security issues were discovered in tcpdump. A remote attacker\ncould use these issues to cause tcpdump to crash, resulting in a\ndenial of service, or possibly execute arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4252-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected tcpdump package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-10105\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('16.04' >< os_release || '18.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '16.04', 'pkgname': 'tcpdump', 'pkgver': '4.9.3-0ubuntu0.16.04.1'},\n {'osver': '18.04', 'pkgname': 'tcpdump', 'pkgver': '4.9.3-0ubuntu0.18.04.1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'tcpdump');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-05T15:29:56", "description": "This update for tcpdump fixes the following issues :\n\n - CVE-2017-16808: Fixed a heap-based buffer over-read related to aoe_print and lookup_emem (bsc#1068716 bsc#1153098).\n\n - CVE-2018-10103: Fixed a mishandling of the printing of SMB data (bsc#1153098).\n\n - CVE-2018-10105: Fixed a mishandling of the printing of SMB data (bsc#1153098).\n\n - CVE-2018-14461: Fixed a buffer over-read in print-ldp.c:ldp_tlv_print (bsc#1153098).\n\n - CVE-2018-14462: Fixed a buffer over-read in print-icmp.c:icmp_print (bsc#1153098).\n\n - CVE-2018-14463: Fixed a buffer over-read in print-vrrp.c:vrrp_print (bsc#1153098).\n\n - CVE-2018-14464: Fixed a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs (bsc#1153098).\n\n - CVE-2018-14465: Fixed a buffer over-read in print-rsvp.c:rsvp_obj_print (bsc#1153098).\n\n - CVE-2018-14466: Fixed a buffer over-read in print-rx.c:rx_cache_find (bsc#1153098).\n\n - CVE-2018-14467: Fixed a buffer over-read in print-bgp.c:bgp_capabilities_print (bsc#1153098).\n\n - CVE-2018-14468: Fixed a buffer over-read in print-fr.c:mfr_print (bsc#1153098).\n\n - CVE-2018-14469: Fixed a buffer over-read in print-isakmp.c:ikev1_n_print (bsc#1153098).\n\n - CVE-2018-14470: Fixed a buffer over-read in print-babel.c:babel_print_v2 (bsc#1153098).\n\n - CVE-2018-14879: Fixed a buffer overflow in the command-line argument parser (bsc#1153098).\n\n - CVE-2018-14880: Fixed a buffer over-read in the OSPFv3 parser (bsc#1153098).\n\n - CVE-2018-14881: Fixed a buffer over-read in the BGP parser (bsc#1153098).\n\n - CVE-2018-14882: Fixed a buffer over-read in the ICMPv6 parser (bsc#1153098).\n\n - CVE-2018-16227: Fixed a buffer over-read in the IEEE 802.11 parser in print-802_11.c for the Mesh Flags subfield (bsc#1153098).\n\n - CVE-2018-16228: Fixed a buffer over-read in the HNCP parser (bsc#1153098).\n\n - CVE-2018-16229: Fixed a buffer over-read in the DCCP parser (bsc#1153098).\n\n - CVE-2018-16230: Fixed a buffer over-read in the BGP parser in print-bgp.c:bgp_attr_print (bsc#1153098).\n\n - CVE-2018-16300: Fixed an unlimited recursion in the BGP parser that allowed denial-of-service by stack consumption (bsc#1153098).\n\n - CVE-2018-16301: Fixed a buffer overflow (bsc#1153332 bsc#1153098).\n\n - CVE-2018-16451: Fixed several buffer over-reads in print-smb.c:print_trans() for \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN (bsc#1153098).\n\n - CVE-2018-16452: Fixed a stack exhaustion in smbutil.c:smb_fdata (bsc#1153098).\n\n - CVE-2019-15166: Fixed a bounds check in lmp_print_data_link_subobjs (bsc#1153098).\n\n - CVE-2019-15167: Fixed a vulnerability in VRRP (bsc#1153098).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {}, "published": "2019-10-21T00:00:00", "type": "nessus", "title": "openSUSE Security Update : tcpdump (openSUSE-2019-2348)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-16808", "CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16301", "CVE-2018-16451", "CVE-2018-16452", "CVE-2019-1010220", "CVE-2019-15166", "CVE-2019-15167"], "modified": "2019-12-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:tcpdump", "p-cpe:/a:novell:opensuse:tcpdump-debuginfo", "p-cpe:/a:novell:opensuse:tcpdump-debugsource", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2019-2348.NASL", "href": "https://www.tenable.com/plugins/nessus/130086", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-2348.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130086);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/12/19\");\n\n script_cve_id(\"CVE-2017-16808\", \"CVE-2018-10103\", \"CVE-2018-10105\", \"CVE-2018-14461\", \"CVE-2018-14462\", \"CVE-2018-14463\", \"CVE-2018-14464\", \"CVE-2018-14465\", \"CVE-2018-14466\", \"CVE-2018-14467\", \"CVE-2018-14468\", \"CVE-2018-14469\", \"CVE-2018-14470\", \"CVE-2018-14879\", \"CVE-2018-14880\", \"CVE-2018-14881\", \"CVE-2018-14882\", \"CVE-2018-16227\", \"CVE-2018-16228\", \"CVE-2018-16229\", \"CVE-2018-16230\", \"CVE-2018-16300\", \"CVE-2018-16301\", \"CVE-2018-16451\", \"CVE-2018-16452\", \"CVE-2019-1010220\", \"CVE-2019-15166\", \"CVE-2019-15167\");\n\n script_name(english:\"openSUSE Security Update : tcpdump (openSUSE-2019-2348)\");\n script_summary(english:\"Check for the openSUSE-2019-2348 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for tcpdump fixes the following issues :\n\n - CVE-2017-16808: Fixed a heap-based buffer over-read\n related to aoe_print and lookup_emem (bsc#1068716\n bsc#1153098).\n\n - CVE-2018-10103: Fixed a mishandling of the printing of\n SMB data (bsc#1153098).\n\n - CVE-2018-10105: Fixed a mishandling of the printing of\n SMB data (bsc#1153098).\n\n - CVE-2018-14461: Fixed a buffer over-read in\n print-ldp.c:ldp_tlv_print (bsc#1153098).\n\n - CVE-2018-14462: Fixed a buffer over-read in\n print-icmp.c:icmp_print (bsc#1153098).\n\n - CVE-2018-14463: Fixed a buffer over-read in\n print-vrrp.c:vrrp_print (bsc#1153098).\n\n - CVE-2018-14464: Fixed a buffer over-read in\n print-lmp.c:lmp_print_data_link_subobjs (bsc#1153098).\n\n - CVE-2018-14465: Fixed a buffer over-read in\n print-rsvp.c:rsvp_obj_print (bsc#1153098).\n\n - CVE-2018-14466: Fixed a buffer over-read in\n print-rx.c:rx_cache_find (bsc#1153098).\n\n - CVE-2018-14467: Fixed a buffer over-read in\n print-bgp.c:bgp_capabilities_print (bsc#1153098).\n\n - CVE-2018-14468: Fixed a buffer over-read in\n print-fr.c:mfr_print (bsc#1153098).\n\n - CVE-2018-14469: Fixed a buffer over-read in\n print-isakmp.c:ikev1_n_print (bsc#1153098).\n\n - CVE-2018-14470: Fixed a buffer over-read in\n print-babel.c:babel_print_v2 (bsc#1153098).\n\n - CVE-2018-14879: Fixed a buffer overflow in the\n command-line argument parser (bsc#1153098).\n\n - CVE-2018-14880: Fixed a buffer over-read in the OSPFv3\n parser (bsc#1153098).\n\n - CVE-2018-14881: Fixed a buffer over-read in the BGP\n parser (bsc#1153098).\n\n - CVE-2018-14882: Fixed a buffer over-read in the ICMPv6\n parser (bsc#1153098).\n\n - CVE-2018-16227: Fixed a buffer over-read in the IEEE\n 802.11 parser in print-802_11.c for the Mesh Flags\n subfield (bsc#1153098).\n\n - CVE-2018-16228: Fixed a buffer over-read in the HNCP\n parser (bsc#1153098).\n\n - CVE-2018-16229: Fixed a buffer over-read in the DCCP\n parser (bsc#1153098).\n\n - CVE-2018-16230: Fixed a buffer over-read in the BGP\n parser in print-bgp.c:bgp_attr_print (bsc#1153098).\n\n - CVE-2018-16300: Fixed an unlimited recursion in the BGP\n parser that allowed denial-of-service by stack\n consumption (bsc#1153098).\n\n - CVE-2018-16301: Fixed a buffer overflow (bsc#1153332\n bsc#1153098).\n\n - CVE-2018-16451: Fixed several buffer over-reads in\n print-smb.c:print_trans() for \\MAILSLOT\\BROWSE and\n \\PIPE\\LANMAN (bsc#1153098).\n\n - CVE-2018-16452: Fixed a stack exhaustion in\n smbutil.c:smb_fdata (bsc#1153098).\n\n - CVE-2019-15166: Fixed a bounds check in\n lmp_print_data_link_subobjs (bsc#1153098).\n\n - CVE-2019-15167: Fixed a vulnerability in VRRP\n (bsc#1153098).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1068716\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1153098\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1153332\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tcpdump packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tcpdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tcpdump-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"tcpdump-4.9.2-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"tcpdump-debuginfo-4.9.2-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"tcpdump-debugsource-4.9.2-lp151.4.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tcpdump / tcpdump-debuginfo / tcpdump-debugsource\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-06T15:26:50", "description": "This update for tcpdump fixes the following issues :\n\nCVE-2020-8037: Fixed an issue where PPP decapsulator did not allocate the right buffer size (bsc#1178466).\n\nThe previous update of tcpdump already fixed variuous Buffer overflow/overread vulnerabilities [bsc#1153098, bsc#1153332]\n\nCVE-2017-16808 (AoE)\n\nCVE-2018-14468 (FrameRelay)\n\nCVE-2018-14469 (IKEv1)\n\nCVE-2018-14470 (BABEL)\n\nCVE-2018-14466 (AFS/RX)\n\nCVE-2018-14461 (LDP)\n\nCVE-2018-14462 (ICMP)\n\nCVE-2018-14465 (RSVP)\n\nCVE-2018-14464 (LMP)\n\nCVE-2019-15166 (LMP)\n\nCVE-2018-14880 (OSPF6)\n\nCVE-2018-14882 (RPL)\n\nCVE-2018-16227 (802.11)\n\nCVE-2018-16229 (DCCP)\n\nCVE-2018-14467 (BGP)\n\nCVE-2018-14881 (BGP)\n\nCVE-2018-16230 (BGP)\n\nCVE-2018-16300 (BGP)\n\nCVE-2018-14463 (VRRP)\n\nCVE-2019-15167 (VRRP)\n\nCVE-2018-14879 (tcpdump -V)\n\nCVE-2018-16228 (HNCP) is a duplicate of the already fixed CVE-2019-1010220\n\nCVE-2018-16301 (fixed in libpcap)\n\nCVE-2018-16451 (SMB)\n\nCVE-2018-16452 (SMB)\n\nCVE-2018-10103 (SMB - partially fixed, but SMB printing disabled)\n\nCVE-2018-10105 (SMB - too unreliably reproduced, SMB printing disabled)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : tcpdump (SUSE-SU-2020:3360-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-16808", "CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16301", "CVE-2018-16451", "CVE-2018-16452", "CVE-2019-1010220", "CVE-2019-15166", "CVE-2019-15167", "CVE-2020-8037"], "modified": "2020-12-11T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:tcpdump", "p-cpe:/a:novell:suse_linux:tcpdump-debuginfo", "p-cpe:/a:novell:suse_linux:tcpdump-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-3360-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143787", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3360-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143787);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/11\");\n\n script_cve_id(\"CVE-2017-16808\", \"CVE-2018-10103\", \"CVE-2018-10105\", \"CVE-2018-14461\", \"CVE-2018-14462\", \"CVE-2018-14463\", \"CVE-2018-14464\", \"CVE-2018-14465\", \"CVE-2018-14466\", \"CVE-2018-14467\", \"CVE-2018-14468\", \"CVE-2018-14469\", \"CVE-2018-14470\", \"CVE-2018-14879\", \"CVE-2018-14880\", \"CVE-2018-14881\", \"CVE-2018-14882\", \"CVE-2018-16227\", \"CVE-2018-16228\", \"CVE-2018-16229\", \"CVE-2018-16230\", \"CVE-2018-16300\", \"CVE-2018-16301\", \"CVE-2018-16451\", \"CVE-2018-16452\", \"CVE-2019-1010220\", \"CVE-2019-15166\", \"CVE-2019-15167\", \"CVE-2020-8037\");\n\n script_name(english:\"SUSE SLES12 Security Update : tcpdump (SUSE-SU-2020:3360-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for tcpdump fixes the following issues :\n\nCVE-2020-8037: Fixed an issue where PPP decapsulator did not allocate\nthe right buffer size (bsc#1178466).\n\nThe previous update of tcpdump already fixed variuous Buffer\noverflow/overread vulnerabilities [bsc#1153098, bsc#1153332]\n\nCVE-2017-16808 (AoE)\n\nCVE-2018-14468 (FrameRelay)\n\nCVE-2018-14469 (IKEv1)\n\nCVE-2018-14470 (BABEL)\n\nCVE-2018-14466 (AFS/RX)\n\nCVE-2018-14461 (LDP)\n\nCVE-2018-14462 (ICMP)\n\nCVE-2018-14465 (RSVP)\n\nCVE-2018-14464 (LMP)\n\nCVE-2019-15166 (LMP)\n\nCVE-2018-14880 (OSPF6)\n\nCVE-2018-14882 (RPL)\n\nCVE-2018-16227 (802.11)\n\nCVE-2018-16229 (DCCP)\n\nCVE-2018-14467 (BGP)\n\nCVE-2018-14881 (BGP)\n\nCVE-2018-16230 (BGP)\n\nCVE-2018-16300 (BGP)\n\nCVE-2018-14463 (VRRP)\n\nCVE-2019-15167 (VRRP)\n\nCVE-2018-14879 (tcpdump -V)\n\nCVE-2018-16228 (HNCP) is a duplicate of the already fixed\nCVE-2019-1010220\n\nCVE-2018-16301 (fixed in libpcap)\n\nCVE-2018-16451 (SMB)\n\nCVE-2018-16452 (SMB)\n\nCVE-2018-10103 (SMB - partially fixed, but SMB printing disabled)\n\nCVE-2018-10105 (SMB - too unreliably reproduced, SMB printing\ndisabled)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153098\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153332\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178466\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-16808/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10103/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10105/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14461/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14462/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14463/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14464/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14465/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14466/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14467/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14468/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14469/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14470/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14879/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14880/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14881/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14882/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16227/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16228/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16229/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16230/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16300/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16301/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16451/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16452/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-1010220/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-15166/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-15167/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8037/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203360-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9c916938\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3360=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:tcpdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:tcpdump-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"tcpdump-4.9.2-14.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"tcpdump-debuginfo-4.9.2-14.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"tcpdump-debugsource-4.9.2-14.17.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tcpdump\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-05T15:29:43", "description": "New version 4.9.3, Security fix for CVE-2017-16808, CVE-2018-14468, CVE-2018-14469, CVE-2018-14470, CVE-2018-14466, CVE-2018-14461, CVE-2018-14462, CVE-2018-14465, CVE-2018-14881, CVE-2018-14464, CVE-2018-14463, CVE-2018-14467, CVE-2018-10103, CVE-2018-10105, CVE-2018-14880, CVE-2018-16451, CVE-2018-14882, CVE-2018-16227, CVE-2018-16229, CVE-2018-16301, CVE-2018-16230, CVE-2018-16452, CVE-2018-16300, CVE-2018-16228, CVE-2019-15166, CVE-2019-15167, CVE-2017-16808, CVE-2018-14882, CVE-2018-19519\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-10-28T00:00:00", "type": "nessus", "title": "Fedora 29 : 14:tcpdump (2019-85d92df70f)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-16808", "CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16301", "CVE-2018-16451", "CVE-2018-16452", "CVE-2018-19519", "CVE-2019-1010220", "CVE-2019-15166", "CVE-2019-15167"], "modified": "2019-12-18T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:14:tcpdump", "cpe:/o:fedoraproject:fedora:29"], "id": "FEDORA_2019-85D92DF70F.NASL", "href": "https://www.tenable.com/plugins/nessus/130308", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-85d92df70f.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130308);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/12/18\");\n\n script_cve_id(\"CVE-2017-16808\", \"CVE-2018-10103\", \"CVE-2018-10105\", \"CVE-2018-14461\", \"CVE-2018-14462\", \"CVE-2018-14463\", \"CVE-2018-14464\", \"CVE-2018-14465\", \"CVE-2018-14466\", \"CVE-2018-14467\", \"CVE-2018-14468\", \"CVE-2018-14469\", \"CVE-2018-14470\", \"CVE-2018-14879\", \"CVE-2018-14880\", \"CVE-2018-14881\", \"CVE-2018-14882\", \"CVE-2018-16227\", \"CVE-2018-16228\", \"CVE-2018-16229\", \"CVE-2018-16230\", \"CVE-2018-16300\", \"CVE-2018-16301\", \"CVE-2018-16451\", \"CVE-2018-16452\", \"CVE-2018-19519\", \"CVE-2019-1010220\", \"CVE-2019-15166\", \"CVE-2019-15167\");\n script_xref(name:\"FEDORA\", value:\"2019-85d92df70f\");\n\n script_name(english:\"Fedora 29 : 14:tcpdump (2019-85d92df70f)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New version 4.9.3, Security fix for CVE-2017-16808, CVE-2018-14468,\nCVE-2018-14469, CVE-2018-14470, CVE-2018-14466, CVE-2018-14461,\nCVE-2018-14462, CVE-2018-14465, CVE-2018-14881, CVE-2018-14464,\nCVE-2018-14463, CVE-2018-14467, CVE-2018-10103, CVE-2018-10105,\nCVE-2018-14880, CVE-2018-16451, CVE-2018-14882, CVE-2018-16227,\nCVE-2018-16229, CVE-2018-16301, CVE-2018-16230, CVE-2018-16452,\nCVE-2018-16300, CVE-2018-16228, CVE-2019-15166, CVE-2019-15167,\nCVE-2017-16808, CVE-2018-14882, CVE-2018-19519\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-85d92df70f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 14:tcpdump package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:14:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"tcpdump-4.9.3-1.fc29\", epoch:\"14\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"14:tcpdump\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-05T15:30:57", "description": "New libpcap and tcpdump packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.", "cvss3": {}, "published": "2019-10-02T00:00:00", "type": "nessus", "title": "Slackware 14.0 / 14.1 / 14.2 / current : tcpdump (SSA:2019-274-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-16808", "CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16301", "CVE-2018-16451", "CVE-2018-16452", "CVE-2019-15166", "CVE-2019-15167"], "modified": "2019-12-23T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:libpcap", "p-cpe:/a:slackware:slackware_linux:tcpdump", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux:14.2"], "id": "SLACKWARE_SSA_2019-274-01.NASL", "href": "https://www.tenable.com/plugins/nessus/129521", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2019-274-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129521);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/12/23\");\n\n script_cve_id(\"CVE-2017-16808\", \"CVE-2018-10103\", \"CVE-2018-10105\", \"CVE-2018-14461\", \"CVE-2018-14462\", \"CVE-2018-14463\", \"CVE-2018-14464\", \"CVE-2018-14465\", \"CVE-2018-14466\", \"CVE-2018-14467\", \"CVE-2018-14468\", \"CVE-2018-14469\", \"CVE-2018-14470\", \"CVE-2018-14879\", \"CVE-2018-14880\", \"CVE-2018-14881\", \"CVE-2018-14882\", \"CVE-2018-16227\", \"CVE-2018-16228\", \"CVE-2018-16229\", \"CVE-2018-16230\", \"CVE-2018-16300\", \"CVE-2018-16301\", \"CVE-2018-16451\", \"CVE-2018-16452\", \"CVE-2019-15166\", \"CVE-2019-15167\");\n script_xref(name:\"SSA\", value:\"2019-274-01\");\n\n script_name(english:\"Slackware 14.0 / 14.1 / 14.2 / current : tcpdump (SSA:2019-274-01)\");\n script_summary(english:\"Checks for updated packages in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New libpcap and tcpdump packages are available for Slackware 14.0,\n14.1, 14.2, and -current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2019&m=slackware-security.682249\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9d84ca7a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libpcap and / or tcpdump packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:libpcap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.0\", pkgname:\"libpcap\", pkgver:\"1.9.1\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", pkgname:\"tcpdump\", pkgver:\"4.9.3\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"libpcap\", pkgver:\"1.9.1\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"tcpdump\", pkgver:\"4.9.3\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"libpcap\", pkgver:\"1.9.1\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", pkgname:\"tcpdump\", pkgver:\"4.9.3\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"libpcap\", pkgver:\"1.9.1\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"tcpdump\", pkgver:\"4.9.3\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"libpcap\", pkgver:\"1.9.1\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"tcpdump\", pkgver:\"4.9.3\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"libpcap\", pkgver:\"1.9.1\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"tcpdump\", pkgver:\"4.9.3\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"libpcap\", pkgver:\"1.9.0\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", pkgname:\"tcpdump\", pkgver:\"4.9.2\", pkgarch:\"i586\", pkgnum:\"3\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"libpcap\", pkgver:\"1.9.1\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"tcpdump\", pkgver:\"4.9.3\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:54:45", "description": "According to the versions of the tcpdump package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - tcpdump.org tcpdump 4.9.2 is affected by: CWE-126:\n Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: 'ND_PRINT((ndo, '%s', buf))', in function named 'print_prefix', in 'print-hncp.c'. The attack vector is: The victim must open a specially crafted pcap file.(CVE-2019-1010220)\n\n - In tcpdump 4.9.2, a stack-based buffer over-read exists in the print_prefix function of print-hncp.c via crafted packet data because of missing initialization.(CVE-2018-19519)\n\n - This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2019-15167)\n\n - lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.(CVE-2019-15166)\n\n - The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().(CVE-2018-16228)\n\n - The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion.(CVE-2018-16300)\n\n - The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion.(CVE-2018-16452)\n\n - The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI).(CVE-2018-16230)\n\n - libpcap before 1.9.1, as used in tcpdump before 4.9.3, has a buffer overflow and/or over-read because of errors in pcapng reading.(CVE-2018-16301)\n\n - The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().(CVE-2018-16229)\n\n - The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield.(CVE-2018-16227)\n\n - The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c.(CVE-2018-14882)\n\n - The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN.(CVE-2018-16451)\n\n - The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().(CVE-2018-14880)\n\n - tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2).(CVE-2018-10105)\n\n - tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2).(CVE-2018-10103)\n\n - The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP).(CVE-2018-14467)\n\n - The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print().(CVE-2018-14463)\n\n - The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs().(CVE-2018-144 64)\n\n - The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART).(CVE-2018-14881)\n\n - The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().(CVE-2018-14465)\n\n - The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().(CVE-2018-14462)\n\n - The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print().(CVE-2018-14461)\n\n - The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert().(CVE-2018-14466)\n\n - The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().(CVE-2018-14470)\n\n - The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().(CVE-2018-14469)\n\n - The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().(CVE-2018-14468)\n\n - tcpdump 4.9.2 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c.(CVE-2017-16808)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-01-13T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.5.0 : tcpdump (EulerOS-SA-2020-1072)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-16808", "CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16301", "CVE-2018-16451", "CVE-2018-16452", "CVE-2018-19519", "CVE-2019-1010220", "CVE-2019-15166", "CVE-2019-15167"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:tcpdump", "cpe:/o:huawei:euleros:uvp:3.0.5.0"], "id": "EULEROS_SA-2020-1072.NASL", "href": "https://www.tenable.com/plugins/nessus/132826", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132826);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-16808\",\n \"CVE-2018-10103\",\n \"CVE-2018-10105\",\n \"CVE-2018-14461\",\n \"CVE-2018-14462\",\n \"CVE-2018-14463\",\n \"CVE-2018-14464\",\n \"CVE-2018-14465\",\n \"CVE-2018-14466\",\n \"CVE-2018-14467\",\n \"CVE-2018-14468\",\n \"CVE-2018-14469\",\n \"CVE-2018-14470\",\n \"CVE-2018-14880\",\n \"CVE-2018-14881\",\n \"CVE-2018-14882\",\n \"CVE-2018-16227\",\n \"CVE-2018-16228\",\n \"CVE-2018-16229\",\n \"CVE-2018-16230\",\n \"CVE-2018-16300\",\n \"CVE-2018-16301\",\n \"CVE-2018-16451\",\n \"CVE-2018-16452\",\n \"CVE-2018-19519\",\n \"CVE-2019-1010220\",\n \"CVE-2019-15166\",\n \"CVE-2019-15167\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.5.0 : tcpdump (EulerOS-SA-2020-1072)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the tcpdump package installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - tcpdump.org tcpdump 4.9.2 is affected by: CWE-126:\n Buffer Over-read. The impact is: May expose Saved Frame\n Pointer, Return Address etc. on stack. The component\n is: line 234: 'ND_PRINT((ndo, '%s', buf))', in function\n named 'print_prefix', in 'print-hncp.c'. The attack\n vector is: The victim must open a specially crafted\n pcap file.(CVE-2019-1010220)\n\n - In tcpdump 4.9.2, a stack-based buffer over-read exists\n in the print_prefix function of print-hncp.c via\n crafted packet data because of missing\n initialization.(CVE-2018-19519)\n\n - This candidate has been reserved by an organization or\n individual that will use it when announcing a new\n security problem. When the candidate has been\n publicized, the details for this candidate will be\n provided.(CVE-2019-15167)\n\n - lmp_print_data_link_subobjs() in print-lmp.c in tcpdump\n before 4.9.3 lacks certain bounds\n checks.(CVE-2019-15166)\n\n - The HNCP parser in tcpdump before 4.9.3 has a buffer\n over-read in\n print-hncp.c:print_prefix().(CVE-2018-16228)\n\n - The BGP parser in tcpdump before 4.9.3 allows stack\n consumption in print-bgp.c:bgp_attr_print() because of\n unlimited recursion.(CVE-2018-16300)\n\n - The SMB parser in tcpdump before 4.9.3 has stack\n exhaustion in smbutil.c:smb_fdata() via\n recursion.(CVE-2018-16452)\n\n - The BGP parser in tcpdump before 4.9.3 has a buffer\n over-read in print-bgp.c:bgp_attr_print()\n (MP_REACH_NLRI).(CVE-2018-16230)\n\n - libpcap before 1.9.1, as used in tcpdump before 4.9.3,\n has a buffer overflow and/or over-read because of\n errors in pcapng reading.(CVE-2018-16301)\n\n - The DCCP parser in tcpdump before 4.9.3 has a buffer\n over-read in\n print-dccp.c:dccp_print_option().(CVE-2018-16229)\n\n - The IEEE 802.11 parser in tcpdump before 4.9.3 has a\n buffer over-read in print-802_11.c for the Mesh Flags\n subfield.(CVE-2018-16227)\n\n - The ICMPv6 parser in tcpdump before 4.9.3 has a buffer\n over-read in print-icmp6.c.(CVE-2018-14882)\n\n - The SMB parser in tcpdump before 4.9.3 has buffer\n over-reads in print-smb.c:print_trans() for\n \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN.(CVE-2018-16451)\n\n - The OSPFv3 parser in tcpdump before 4.9.3 has a buffer\n over-read in\n print-ospf6.c:ospf6_print_lshdr().(CVE-2018-14880)\n\n - tcpdump before 4.9.3 mishandles the printing of SMB\n data (issue 2 of 2).(CVE-2018-10105)\n\n - tcpdump before 4.9.3 mishandles the printing of SMB\n data (issue 1 of 2).(CVE-2018-10103)\n\n - The BGP parser in tcpdump before 4.9.3 has a buffer\n over-read in print-bgp.c:bgp_capabilities_print()\n (BGP_CAPCODE_MP).(CVE-2018-14467)\n\n - The VRRP parser in tcpdump before 4.9.3 has a buffer\n over-read in print-vrrp.c:vrrp_print().(CVE-2018-14463)\n\n - The LMP parser in tcpdump before 4.9.3 has a buffer\n over-read in\n print-lmp.c:lmp_print_data_link_subobjs().(CVE-2018-144\n 64)\n\n - The BGP parser in tcpdump before 4.9.3 has a buffer\n over-read in print-bgp.c:bgp_capabilities_print()\n (BGP_CAPCODE_RESTART).(CVE-2018-14881)\n\n - The RSVP parser in tcpdump before 4.9.3 has a buffer\n over-read in\n print-rsvp.c:rsvp_obj_print().(CVE-2018-14465)\n\n - The ICMP parser in tcpdump before 4.9.3 has a buffer\n over-read in print-icmp.c:icmp_print().(CVE-2018-14462)\n\n - The LDP parser in tcpdump before 4.9.3 has a buffer\n over-read in\n print-ldp.c:ldp_tlv_print().(CVE-2018-14461)\n\n - The Rx parser in tcpdump before 4.9.3 has a buffer\n over-read in print-rx.c:rx_cache_find() and\n rx_cache_insert().(CVE-2018-14466)\n\n - The Babel parser in tcpdump before 4.9.3 has a buffer\n over-read in\n print-babel.c:babel_print_v2().(CVE-2018-14470)\n\n - The IKEv1 parser in tcpdump before 4.9.3 has a buffer\n over-read in\n print-isakmp.c:ikev1_n_print().(CVE-2018-14469)\n\n - The FRF.16 parser in tcpdump before 4.9.3 has a buffer\n over-read in print-fr.c:mfr_print().(CVE-2018-14468)\n\n - tcpdump 4.9.2 has a heap-based buffer over-read related\n to aoe_print in print-aoe.c and lookup_emem in\n addrtoname.c.(CVE-2017-16808)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1072\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0378180a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected tcpdump packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.5.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.5.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.5.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"tcpdump-4.9.3-1.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tcpdump\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-05T15:31:14", "description": "This update for tcpdump fixes the following issues :\n\n - CVE-2017-16808: Fixed a heap-based buffer over-read related to aoe_print and lookup_emem (bsc#1068716 bsc#1153098).\n\n - CVE-2018-10103: Fixed a mishandling of the printing of SMB data (bsc#1153098).\n\n - CVE-2018-10105: Fixed a mishandling of the printing of SMB data (bsc#1153098).\n\n - CVE-2018-14461: Fixed a buffer over-read in print-ldp.c:ldp_tlv_print (bsc#1153098).\n\n - CVE-2018-14462: Fixed a buffer over-read in print-icmp.c:icmp_print (bsc#1153098).\n\n - CVE-2018-14463: Fixed a buffer over-read in print-vrrp.c:vrrp_print (bsc#1153098).\n\n - CVE-2018-14464: Fixed a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs (bsc#1153098).\n\n - CVE-2018-14465: Fixed a buffer over-read in print-rsvp.c:rsvp_obj_print (bsc#1153098).\n\n - CVE-2018-14466: Fixed a buffer over-read in print-rx.c:rx_cache_find (bsc#1153098).\n\n - CVE-2018-14467: Fixed a buffer over-read in print-bgp.c:bgp_capabilities_print (bsc#1153098).\n\n - CVE-2018-14468: Fixed a buffer over-read in print-fr.c:mfr_print (bsc#1153098).\n\n - CVE-2018-14469: Fixed a buffer over-read in print-isakmp.c:ikev1_n_print (bsc#1153098).\n\n - CVE-2018-14470: Fixed a buffer over-read in print-babel.c:babel_print_v2 (bsc#1153098).\n\n - CVE-2018-14879: Fixed a buffer overflow in the command-line argument parser (bsc#1153098).\n\n - CVE-2018-14880: Fixed a buffer over-read in the OSPFv3 parser (bsc#1153098).\n\n - CVE-2018-14881: Fixed a buffer over-read in the BGP parser (bsc#1153098).\n\n - CVE-2018-14882: Fixed a buffer over-read in the ICMPv6 parser (bsc#1153098).\n\n - CVE-2018-16227: Fixed a buffer over-read in the IEEE 802.11 parser in print-802_11.c for the Mesh Flags subfield (bsc#1153098).\n\n - CVE-2018-16228: Fixed a buffer over-read in the HNCP parser (bsc#1153098).\n\n - CVE-2018-16229: Fixed a buffer over-read in the DCCP parser (bsc#1153098).\n\n - CVE-2018-16230: Fixed a buffer over-read in the BGP parser in print-bgp.c:bgp_attr_print (bsc#1153098).\n\n - CVE-2018-16300: Fixed an unlimited recursion in the BGP parser that allowed denial-of-service by stack consumption (bsc#1153098).\n\n - CVE-2018-16301: Fixed a buffer overflow (bsc#1153332 bsc#1153098).\n\n - CVE-2018-16451: Fixed several buffer over-reads in print-smb.c:print_trans() for \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN (bsc#1153098).\n\n - CVE-2018-16452: Fixed a stack exhaustion in smbutil.c:smb_fdata (bsc#1153098).\n\n - CVE-2019-15166: Fixed a bounds check in lmp_print_data_link_subobjs (bsc#1153098).\n\n - CVE-2019-15167: Fixed a vulnerability in VRRP (bsc#1153098).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {}, "published": "2019-10-21T00:00:00", "type": "nessus", "title": "openSUSE Security Update : tcpdump (openSUSE-2019-2344)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-16808", "CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16301", "CVE-2018-16451", "CVE-2018-16452", "CVE-2019-1010220", "CVE-2019-15166", "CVE-2019-15167"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:tcpdump", "p-cpe:/a:novell:opensuse:tcpdump-debuginfo", "p-cpe:/a:novell:opensuse:tcpdump-debugsource", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-2344.NASL", "href": "https://www.tenable.com/plugins/nessus/130083", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-2344.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130083);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-16808\", \"CVE-2018-10103\", \"CVE-2018-10105\", \"CVE-2018-14461\", \"CVE-2018-14462\", \"CVE-2018-14463\", \"CVE-2018-14464\", \"CVE-2018-14465\", \"CVE-2018-14466\", \"CVE-2018-14467\", \"CVE-2018-14468\", \"CVE-2018-14469\", \"CVE-2018-14470\", \"CVE-2018-14879\", \"CVE-2018-14880\", \"CVE-2018-14881\", \"CVE-2018-14882\", \"CVE-2018-16227\", \"CVE-2018-16228\", \"CVE-2018-16229\", \"CVE-2018-16230\", \"CVE-2018-16300\", \"CVE-2018-16301\", \"CVE-2018-16451\", \"CVE-2018-16452\", \"CVE-2019-1010220\", \"CVE-2019-15166\", \"CVE-2019-15167\");\n\n script_name(english:\"openSUSE Security Update : tcpdump (openSUSE-2019-2344)\");\n script_summary(english:\"Check for the openSUSE-2019-2344 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for tcpdump fixes the following issues :\n\n - CVE-2017-16808: Fixed a heap-based buffer over-read\n related to aoe_print and lookup_emem (bsc#1068716\n bsc#1153098).\n\n - CVE-2018-10103: Fixed a mishandling of the printing of\n SMB data (bsc#1153098).\n\n - CVE-2018-10105: Fixed a mishandling of the printing of\n SMB data (bsc#1153098).\n\n - CVE-2018-14461: Fixed a buffer over-read in\n print-ldp.c:ldp_tlv_print (bsc#1153098).\n\n - CVE-2018-14462: Fixed a buffer over-read in\n print-icmp.c:icmp_print (bsc#1153098).\n\n - CVE-2018-14463: Fixed a buffer over-read in\n print-vrrp.c:vrrp_print (bsc#1153098).\n\n - CVE-2018-14464: Fixed a buffer over-read in\n print-lmp.c:lmp_print_data_link_subobjs (bsc#1153098).\n\n - CVE-2018-14465: Fixed a buffer over-read in\n print-rsvp.c:rsvp_obj_print (bsc#1153098).\n\n - CVE-2018-14466: Fixed a buffer over-read in\n print-rx.c:rx_cache_find (bsc#1153098).\n\n - CVE-2018-14467: Fixed a buffer over-read in\n print-bgp.c:bgp_capabilities_print (bsc#1153098).\n\n - CVE-2018-14468: Fixed a buffer over-read in\n print-fr.c:mfr_print (bsc#1153098).\n\n - CVE-2018-14469: Fixed a buffer over-read in\n print-isakmp.c:ikev1_n_print (bsc#1153098).\n\n - CVE-2018-14470: Fixed a buffer over-read in\n print-babel.c:babel_print_v2 (bsc#1153098).\n\n - CVE-2018-14879: Fixed a buffer overflow in the\n command-line argument parser (bsc#1153098).\n\n - CVE-2018-14880: Fixed a buffer over-read in the OSPFv3\n parser (bsc#1153098).\n\n - CVE-2018-14881: Fixed a buffer over-read in the BGP\n parser (bsc#1153098).\n\n - CVE-2018-14882: Fixed a buffer over-read in the ICMPv6\n parser (bsc#1153098).\n\n - CVE-2018-16227: Fixed a buffer over-read in the IEEE\n 802.11 parser in print-802_11.c for the Mesh Flags\n subfield (bsc#1153098).\n\n - CVE-2018-16228: Fixed a buffer over-read in the HNCP\n parser (bsc#1153098).\n\n - CVE-2018-16229: Fixed a buffer over-read in the DCCP\n parser (bsc#1153098).\n\n - CVE-2018-16230: Fixed a buffer over-read in the BGP\n parser in print-bgp.c:bgp_attr_print (bsc#1153098).\n\n - CVE-2018-16300: Fixed an unlimited recursion in the BGP\n parser that allowed denial-of-service by stack\n consumption (bsc#1153098).\n\n - CVE-2018-16301: Fixed a buffer overflow (bsc#1153332\n bsc#1153098).\n\n - CVE-2018-16451: Fixed several buffer over-reads in\n print-smb.c:print_trans() for \\MAILSLOT\\BROWSE and\n \\PIPE\\LANMAN (bsc#1153098).\n\n - CVE-2018-16452: Fixed a stack exhaustion in\n smbutil.c:smb_fdata (bsc#1153098).\n\n - CVE-2019-15166: Fixed a bounds check in\n lmp_print_data_link_subobjs (bsc#1153098).\n\n - CVE-2019-15167: Fixed a vulnerability in VRRP\n (bsc#1153098).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1068716\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1153098\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1153332\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tcpdump packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tcpdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tcpdump-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"tcpdump-4.9.2-lp150.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"tcpdump-debuginfo-4.9.2-lp150.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"tcpdump-debugsource-4.9.2-lp150.10.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tcpdump / tcpdump-debuginfo / tcpdump-debugsource\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-15T15:39:37", "description": "The remote host is running a version of macOS / Mac OS X that is 10.13.x prior to 10.13.6 Security Update 2019-007, 10.14.x prior to 10.14.6 Security Update 2019-002, or 10.15.x prior to 10.15.2. It is, therefore, affected by multiple vulnerabilities :\n\n - slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an LDAP search query with attrsOnly set to true, which causes empty attributes to be returned.\n (CVE-2012-1164)\n\n - libraries/libldap/tls_m.c in OpenLDAP, possibly 2.4.31 and earlier, when using the Mozilla NSS backend, always uses the default cipher suite even when TLSCipherSuite is set, which might cause OpenLDAP to use weaker ciphers than intended and make it easier for remote attackers to obtain sensitive information. (CVE-2012-2668)\n\n - The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search. (CVE-2013-4449)\n\n - The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request. (CVE-2015-1545)\n\n - tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c. (CVE-2017-16808)\n\n - tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2). (CVE-2018-10103)\n\n - tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2). (CVE-2018-10105)\n\n - The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print().\n (CVE-2018-14461)\n\n - The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print(). (CVE-2018-14462)\n\n - The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print(). (CVE-2018-14463)\n\n - The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs().\n (CVE-2018-14464)\n\n - The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().\n (CVE-2018-14465)\n\n - The Rx parser in tcpdump before 4.9.3 has a buffer over- read in print-rx.c:rx_cache_find() and rx_cache_insert(). (CVE-2018-14466)\n\n - The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP). (CVE-2018-14467)\n\n - The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print(). (CVE-2018-14468)\n\n - The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().\n (CVE-2018-14469)\n\n - The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().\n (CVE-2018-14470)\n\n - The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file().\n (CVE-2018-14879)\n\n - The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().\n (CVE-2018-14880)\n\n - The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART). (CVE-2018-14881)\n\n - The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c. (CVE-2018-14882)\n\n - The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield. (CVE-2018-16227)\n\n - The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().\n (CVE-2018-16228)\n\n - The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().\n (CVE-2018-16229)\n\n - The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI). (CVE-2018-16230)\n\n - The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion. (CVE-2018-16300)\n\n - libpcap before 1.9.1, as used in tcpdump before 4.9.3, has a buffer overflow and/or over-read because of errors in pcapng reading. (CVE-2018-16301)\n\n - The SMB parser in tcpdump before 4.9.3 has buffer over- reads in print-smb.c:print_trans() for \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN. (CVE-2018-16451)\n\n - The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion.\n (CVE-2018-16452)\n\n - An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or with a proxyAuthz (RFC 4370) control. (It is not a common configuration to deploy a system where the server administrator and a DB administrator enjoy different levels of trust.) (CVE-2019-13057)\n\n - An issue was discovered in OpenLDAP 2.x before 2.4.48.\n When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs. After the first SASL bind is completed, the sasl_ssf value is retained for all new non-SASL connections. Depending on the ACL configuration, this can affect different types of operations (searches, modifications, etc.). In other words, a successful authorization step completed by one user affects the authorization requirement for a different user. (CVE-2019-13565)\n\n - rpcapd/daemon.c in libpcap before 1.9.1 mishandles certain length values because of reuse of a variable.\n This may open up an attack vector involving extra data at the end of a request. (CVE-2019-15161)\n\n - rpcapd/daemon.c in libpcap before 1.9.1 on non-Windows platforms provides details about why authentication failed, which might make it easier for attackers to enumerate valid usernames. (CVE-2019-15162)\n\n - rpcapd/daemon.c in libpcap before 1.9.1 allows attackers to cause a denial of service (NULL pointer dereference and daemon crash) if a crypt() call fails.\n (CVE-2019-15163)\n\n - rpcapd/daemon.c in libpcap before 1.9.1 allows SSRF because a URL may be provided as a capture source.\n (CVE-2019-15164)\n\n - sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory.\n (CVE-2019-15165)\n\n - lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.\n (CVE-2019-15166)\n\n - In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.\n (CVE-2019-15903)\n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported version number.", "cvss3": {}, "published": "2019-12-12T00:00:00", "type": "nessus", "title": "macOS 10.15.x < 10.15.2 / 10.14.x < 10.14.6 Security Update 2019-002 / 10.13.x < 10.13.6 Security Update 2019-007", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1164", "CVE-2012-2668", "CVE-2013-4449", "CVE-2015-1545", "CVE-2017-16808", "CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16301", "CVE-2018-16451", "CVE-2018-16452", "CVE-2019-13057", "CVE-2019-13565", "CVE-2019-15161", "CVE-2019-15162", "CVE-2019-15163", "CVE-2019-15164", "CVE-2019-15165", "CVE-2019-15166", "CVE-2019-15167", "CVE-2019-15903", "CVE-2019-8828", "CVE-2019-8830", "CVE-2019-8832", "CVE-2019-8833", "CVE-2019-8837", "CVE-2019-8838", "CVE-2019-8839", "CVE-2019-8842", "CVE-2019-8847", "CVE-2019-8848", "CVE-2019-8852", "CVE-2019-8853", "CVE-2019-8856"], "modified": "2022-05-18T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x", "cpe:/o:apple:macos"], "id": "MACOS_HT210788.NASL", "href": "https://www.tenable.com/plugins/nessus/131957", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131957);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\n \"CVE-2012-1164\",\n \"CVE-2012-2668\",\n \"CVE-2013-4449\",\n \"CVE-2015-1545\",\n \"CVE-2017-16808\",\n \"CVE-2018-10103\",\n \"CVE-2018-10105\",\n \"CVE-2018-14461\",\n \"CVE-2018-14462\",\n \"CVE-2018-14463\",\n \"CVE-2018-14464\",\n \"CVE-2018-14465\",\n \"CVE-2018-14466\",\n \"CVE-2018-14467\",\n \"CVE-2018-14468\",\n \"CVE-2018-14469\",\n \"CVE-2018-14470\",\n \"CVE-2018-14879\",\n \"CVE-2018-14880\",\n \"CVE-2018-14881\",\n \"CVE-2018-14882\",\n \"CVE-2018-16227\",\n \"CVE-2018-16228\",\n \"CVE-2018-16229\",\n \"CVE-2018-16230\",\n \"CVE-2018-16300\",\n \"CVE-2018-16301\",\n \"CVE-2018-16451\",\n \"CVE-2018-16452\",\n \"CVE-2019-8828\",\n \"CVE-2019-8830\",\n \"CVE-2019-8832\",\n \"CVE-2019-8833\",\n \"CVE-2019-8837\",\n \"CVE-2019-8838\",\n \"CVE-2019-8839\",\n \"CVE-2019-8842\",\n \"CVE-2019-8847\",\n \"CVE-2019-8848\",\n \"CVE-2019-8852\",\n \"CVE-2019-8853\",\n \"CVE-2019-8856\",\n \"CVE-2019-13057\",\n \"CVE-2019-13565\",\n \"CVE-2019-15161\",\n \"CVE-2019-15162\",\n \"CVE-2019-15163\",\n \"CVE-2019-15164\",\n \"CVE-2019-15165\",\n \"CVE-2019-15166\",\n \"CVE-2019-15167\",\n \"CVE-2019-15903\"\n );\n script_bugtraq_id(\n 52404,\n 53823,\n 63190,\n 72519\n );\n script_xref(name:\"APPLE-SA\", value:\"HT210788\");\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2019-12-06\");\n\n script_name(english:\"macOS 10.15.x < 10.15.2 / 10.14.x < 10.14.6 Security Update 2019-002 / 10.13.x < 10.13.6 Security Update 2019-007\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a macOS update that fixes multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of macOS / Mac OS X that is 10.13.x prior\nto 10.13.6 Security Update 2019-007, 10.14.x prior to 10.14.6 Security Update\n2019-002, or 10.15.x prior to 10.15.2. It is, therefore, affected by multiple\nvulnerabilities :\n\n - slapd in OpenLDAP before 2.4.30 allows remote attackers\n to cause a denial of service (assertion failure and\n daemon exit) via an LDAP search query with attrsOnly set\n to true, which causes empty attributes to be returned.\n (CVE-2012-1164)\n\n - libraries/libldap/tls_m.c in OpenLDAP, possibly 2.4.31\n and earlier, when using the Mozilla NSS backend, always\n uses the default cipher suite even when TLSCipherSuite\n is set, which might cause OpenLDAP to use weaker ciphers\n than intended and make it easier for remote attackers to\n obtain sensitive information. (CVE-2012-2668)\n\n - The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier\n does not properly count references, which allows remote\n attackers to cause a denial of service (slapd crash) by\n unbinding immediately after a search request, which\n triggers rwm_conn_destroy to free the session context\n while it is being used by rwm_op_search. (CVE-2013-4449)\n\n - The deref_parseCtrl function in\n servers/slapd/overlays/deref.c in OpenLDAP 2.4.13\n through 2.4.40 allows remote attackers to cause a denial\n of service (NULL pointer dereference and crash) via an\n empty attribute list in a deref control in a search\n request. (CVE-2015-1545)\n\n - tcpdump before 4.9.3 has a heap-based buffer over-read\n related to aoe_print in print-aoe.c and lookup_emem in\n addrtoname.c. (CVE-2017-16808)\n\n - tcpdump before 4.9.3 mishandles the printing of SMB data\n (issue 1 of 2). (CVE-2018-10103)\n\n - tcpdump before 4.9.3 mishandles the printing of SMB data\n (issue 2 of 2). (CVE-2018-10105)\n\n - The LDP parser in tcpdump before 4.9.3 has a buffer\n over-read in print-ldp.c:ldp_tlv_print().\n (CVE-2018-14461)\n\n - The ICMP parser in tcpdump before 4.9.3 has a buffer\n over-read in print-icmp.c:icmp_print(). (CVE-2018-14462)\n\n - The VRRP parser in tcpdump before 4.9.3 has a buffer\n over-read in print-vrrp.c:vrrp_print(). (CVE-2018-14463)\n\n - The LMP parser in tcpdump before 4.9.3 has a buffer\n over-read in print-lmp.c:lmp_print_data_link_subobjs().\n (CVE-2018-14464)\n\n - The RSVP parser in tcpdump before 4.9.3 has a buffer\n over-read in print-rsvp.c:rsvp_obj_print().\n (CVE-2018-14465)\n\n - The Rx parser in tcpdump before 4.9.3 has a buffer over-\n read in print-rx.c:rx_cache_find() and\n rx_cache_insert(). (CVE-2018-14466)\n\n - The BGP parser in tcpdump before 4.9.3 has a buffer\n over-read in print-bgp.c:bgp_capabilities_print()\n (BGP_CAPCODE_MP). (CVE-2018-14467)\n\n - The FRF.16 parser in tcpdump before 4.9.3 has a buffer\n over-read in print-fr.c:mfr_print(). (CVE-2018-14468)\n\n - The IKEv1 parser in tcpdump before 4.9.3 has a buffer\n over-read in print-isakmp.c:ikev1_n_print().\n (CVE-2018-14469)\n\n - The Babel parser in tcpdump before 4.9.3 has a buffer\n over-read in print-babel.c:babel_print_v2().\n (CVE-2018-14470)\n\n - The command-line argument parser in tcpdump before 4.9.3\n has a buffer overflow in tcpdump.c:get_next_file().\n (CVE-2018-14879)\n\n - The OSPFv3 parser in tcpdump before 4.9.3 has a buffer\n over-read in print-ospf6.c:ospf6_print_lshdr().\n (CVE-2018-14880)\n\n - The BGP parser in tcpdump before 4.9.3 has a buffer\n over-read in print-bgp.c:bgp_capabilities_print()\n (BGP_CAPCODE_RESTART). (CVE-2018-14881)\n\n - The ICMPv6 parser in tcpdump before 4.9.3 has a buffer\n over-read in print-icmp6.c. (CVE-2018-14882)\n\n - The IEEE 802.11 parser in tcpdump before 4.9.3 has a\n buffer over-read in print-802_11.c for the Mesh Flags\n subfield. (CVE-2018-16227)\n\n - The HNCP parser in tcpdump before 4.9.3 has a buffer\n over-read in print-hncp.c:print_prefix().\n (CVE-2018-16228)\n\n - The DCCP parser in tcpdump before 4.9.3 has a buffer\n over-read in print-dccp.c:dccp_print_option().\n (CVE-2018-16229)\n\n - The BGP parser in tcpdump before 4.9.3 has a buffer\n over-read in print-bgp.c:bgp_attr_print()\n (MP_REACH_NLRI). (CVE-2018-16230)\n\n - The BGP parser in tcpdump before 4.9.3 allows stack\n consumption in print-bgp.c:bgp_attr_print() because of\n unlimited recursion. (CVE-2018-16300)\n\n - libpcap before 1.9.1, as used in tcpdump before 4.9.3,\n has a buffer overflow and/or over-read because of errors\n in pcapng reading. (CVE-2018-16301)\n\n - The SMB parser in tcpdump before 4.9.3 has buffer over-\n reads in print-smb.c:print_trans() for \\MAILSLOT\\BROWSE\n and \\PIPE\\LANMAN. (CVE-2018-16451)\n\n - The SMB parser in tcpdump before 4.9.3 has stack\n exhaustion in smbutil.c:smb_fdata() via recursion.\n (CVE-2018-16452)\n\n - An issue was discovered in the server in OpenLDAP before\n 2.4.48. When the server administrator delegates rootDN\n (database admin) privileges for certain databases but\n wants to maintain isolation (e.g., for multi-tenant\n deployments), slapd does not properly stop a rootDN from\n requesting authorization as an identity from another\n database during a SASL bind or with a proxyAuthz (RFC\n 4370) control. (It is not a common configuration to\n deploy a system where the server administrator and a DB\n administrator enjoy different levels of trust.)\n (CVE-2019-13057)\n\n - An issue was discovered in OpenLDAP 2.x before 2.4.48.\n When using SASL authentication and session encryption,\n and relying on the SASL security layers in slapd access\n controls, it is possible to obtain access that would\n otherwise be denied via a simple bind for any identity\n covered in those ACLs. After the first SASL bind is\n completed, the sasl_ssf value is retained for all new\n non-SASL connections. Depending on the ACL\n configuration, this can affect different types of\n operations (searches, modifications, etc.). In other\n words, a successful authorization step completed by one\n user affects the authorization requirement for a\n different user. (CVE-2019-13565)\n\n - rpcapd/daemon.c in libpcap before 1.9.1 mishandles\n certain length values because of reuse of a variable.\n This may open up an attack vector involving extra data\n at the end of a request. (CVE-2019-15161)\n\n - rpcapd/daemon.c in libpcap before 1.9.1 on non-Windows\n platforms provides details about why authentication\n failed, which might make it easier for attackers to\n enumerate valid usernames. (CVE-2019-15162)\n\n - rpcapd/daemon.c in libpcap before 1.9.1 allows attackers\n to cause a denial of service (NULL pointer dereference\n and daemon crash) if a crypt() call fails.\n (CVE-2019-15163)\n\n - rpcapd/daemon.c in libpcap before 1.9.1 allows SSRF\n because a URL may be provided as a capture source.\n (CVE-2019-15164)\n\n - sf-pcapng.c in libpcap before 1.9.1 does not properly\n validate the PHB header length before allocating memory.\n (CVE-2019-15165)\n\n - lmp_print_data_link_subobjs() in print-lmp.c in tcpdump\n before 4.9.3 lacks certain bounds checks.\n (CVE-2019-15166)\n\n - In libexpat before 2.2.8, crafted XML input could fool\n the parser into changing from DTD parsing to document\n parsing too early; a consecutive call to\n XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber)\n then resulted in a heap-based buffer over-read.\n (CVE-2019-15903)\n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported\nversion number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT210788\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to macOS 10.15.2 / 10.14.x < 10.14.6 Security Update 2019-002 / 10.13.x < 10.13.6 Security Update 2019-007 or\nlater\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-8852\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-10105\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/06/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:macos\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n script_require_ports(\"Host/MacOSX/Version\", \"Host/OS\");\n\n exit(0);\n}\n\ninclude('lists.inc');\ninclude('vcf.inc');\ninclude('vcf_extras_apple.inc');\n\napp_info = vcf::apple::macos::get_app_info();\n\nconstraints = [\n { 'min_version' : '10.15', 'fixed_version' : '10.15.2' },\n { 'min_version' : '10.13', 'max_version' : '10.13.6', 'fixed_build': '17G10021', 'fixed_display' : '10.13.6 Security Update 2019-007' },\n { 'min_version' : '10.14', 'max_version' : '10.14.6', 'fixed_build': '18G2022', 'fixed_display' : '10.14.6 Security Update 2019-002' }\n];\nvcf::apple::macos::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "openvas": [{"lastseen": "2020-01-27T18:35:32", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for tcpdump (EulerOS-SA-2019-2551)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16300", "CVE-2018-14463", "CVE-2018-14469", "CVE-2018-14467", "CVE-2018-16229", "CVE-2018-16452", "CVE-2018-14466", "CVE-2018-14470", "CVE-2018-14880", "CVE-2018-14879", "CVE-2018-16451", "CVE-2018-16227", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-16230", "CVE-2018-14465", "CVE-2018-14464", "CVE-2018-14881"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192551", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192551", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2551\");\n script_version(\"2020-01-23T13:05:14+0000\");\n script_cve_id(\"CVE-2018-14461\", \"CVE-2018-14462\", \"CVE-2018-14463\", \"CVE-2018-14464\", \"CVE-2018-14465\", \"CVE-2018-14466\", \"CVE-2018-14467\", \"CVE-2018-14469\", \"CVE-2018-14470\", \"CVE-2018-14879\", \"CVE-2018-14880\", \"CVE-2018-14881\", \"CVE-2018-16227\", \"CVE-2018-16229\", \"CVE-2018-16230\", \"CVE-2018-16300\", \"CVE-2018-16451\", \"CVE-2018-16452\");\n script_tag(name:\"cvss_base\", value:\"5.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 13:05:14 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 13:05:14 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for tcpdump (EulerOS-SA-2019-2551)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2551\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2551\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'tcpdump' package(s) announced via the EulerOS-SA-2019-2551 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print().(CVE-2018-14461)\n\nThe ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().(CVE-2018-14462)\n\nThe VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print().(CVE-2018-14463)\n\nThe LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs().(CVE-2018-14464)\n\nThe RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().(CVE-2018-14465)\n\nThe Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert().(CVE-2018-14466)\n\nThe BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP).(CVE-2018-14467)\n\nThe IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().(CVE-2018-14469)\n\nThe Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().(CVE-2018-14470)\n\nThe command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file().(CVE-2018-14879)\n\nThe OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().(CVE-2018-14880)\n\nThe BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART).(CVE-2018-14881)\n\nThe IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield.(CVE-2018-16227)\n\nThe DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().(CVE-2018-16229)\n\nThe BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI).(CVE-2018-16230)\n\nThe BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion.(CVE-2018-16300)\n\nThe SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN.(CVE-2018-16451)\n\nThe SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion.(CVE-2018-16452)\");\n\n script_tag(name:\"affected\", value:\"'tcpdump' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"tcpdump\", rpm:\"tcpdump~4.9.2~3.h2.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-21T14:51:20", "description": "tcpdump is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2019-10-21T00:00:00", "type": "openvas", "title": "tcpdump < 4.9.3 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16300", "CVE-2018-14463", "CVE-2018-14469", "CVE-2018-14467", "CVE-2018-16229", "CVE-2018-16452", "CVE-2018-14466", "CVE-2018-14470", "CVE-2018-14880", "CVE-2018-14882", "CVE-2018-14879", "CVE-2018-16451", "CVE-2018-16227", "CVE-2018-14468", "CVE-2018-16228", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-16230", "CVE-2018-14465", "CVE-2019-15166", "CVE-2018-14464", "CVE-2018-14881"], "modified": "2020-01-21T00:00:00", "id": "OPENVAS:1361412562310113543", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310113543", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.113543\");\n script_version(\"2020-01-21T07:42:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-21 07:42:39 +0000 (Tue, 21 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-10-21 15:35:17 +0000 (Mon, 21 Oct 2019)\");\n script_tag(name:\"cvss_base\", value:\"5.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n\n script_tag(name:\"qod_type\", value:\"executable_version_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_cve_id(\"CVE-2018-14461\", \"CVE-2018-14462\", \"CVE-2018-14463\", \"CVE-2018-14464\", \"CVE-2018-14465\", \"CVE-2018-14466\", \"CVE-2018-14467\", \"CVE-2018-14468\", \"CVE-2018-14469\", \"CVE-2018-14470\", \"CVE-2018-14879\", \"CVE-2018-14880\", \"CVE-2018-14881\", \"CVE-2018-14882\", \"CVE-2018-16227\", \"CVE-2018-16228\", \"CVE-2018-16229\", \"CVE-2018-16230\", \"CVE-2018-16300\", \"CVE-2018-16451\", \"CVE-2018-16452\", \"CVE-2019-15166\");\n\n script_name(\"tcpdump < 4.9.3 Multiple Vulnerabilities\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Buffer overflow\");\n script_dependencies(\"gb_tcpdump_ssh_detect.nasl\");\n script_mandatory_keys(\"tcpdump/detected\");\n\n script_tag(name:\"summary\", value:\"tcpdump is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"There are buffer over-read vulnerabilities in the following modules:\n\n print-ldp.c:ldp_tlv_print(), print_icmp.c:icmp_print(), print_vrrp.c:vrrp_print(),\n print_lmp.c:lmp_print_data_link_subobjs(), print_rsvp.c:rsvp_obj_print(),\n print-rx.c:rx_cache_find(), print-rx.c:rx_cache_insert(),\n print-bgp.c:bgp_capabilities_print(), print-fr.c:mfr_print(), print-isakkmp.c:ikev1_n_print(),\n print_babel.c:babel_print_v2(), print-ospf6.c:ospf6_print_lshdr(), print-icmp6.c,\n print-802_11.c, print-hncp.c:print_prefix(), print-dccp.c:dccp_print_option(),\n print_bgp.c:bgp_attr_print(), print-smb.c:print_trans()\n\n There is a buffer overflow vulnerability in tcpdump.c:get_next_file().\n\n There is a stack consumption vulnerability in print-bgp.c:bgp_attr_print().\n\n There is a stack exhaustion vulnerability in smbutil.c:smb_fdata().\n\n print_lmp.c:lmp_print_data_link_subobjs() lacks bounds checks.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation would allow an attacker to read sensitive information\n or execute arbitrary code on the target machine.\");\n\n script_tag(name:\"affected\", value:\"tcpdump through version 4.9.2.\");\n\n script_tag(name:\"solution\", value:\"Update to version 4.9.3.\");\n\n script_xref(name:\"URL\", value:\"https://www.tcpdump.org/tcpdump-changes.txt\");\n\n exit(0);\n}\n\nCPE = \"cpe:/a:tcpdump:tcpdump\";\n\ninclude( \"host_details.inc\" );\ninclude( \"version_func.inc\" );\n\nif( ! infos = get_app_version_and_location( cpe: CPE, exit_no_version: TRUE ) ) exit( 0 );\nversion = infos[\"version\"];\nlocation = infos[\"location\"];\n\nif( version_is_less( version: version, test_version: \"4.9.3\" ) ) {\n report = report_fixed_ver( installed_version: version, fixed_version: \"4.9.3\", install_path: location );\n security_message( data: report, port: 0 );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-29T19:27:12", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-10-12T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for tcpdump (DLA-1955-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16300", "CVE-2018-14463", "CVE-2018-14469", "CVE-2018-10103", "CVE-2018-14467", "CVE-2018-10105", "CVE-2018-16229", "CVE-2018-16452", "CVE-2018-14466", "CVE-2018-14470", "CVE-2018-14880", "CVE-2018-14882", "CVE-2018-14879", "CVE-2018-16451", "CVE-2018-16227", "CVE-2018-14468", "CVE-2018-16228", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-16230", "CVE-2018-14465", "CVE-2019-15166", "CVE-2018-14464", "CVE-2018-14881"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891955", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891955", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891955\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2018-10103\", \"CVE-2018-10105\", \"CVE-2018-14461\", \"CVE-2018-14462\", \"CVE-2018-14463\", \"CVE-2018-14464\", \"CVE-2018-14465\", \"CVE-2018-14466\", \"CVE-2018-14467\", \"CVE-2018-14468\", \"CVE-2018-14469\", \"CVE-2018-14470\", \"CVE-2018-14879\", \"CVE-2018-14880\", \"CVE-2018-14881\", \"CVE-2018-14882\", \"CVE-2018-16227\", \"CVE-2018-16228\", \"CVE-2018-16229\", \"CVE-2018-16230\", \"CVE-2018-16300\", \"CVE-2018-16451\", \"CVE-2018-16452\", \"CVE-2019-15166\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-10-12 02:00:27 +0000 (Sat, 12 Oct 2019)\");\n script_name(\"Debian LTS: Security Advisory for tcpdump (DLA-1955-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-1955-1\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/941698\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tcpdump'\n package(s) announced via the DLA-1955-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Several vulnerabilities have been discovered in tcpdump, a\ncommand-line network traffic analyzer. These security vulnerabilities\nmight result in denial of service or, potentially, execution of\narbitrary code.\");\n\n script_tag(name:\"affected\", value:\"'tcpdump' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n4.9.3-1~deb8u1.\n\nWe recommend that you upgrade your tcpdump packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"tcpdump\", ver:\"4.9.3-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-17T17:01:49", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-04-16T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for tcpdump (EulerOS-SA-2020-1437)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16300", "CVE-2018-14463", "CVE-2018-14469", "CVE-2018-10103", "CVE-2018-14467", "CVE-2018-10105", "CVE-2018-16229", "CVE-2018-16452", "CVE-2018-14466", "CVE-2018-14470", "CVE-2018-14880", "CVE-2018-14882", "CVE-2018-14879", "CVE-2018-16451", "CVE-2018-16227", "CVE-2018-14468", "CVE-2018-16228", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-16230", "CVE-2018-14465", "CVE-2019-15166", "CVE-2018-14464", "CVE-2018-14881"], "modified": "2020-04-16T00:00:00", "id": "OPENVAS:1361412562311220201437", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201437", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from the referenced\n# advisories, and are Copyright (C) by the respective right holder(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1437\");\n script_version(\"2020-04-16T05:52:58+0000\");\n script_cve_id(\"CVE-2018-10103\", \"CVE-2018-10105\", \"CVE-2018-14461\", \"CVE-2018-14462\", \"CVE-2018-14463\", \"CVE-2018-14464\", \"CVE-2018-14465\", \"CVE-2018-14466\", \"CVE-2018-14467\", \"CVE-2018-14468\", \"CVE-2018-14469\", \"CVE-2018-14470\", \"CVE-2018-14879\", \"CVE-2018-14880\", \"CVE-2018-14881\", \"CVE-2018-14882\", \"CVE-2018-16227\", \"CVE-2018-16228\", \"CVE-2018-16229\", \"CVE-2018-16230\", \"CVE-2018-16300\", \"CVE-2018-16451\", \"CVE-2018-16452\", \"CVE-2019-15166\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-16 05:52:58 +0000 (Thu, 16 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-16 05:52:58 +0000 (Thu, 16 Apr 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for tcpdump (EulerOS-SA-2020-1437)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1437\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1437\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'tcpdump' package(s) announced via the EulerOS-SA-2020-1437 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2).(CVE-2018-10103)\n\n\n\ntcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2).(CVE-2018-10105)\n\n\n\nThe FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().(CVE-2018-14468)\n\n\n\nThe ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c.(CVE-2018-14882)\n\n\n\nlmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.(CVE-2019-15166)\n\n\n\nThe LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print().(CVE-2018-14461)\n\n\n\nThe ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().(CVE-2018-14462)\n\n\n\nThe VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print().(CVE-2018-14463)\n\n\n\nThe LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs().(CVE-2018-14464)\n\n\n\nThe RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().(CVE-2018-14465)\n\n\n\nThe Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert().(CVE-2018-14466)\n\n\n\nThe BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP).(CVE-2018-14467)\n\n\n\nThe IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().(CVE-2018-14469)\n\n\n\nThe Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().(CVE-2018-14470)\n\n\n\nThe command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file().(CVE-2018-14879)\n\n\n\nThe OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().(CVE-2018-14880)\n\n\n\nThe BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART).(CVE-2018-14881)\n\n\n\nThe IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield.(CVE-2018-16227)\n\n\n\nThe DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().(CVE-2018-16229)\n\n\n\nThe BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI).(CVE-2018-16230)\n\n\n\nThe BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion.(CVE-2018-16300)\n\n\n\nThe SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \\MAILSLOT\\BROW ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'tcpdump' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"tcpdump\", rpm:\"tcpdump~4.9.0~5.h179\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-10-23T14:51:01", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-10-23T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4547-1 (tcpdump - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16300", "CVE-2018-14463", "CVE-2018-14469", "CVE-2018-10103", "CVE-2018-14467", "CVE-2018-10105", "CVE-2018-16229", "CVE-2018-16452", "CVE-2018-14466", "CVE-2018-14470", "CVE-2018-14880", "CVE-2018-14882", "CVE-2018-14879", "CVE-2018-16451", "CVE-2018-16227", "CVE-2018-14468", "CVE-2018-16228", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-16230", "CVE-2018-14465", "CVE-2019-15166", "CVE-2018-14464", "CVE-2018-14881"], "modified": "2019-10-23T00:00:00", "id": "OPENVAS:1361412562310704547", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704547", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704547\");\n script_version(\"2019-10-23T02:00:33+0000\");\n script_cve_id(\"CVE-2018-10103\", \"CVE-2018-10105\", \"CVE-2018-14461\", \"CVE-2018-14462\", \"CVE-2018-14463\", \"CVE-2018-14464\", \"CVE-2018-14465\", \"CVE-2018-14466\", \"CVE-2018-14467\", \"CVE-2018-14468\", \"CVE-2018-14469\", \"CVE-2018-14470\", \"CVE-2018-14879\", \"CVE-2018-14880\", \"CVE-2018-14881\", \"CVE-2018-14882\", \"CVE-2018-16227\", \"CVE-2018-16228\", \"CVE-2018-16229\", \"CVE-2018-16230\", \"CVE-2018-16300\", \"CVE-2018-16451\", \"CVE-2018-16452\", \"CVE-2019-15166\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 02:00:33 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-10-23 02:00:33 +0000 (Wed, 23 Oct 2019)\");\n script_name(\"Debian Security Advisory DSA 4547-1 (tcpdump - security update)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(10|9)\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2019/dsa-4547.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DSA-4547-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tcpdump'\n package(s) announced via the DSA-4547-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Several vulnerabilities have been discovered in tcpdump, a command-line\nnetwork traffic analyzer. These vulnerabilities might result in denial of\nservice or, potentially, execution of arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"'tcpdump' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For the oldstable distribution (stretch), these problems have been fixed\nin version 4.9.3-1~deb9u1.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 4.9.3-1~deb10u1.\n\nWe recommend that you upgrade your tcpdump packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"tcpdump\", ver:\"4.9.3-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tcpdump\", ver:\"4.9.3-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-06T12:10:13", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-10-30T00:00:00", "type": "openvas", "title": "Fedora Update for tcpdump FEDORA-2019-d06bc63433", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-19519", "CVE-2018-16300", "CVE-2018-14463", "CVE-2018-14469", "CVE-2018-10103", "CVE-2018-14467", "CVE-2018-10105", "CVE-2018-16229", "CVE-2018-16452", "CVE-2018-14466", "CVE-2018-14470", "CVE-2018-14880", "CVE-2018-16301", "CVE-2018-14882", "CVE-2017-16808", "CVE-2018-14879", "CVE-2018-16451", "CVE-2018-16227", "CVE-2019-1010220", "CVE-2018-14468", "CVE-2018-16228", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-16230", "CVE-2018-14465", "CVE-2019-15166", "CVE-2018-14464", "CVE-2019-15167", "CVE-2018-14881"], "modified": "2019-10-30T00:00:00", "id": "OPENVAS:1361412562310876949", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876949", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876949\");\n script_version(\"2019-10-30T10:03:24+0000\");\n script_cve_id(\"CVE-2017-16808\", \"CVE-2018-14468\", \"CVE-2018-14469\", \"CVE-2018-14470\", \"CVE-2018-14466\", \"CVE-2018-14461\", \"CVE-2018-14462\", \"CVE-2018-14465\", \"CVE-2018-14881\", \"CVE-2018-14464\", \"CVE-2018-14463\", \"CVE-2018-14467\", \"CVE-2018-10103\", \"CVE-2018-10105\", \"CVE-2018-14880\", \"CVE-2018-16451\", \"CVE-2018-14882\", \"CVE-2018-16227\", \"CVE-2018-16229\", \"CVE-2018-16301\", \"CVE-2018-16230\", \"CVE-2018-16452\", \"CVE-2018-16300\", \"CVE-2018-16228\", \"CVE-2019-15166\", \"CVE-2019-15167\", \"CVE-2018-19519\", \"CVE-2018-14879\", \"CVE-2019-1010220\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-10-30 10:03:24 +0000 (Wed, 30 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-10-30 03:35:05 +0000 (Wed, 30 Oct 2019)\");\n script_name(\"Fedora Update for tcpdump FEDORA-2019-d06bc63433\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-d06bc63433\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tcpdump'\n package(s) announced via the FEDORA-2019-d06bc63433 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Tcpdump is a command-line tool for monitoring network traffic.\nTcpdump can capture and display the packet headers on a particular\nnetwork interface or on all interfaces. Tcpdump can display all of\nthe packet headers, or just the ones that match particular criteria.\n\nInstall tcpdump if you need a program to monitor network traffic.\");\n\n script_tag(name:\"affected\", value:\"'tcpdump' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"tcpdump\", rpm:\"tcpdump~4.9.3~1.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:36:00", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for tcpdump (EulerOS-SA-2019-2305)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-19519", "CVE-2018-16300", "CVE-2018-14463", "CVE-2018-14469", "CVE-2018-10103", "CVE-2018-14467", "CVE-2018-10105", "CVE-2018-16229", "CVE-2018-16452", "CVE-2018-14466", "CVE-2018-14470", "CVE-2018-14880", "CVE-2018-16301", "CVE-2018-14882", "CVE-2017-16808", "CVE-2018-14879", "CVE-2018-16451", "CVE-2018-16227", "CVE-2019-1010220", "CVE-2018-14468", "CVE-2018-16228", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-16230", "CVE-2018-14465", "CVE-2019-15166", "CVE-2018-14464", "CVE-2018-14881"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192305", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192305", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2305\");\n script_version(\"2020-01-23T12:45:59+0000\");\n script_cve_id(\"CVE-2017-16808\", \"CVE-2018-10103\", \"CVE-2018-10105\", \"CVE-2018-14461\", \"CVE-2018-14462\", \"CVE-2018-14463\", \"CVE-2018-14464\", \"CVE-2018-14465\", \"CVE-2018-14466\", \"CVE-2018-14467\", \"CVE-2018-14468\", \"CVE-2018-14469\", \"CVE-2018-14470\", \"CVE-2018-14879\", \"CVE-2018-14880\", \"CVE-2018-14881\", \"CVE-2018-14882\", \"CVE-2018-16227\", \"CVE-2018-16228\", \"CVE-2018-16229\", \"CVE-2018-16230\", \"CVE-2018-16300\", \"CVE-2018-16301\", \"CVE-2018-16451\", \"CVE-2018-16452\", \"CVE-2018-19519\", \"CVE-2019-1010220\", \"CVE-2019-15166\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:45:59 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:45:59 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for tcpdump (EulerOS-SA-2019-2305)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP8\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2305\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2305\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'tcpdump' package(s) announced via the EulerOS-SA-2019-2305 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c.(CVE-2017-16808)\n\nThe FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().(CVE-2018-14468)\n\nThe IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().(CVE-2018-14469)\n\nThe Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().(CVE-2018-14470)\n\nThe Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert().(CVE-2018-14466)\n\nThe LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print().(CVE-2018-14461)\n\nThe ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().(CVE-2018-14462)\n\nThe RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().(CVE-2018-14465)\n\nThe BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART).(CVE-2018-14881)\n\nThe LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs().(CVE-2018-14464)\n\nThe VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print().(CVE-2018-14463)\n\nThe BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP).(CVE-2018-14467)\n\ntcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2).(CVE-2018-10103)\n\ntcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2).(CVE-2018-10105)\n\nThe OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().(CVE-2018-14880)\n\nThe SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN.(CVE-2018-16451)\n\nThe ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c.(CVE-2018-14882)\n\nThe IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield.(CVE-2018-16227)\n\nThe DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().(CVE-2018-16229)\n\nlibpcap before 1.9.1, as used in tcpdump before 4.9.3, has a buffer overflow and/or over-read because of errors in pcapng reading.(CVE-2018-16301)\n\nThe BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI).(CVE-2018-16230)\n\nThe SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion.(C ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'tcpdump' package(s) on Huawei EulerOS V2.0SP8.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP8\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"tcpdump\", rpm:\"tcpdump~4.9.3~1.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-14T14:48:55", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-01-09T00:00:00", "type": "openvas", "title": "Fedora Update for tcpdump FEDORA-2019-6db0d5b9d9", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-19519", "CVE-2018-16300", "CVE-2018-14463", "CVE-2018-14469", "CVE-2018-10103", "CVE-2018-14467", "CVE-2018-10105", "CVE-2018-16229", "CVE-2018-16452", "CVE-2018-14466", "CVE-2018-14470", "CVE-2018-14880", "CVE-2018-16301", "CVE-2018-14882", "CVE-2017-16808", "CVE-2018-14879", "CVE-2018-16451", "CVE-2018-16227", "CVE-2019-1010220", "CVE-2018-14468", "CVE-2018-16228", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-16230", "CVE-2018-14465", "CVE-2019-15166", "CVE-2018-14464", "CVE-2019-15167", "CVE-2018-14881"], "modified": "2020-01-13T00:00:00", "id": "OPENVAS:1361412562310877172", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877172", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877172\");\n script_version(\"2020-01-13T11:49:13+0000\");\n script_cve_id(\"CVE-2017-16808\", \"CVE-2018-14468\", \"CVE-2018-14469\", \"CVE-2018-14470\", \"CVE-2018-14466\", \"CVE-2018-14461\", \"CVE-2018-14462\", \"CVE-2018-14465\", \"CVE-2018-14881\", \"CVE-2018-14464\", \"CVE-2018-14463\", \"CVE-2018-14467\", \"CVE-2018-10103\", \"CVE-2018-10105\", \"CVE-2018-14880\", \"CVE-2018-16451\", \"CVE-2018-14882\", \"CVE-2018-16227\", \"CVE-2018-16229\", \"CVE-2018-16301\", \"CVE-2018-16230\", \"CVE-2018-16452\", \"CVE-2018-16300\", \"CVE-2018-16228\", \"CVE-2019-15166\", \"CVE-2019-15167\", \"CVE-2018-19519\", \"CVE-2018-14879\", \"CVE-2019-1010220\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-13 11:49:13 +0000 (Mon, 13 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-09 07:30:10 +0000 (Thu, 09 Jan 2020)\");\n script_name(\"Fedora Update for tcpdump FEDORA-2019-6db0d5b9d9\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC31\");\n\n script_xref(name:\"FEDORA\", value:\"2019-6db0d5b9d9\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tcpdump'\n package(s) announced via the FEDORA-2019-6db0d5b9d9 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Tcpdump is a command-line tool for monitoring network traffic.\nTcpdump can capture and display the packet headers on a particular\nnetwork interface or on all interfaces. Tcpdump can display all of\nthe packet headers, or just the ones that match particular criteria.\n\nInstall tcpdump if you need a program to monitor network traffic.\");\n\n script_tag(name:\"affected\", value:\"'tcpdump' package(s) on Fedora 31.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC31\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"tcpdump\", rpm:\"tcpdump~4.9.3~1.fc31\", rls:\"FC31\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T16:30:07", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-01-09T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for tcpdump (openSUSE-SU-2019:2348-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16300", "CVE-2018-14463", "CVE-2018-14469", "CVE-2018-10103", "CVE-2018-14467", "CVE-2018-10105", "CVE-2018-16229", "CVE-2018-16452", "CVE-2018-14466", "CVE-2018-14470", "CVE-2018-14880", "CVE-2018-16301", "CVE-2018-14882", "CVE-2017-16808", "CVE-2018-14879", "CVE-2018-16451", "CVE-2018-16227", "CVE-2019-1010220", "CVE-2018-14468", "CVE-2018-16228", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-16230", "CVE-2018-14465", "CVE-2019-15166", "CVE-2018-14464", "CVE-2019-15167", "CVE-2018-14881"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852829", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852829", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852829\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2017-16808\", \"CVE-2018-10103\", \"CVE-2018-10105\", \"CVE-2018-14461\",\n \"CVE-2018-14462\", \"CVE-2018-14463\", \"CVE-2018-14464\", \"CVE-2018-14465\",\n \"CVE-2018-14466\", \"CVE-2018-14467\", \"CVE-2018-14468\", \"CVE-2018-14469\",\n \"CVE-2018-14470\", \"CVE-2018-14879\", \"CVE-2018-14880\", \"CVE-2018-14881\",\n \"CVE-2018-14882\", \"CVE-2018-16227\", \"CVE-2018-16228\", \"CVE-2018-16229\",\n \"CVE-2018-16230\", \"CVE-2018-16300\", \"CVE-2018-16301\", \"CVE-2018-16451\",\n \"CVE-2018-16452\", \"CVE-2019-1010220\", \"CVE-2019-15166\", \"CVE-2019-15167\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-09 09:33:43 +0000 (Thu, 09 Jan 2020)\");\n script_name(\"openSUSE: Security Advisory for tcpdump (openSUSE-SU-2019:2348-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.1\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:2348-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tcpdump'\n package(s) announced via the openSUSE-SU-2019:2348-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for tcpdump fixes the following issues:\n\n - CVE-2017-16808: Fixed a heap-based buffer over-read related to aoe_print\n and lookup_emem (bsc#1068716 bsc#1153098).\n\n - CVE-2018-10103: Fixed a mishandling of the printing of SMB data\n (bsc#1153098).\n\n - CVE-2018-10105: Fixed a mishandling of the printing of SMB data\n (bsc#1153098).\n\n - CVE-2018-14461: Fixed a buffer over-read in print-ldp.c:ldp_tlv_print\n (bsc#1153098).\n\n - CVE-2018-14462: Fixed a buffer over-read in print-icmp.c:icmp_print\n (bsc#1153098).\n\n - CVE-2018-14463: Fixed a buffer over-read in print-vrrp.c:vrrp_print\n (bsc#1153098).\n\n - CVE-2018-14464: Fixed a buffer over-read in\n print-lmp.c:lmp_print_data_link_subobjs (bsc#1153098).\n\n - CVE-2018-14465: Fixed a buffer over-read in print-rsvp.c:rsvp_obj_print\n (bsc#1153098).\n\n - CVE-2018-14466: Fixed a buffer over-read in print-rx.c:rx_cache_find\n (bsc#1153098).\n\n - CVE-2018-14467: Fixed a buffer over-read in\n print-bgp.c:bgp_capabilities_print (bsc#1153098).\n\n - CVE-2018-14468: Fixed a buffer over-read in print-fr.c:mfr_print\n (bsc#1153098).\n\n - CVE-2018-14469: Fixed a buffer over-read in print-isakmp.c:ikev1_n_print\n (bsc#1153098).\n\n - CVE-2018-14470: Fixed a buffer over-read in print-babel.c:babel_print_v2\n (bsc#1153098).\n\n - CVE-2018-14879: Fixed a buffer overflow in the command-line argument\n parser (bsc#1153098).\n\n - CVE-2018-14880: Fixed a buffer over-read in the OSPFv3 parser\n (bsc#1153098).\n\n - CVE-2018-14881: Fixed a buffer over-read in the BGP parser (bsc#1153098).\n\n - CVE-2018-14882: Fixed a buffer over-read in the ICMPv6 parser\n (bsc#1153098).\n\n - CVE-2018-16227: Fixed a buffer over-read in the IEEE 802.11 parser in\n print-802_11.c for the Mesh Flags subfield (bsc#1153098).\n\n - CVE-2018-16228: Fixed a buffer over-read in the HNCP parser\n (bsc#1153098).\n\n - CVE-2018-16229: Fixed a buffer over-read in the DCCP parser\n (bsc#1153098).\n\n - CVE-2018-16230: Fixed a buffer over-read in the BGP parser in\n print-bgp.c:bgp_attr_print (bsc#1153098).\n\n - CVE-2018-16300: Fixed an unlimited recursion in the BGP parser that\n allowed denial-of-service by stack consumption (bsc#1153098).\n\n - CVE-2018-16301: Fixed a buffer overflow (bsc#1153332 bsc#1153098).\n\n - CVE-2018-16451: Fixed several buffer over-reads in\n print-smb.c:print_trans() for \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN\n (bsc#1153098).\n\n - CVE-2018-16452: Fixed a stack exhaustion in smbutil.c:smb_fdata\n (bsc#1153098).\n\n - CVE-2019-15166: Fixed a bounds check in lmp_print_data_link_subobjs\n (bsc#1153098).\n\n - CVE-2019-15167: Fixed a vulnerability in VRRP (bsc#1153098).\n\n This update was importe ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'tcpdump' package(s) on openSUSE Leap 15.1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"tcpdump\", rpm:\"tcpdump~4.9.2~lp151.4.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tcpdump-debuginfo\", rpm:\"tcpdump-debuginfo~4.9.2~lp151.4.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tcpdump-debugsource\", rpm:\"tcpdump-debugsource~4.9.2~lp151.4.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T16:48:30", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-10-21T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for tcpdump (openSUSE-SU-2019:2344-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16300", "CVE-2018-14463", "CVE-2018-14469", "CVE-2018-10103", "CVE-2018-14467", "CVE-2018-10105", "CVE-2018-16229", "CVE-2018-16452", "CVE-2018-14466", "CVE-2018-14470", "CVE-2018-14880", "CVE-2018-16301", "CVE-2018-14882", "CVE-2017-16808", "CVE-2018-14879", "CVE-2018-16451", "CVE-2018-16227", "CVE-2019-1010220", "CVE-2018-14468", "CVE-2018-16228", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-16230", "CVE-2018-14465", "CVE-2019-15166", "CVE-2018-14464", "CVE-2019-15167", "CVE-2018-14881"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852744", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852744", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852744\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2017-16808\", \"CVE-2018-10103\", \"CVE-2018-10105\", \"CVE-2018-14461\", \"CVE-2018-14462\", \"CVE-2018-14463\", \"CVE-2018-14464\", \"CVE-2018-14465\", \"CVE-2018-14466\", \"CVE-2018-14467\", \"CVE-2018-14468\", \"CVE-2018-14469\", \"CVE-2018-14470\", \"CVE-2018-14879\", \"CVE-2018-14880\", \"CVE-2018-14881\", \"CVE-2018-14882\", \"CVE-2018-16227\", \"CVE-2018-16228\", \"CVE-2018-16229\", \"CVE-2018-16230\", \"CVE-2018-16300\", \"CVE-2018-16301\", \"CVE-2018-16451\", \"CVE-2018-16452\", \"CVE-2019-1010220\", \"CVE-2019-15166\", \"CVE-2019-15167\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-10-21 02:00:39 +0000 (Mon, 21 Oct 2019)\");\n script_name(\"openSUSE: Security Advisory for tcpdump (openSUSE-SU-2019:2344-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:2344-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tcpdump'\n package(s) announced via the openSUSE-SU-2019:2344-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for tcpdump fixes the following issues:\n\n - CVE-2017-16808: Fixed a heap-based buffer over-read related to aoe_print\n and lookup_emem (bsc#1068716 bsc#1153098).\n\n - CVE-2018-10103: Fixed a mishandling of the printing of SMB data\n (bsc#1153098).\n\n - CVE-2018-10105: Fixed a mishandling of the printing of SMB data\n (bsc#1153098).\n\n - CVE-2018-14461: Fixed a buffer over-read in print-ldp.c:ldp_tlv_print\n (bsc#1153098).\n\n - CVE-2018-14462: Fixed a buffer over-read in print-icmp.c:icmp_print\n (bsc#1153098).\n\n - CVE-2018-14463: Fixed a buffer over-read in print-vrrp.c:vrrp_print\n (bsc#1153098).\n\n - CVE-2018-14464: Fixed a buffer over-read in\n print-lmp.c:lmp_print_data_link_subobjs (bsc#1153098).\n\n - CVE-2018-14465: Fixed a buffer over-read in print-rsvp.c:rsvp_obj_print\n (bsc#1153098).\n\n - CVE-2018-14466: Fixed a buffer over-read in print-rx.c:rx_cache_find\n (bsc#1153098).\n\n - CVE-2018-14467: Fixed a buffer over-read in\n print-bgp.c:bgp_capabilities_print (bsc#1153098).\n\n - CVE-2018-14468: Fixed a buffer over-read in print-fr.c:mfr_print\n (bsc#1153098).\n\n - CVE-2018-14469: Fixed a buffer over-read in print-isakmp.c:ikev1_n_print\n (bsc#1153098).\n\n - CVE-2018-14470: Fixed a buffer over-read in print-babel.c:babel_print_v2\n (bsc#1153098).\n\n - CVE-2018-14879: Fixed a buffer overflow in the command-line argument\n parser (bsc#1153098).\n\n - CVE-2018-14880: Fixed a buffer over-read in the OSPFv3 parser\n (bsc#1153098).\n\n - CVE-2018-14881: Fixed a buffer over-read in the BGP parser (bsc#1153098).\n\n - CVE-2018-14882: Fixed a buffer over-read in the ICMPv6 parser\n (bsc#1153098).\n\n - CVE-2018-16227: Fixed a buffer over-read in the IEEE 802.11 parser in\n print-802_11.c for the Mesh Flags subfield (bsc#1153098).\n\n - CVE-2018-16228: Fixed a buffer over-read in the HNCP parser\n (bsc#1153098).\n\n - CVE-2018-16229: Fixed a buffer over-read in the DCCP parser\n (bsc#1153098).\n\n - CVE-2018-16230: Fixed a buffer over-read in the BGP parser in\n print-bgp.c:bgp_attr_print (bsc#1153098).\n\n - CVE-2018-16300: Fixed an unlimited recursion in the BGP parser that\n allowed denial-of-service by stack consumption (bsc#1153098).\n\n - CVE-2018-16301: Fixed a buffer overflow (bsc#1153332 bsc#1153098).\n\n - CVE-2018-16451: Fixed several buffer over-reads in\n print-smb.c:print_trans() for \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN\n (bsc#1153098).\n\n - CVE-2018-16452: Fixed a stack exhaustion in smbutil.c:smb_fdata\n (bsc#1153098).\n\n - CVE-2019-15166: Fixed a bounds check in lmp_print_data_link_subobjs\n (bsc#1153098).\n\n - CVE-2019-15167: Fixed a vulnerability in VRRP (bsc#1153098).\n\n This update was importe ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'tcpdump' package(s) on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"tcpdump\", rpm:\"tcpdump~4.9.2~lp150.10.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tcpdump-debuginfo\", rpm:\"tcpdump-debuginfo~4.9.2~lp150.10.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tcpdump-debugsource\", rpm:\"tcpdump-debugsource~4.9.2~lp150.10.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-06T12:10:07", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-10-26T00:00:00", "type": "openvas", "title": "Fedora Update for tcpdump FEDORA-2019-85d92df70f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-19519", "CVE-2018-16300", "CVE-2018-14463", "CVE-2018-14469", "CVE-2018-10103", "CVE-2018-14467", "CVE-2018-10105", "CVE-2018-16229", "CVE-2018-16452", "CVE-2018-14466", "CVE-2018-14470", "CVE-2018-14880", "CVE-2018-16301", "CVE-2018-14882", "CVE-2017-16808", "CVE-2018-14879", "CVE-2018-16451", "CVE-2018-16227", "CVE-2019-1010220", "CVE-2018-14468", "CVE-2018-16228", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-16230", "CVE-2018-14465", "CVE-2019-15166", "CVE-2018-14464", "CVE-2019-15167", "CVE-2018-14881"], "modified": "2019-10-30T00:00:00", "id": "OPENVAS:1361412562310876932", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876932", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876932\");\n script_version(\"2019-10-30T10:03:24+0000\");\n script_cve_id(\"CVE-2017-16808\", \"CVE-2018-14468\", \"CVE-2018-14469\", \"CVE-2018-14470\", \"CVE-2018-14466\", \"CVE-2018-14461\", \"CVE-2018-14462\", \"CVE-2018-14465\", \"CVE-2018-14881\", \"CVE-2018-14464\", \"CVE-2018-14463\", \"CVE-2018-14467\", \"CVE-2018-10103\", \"CVE-2018-10105\", \"CVE-2018-14880\", \"CVE-2018-16451\", \"CVE-2018-14882\", \"CVE-2018-16227\", \"CVE-2018-16229\", \"CVE-2018-16301\", \"CVE-2018-16230\", \"CVE-2018-16452\", \"CVE-2018-16300\", \"CVE-2018-16228\", \"CVE-2019-15166\", \"CVE-2019-15167\", \"CVE-2018-19519\", \"CVE-2018-14879\", \"CVE-2019-1010220\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-10-30 10:03:24 +0000 (Wed, 30 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-10-26 02:27:03 +0000 (Sat, 26 Oct 2019)\");\n script_name(\"Fedora Update for tcpdump FEDORA-2019-85d92df70f\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-85d92df70f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tcpdump'\n package(s) announced via the FEDORA-2019-85d92df70f advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Tcpdump is a command-line tool for monitoring network traffic.\nTcpdump can capture and display the packet headers on a particular\nnetwork interface or on all interfaces. Tcpdump can display all of\nthe packet headers, or just the ones that match particular criteria.\n\nInstall tcpdump if you need a program to monitor network traffic.\");\n\n script_tag(name:\"affected\", value:\"'tcpdump' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"tcpdump\", rpm:\"tcpdump~4.9.3~1.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:34:03", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for tcpdump (EulerOS-SA-2020-1072)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-19519", "CVE-2018-16300", "CVE-2018-14463", "CVE-2018-14469", "CVE-2018-10103", "CVE-2018-14467", "CVE-2018-10105", "CVE-2018-16229", "CVE-2018-16452", "CVE-2018-14466", "CVE-2018-14470", "CVE-2018-14880", "CVE-2018-16301", "CVE-2018-14882", "CVE-2017-16808", "CVE-2018-16451", "CVE-2018-16227", "CVE-2019-1010220", "CVE-2018-14468", "CVE-2018-16228", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-16230", "CVE-2018-14465", "CVE-2019-15166", "CVE-2018-14464", "CVE-2019-15167", "CVE-2018-14881"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220201072", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201072", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1072\");\n script_version(\"2020-01-23T15:42:05+0000\");\n script_cve_id(\"CVE-2017-16808\", \"CVE-2018-10103\", \"CVE-2018-10105\", \"CVE-2018-14461\", \"CVE-2018-14462\", \"CVE-2018-14463\", \"CVE-2018-14464\", \"CVE-2018-14465\", \"CVE-2018-14466\", \"CVE-2018-14467\", \"CVE-2018-14468\", \"CVE-2018-14469\", \"CVE-2018-14470\", \"CVE-2018-14880\", \"CVE-2018-14881\", \"CVE-2018-14882\", \"CVE-2018-16227\", \"CVE-2018-16228\", \"CVE-2018-16229\", \"CVE-2018-16230\", \"CVE-2018-16300\", \"CVE-2018-16301\", \"CVE-2018-16451\", \"CVE-2018-16452\", \"CVE-2018-19519\", \"CVE-2019-1010220\", \"CVE-2019-15166\", \"CVE-2019-15167\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 15:42:05 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 13:18:58 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for tcpdump (EulerOS-SA-2020-1072)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.5\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1072\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1072\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'tcpdump' package(s) announced via the EulerOS-SA-2020-1072 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234:'ND_PRINT((ndo, '%s', buf)), ', in function named 'print_prefix', in 'print-hncp.c'. The attack vector is: The victim must open a specially crafted pcap file.(CVE-2019-1010220)\n\nIn tcpdump 4.9.2, a stack-based buffer over-read exists in the print_prefix function of print-hncp.c via crafted packet data because of missing initialization.(CVE-2018-19519)\n\nThis candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2019-15167)\n\nlmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.(CVE-2019-15166)\n\nThe HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().(CVE-2018-16228)\n\nThe BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion.(CVE-2018-16300)\n\nThe SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion.(CVE-2018-16452)\n\nThe BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI).(CVE-2018-16230)\n\nlibpcap before 1.9.1, as used in tcpdump before 4.9.3, has a buffer overflow and/or over-read because of errors in pcapng reading.(CVE-2018-16301)\n\nThe DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().(CVE-2018-16229)\n\nThe IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield.(CVE-2018-16227)\n\nThe ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c.(CVE-2018-14882)\n\nThe SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN.(CVE-2018-16451)\n\nThe OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().(CVE-2018-14880)\n\ntcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2).(CVE-2018-10105)\n\ntcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2).(CVE-2018-10103)\n\nThe BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP).(CVE-2018-14467)\n\nThe VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print().(CVE-2018-14463)\n\nThe LMP parser in tcpdump before 4.9.3 has a ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'tcpdump' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.5.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.5.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"tcpdump\", rpm:\"tcpdump~4.9.3~1.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.5.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-29T18:43:02", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-01-28T00:00:00", "type": "openvas", "title": "Ubuntu: Security Advisory for tcpdump (USN-4252-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-19519", "CVE-2018-16300", "CVE-2018-14463", "CVE-2018-14469", "CVE-2018-10103", "CVE-2018-14467", "CVE-2018-10105", "CVE-2018-16229", "CVE-2018-16452", "CVE-2018-14466", "CVE-2018-14470", "CVE-2018-14880", "CVE-2018-14882", "CVE-2017-16808", "CVE-2018-14879", "CVE-2018-16451", "CVE-2018-16227", "CVE-2019-1010220", "CVE-2018-14468", "CVE-2018-16228", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-16230", "CVE-2018-14465", "CVE-2019-15166", "CVE-2018-14464", "CVE-2019-15167", "CVE-2018-14881"], "modified": "2020-01-28T00:00:00", "id": "OPENVAS:1361412562310844311", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844311", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844311\");\n script_version(\"2020-01-28T10:45:23+0000\");\n script_cve_id(\"CVE-2017-16808\", \"CVE-2018-10103\", \"CVE-2018-10105\", \"CVE-2018-14461\", \"CVE-2018-14462\", \"CVE-2018-14463\", \"CVE-2018-14464\", \"CVE-2018-14465\", \"CVE-2018-14466\", \"CVE-2018-14467\", \"CVE-2018-14468\", \"CVE-2018-14469\", \"CVE-2018-14470\", \"CVE-2018-14879\", \"CVE-2018-14880\", \"CVE-2018-14881\", \"CVE-2018-14882\", \"CVE-2018-16227\", \"CVE-2018-16228\", \"CVE-2018-16229\", \"CVE-2018-16230\", \"CVE-2018-16300\", \"CVE-2018-16451\", \"CVE-2018-16452\", \"CVE-2018-19519\", \"CVE-2019-1010220\", \"CVE-2019-15166\", \"CVE-2019-15167\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-28 10:45:23 +0000 (Tue, 28 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-28 04:00:26 +0000 (Tue, 28 Jan 2020)\");\n script_name(\"Ubuntu: Security Advisory for tcpdump (USN-4252-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=(UBUNTU18\\.04 LTS|UBUNTU16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"4252-1\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2020-January/005292.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tcpdump'\n package(s) announced via the USN-4252-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple security issues were discovered in tcpdump. A remote attacker\ncould use these issues to cause tcpdump to crash, resulting in a denial of\nservice, or possibly execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"'tcpdump' package(s) on Ubuntu 18.04 LTS, Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"tcpdump\", ver:\"4.9.3-0ubuntu0.18.04.1\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"tcpdump\", ver:\"4.9.3-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-05T16:57:41", "description": "This host is installed with Apple Mac OS X\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2019-12-12T00:00:00", "type": "openvas", "title": "Apple MacOSX Security Updates(HT210788)-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16300", "CVE-2018-14463", "CVE-2018-14469", "CVE-2018-10103", "CVE-2018-14467", "CVE-2019-15161", "CVE-2018-10105", "CVE-2018-16229", "CVE-2018-16452", "CVE-2018-14466", "CVE-2019-15165", "CVE-2018-14470", "CVE-2018-14880", "CVE-2018-16301", "CVE-2018-14882", "CVE-2017-16808", "CVE-2018-14879", "CVE-2018-16451", "CVE-2019-15162", "CVE-2018-16227", "CVE-2018-14468", "CVE-2018-16228", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-16230", "CVE-2018-14465", "CVE-2019-15163", "CVE-2019-15166", "CVE-2018-14464", "CVE-2019-15167", "CVE-2018-14881", "CVE-2019-15164"], "modified": "2020-03-04T00:00:00", "id": "OPENVAS:1361412562310815874", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815874", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815874\");\n script_version(\"2020-03-04T09:29:37+0000\");\n script_cve_id(\"CVE-2017-16808\", \"CVE-2018-10103\", \"CVE-2018-10105\", \"CVE-2018-14461\",\n \"CVE-2018-14462\", \"CVE-2018-14463\", \"CVE-2018-14464\", \"CVE-2018-14465\",\n \"CVE-2018-14466\", \"CVE-2018-14467\", \"CVE-2018-14468\", \"CVE-2018-14469\",\n \"CVE-2018-14470\", \"CVE-2018-14879\", \"CVE-2018-14880\", \"CVE-2018-14881\",\n \"CVE-2018-14882\", \"CVE-2018-16227\", \"CVE-2018-16228\", \"CVE-2018-16229\",\n \"CVE-2018-16230\", \"CVE-2018-16300\", \"CVE-2018-16301\", \"CVE-2018-16451\",\n \"CVE-2018-16452\", \"CVE-2019-15161\", \"CVE-2019-15162\", \"CVE-2019-15163\",\n \"CVE-2019-15164\", \"CVE-2019-15165\", \"CVE-2019-15166\", \"CVE-2019-15167\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-03-04 09:29:37 +0000 (Wed, 04 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-12-12 11:00:05 +0530 (Thu, 12 Dec 2019)\");\n script_name(\"Apple MacOSX Security Updates(HT210788)-01\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple Mac OS X\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is\n present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - A validation issue related to improper input sanitization.\n\n - An API issue existed in the handling of outgoing phone calls initiated with\n Siri.\n\n - An issue existed related to improper checks.\n\n - A buffer overflow issue related to improper bounds checking.\n\n - An out-of-bounds read error related to improper input validation.\n\n - An issue existed in the parsing of crafted XML file.\n\n - Multiple issues in OpenLDAP.\n\n - Multiple issues in tcpdump.\n\n - Multiple memory corruption issues related to improper memory handling.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation allows attackers to\n read restricted memory, execute arbitrary code, conduct denial of service\n attack and disclosure of user information.\");\n\n script_tag(name:\"affected\", value:\"Apple Mac OS X versions 10.15.x prior to 10.15.2.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple Mac OS X 10.15.2 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT210788\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"ssh_func.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName)\n exit(0);\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer || osVer !~ \"^10\\.15\" || \"Mac OS X\" >!< osName)\n exit(0);\n\nif(version_is_less(version:osVer, test_version:\"10.15.2\")) {\n report = report_fixed_ver(installed_version:osVer, fixed_version:\"10.15.2\");\n security_message(port:0, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2022-07-21T08:18:09", "description": "\nSeveral vulnerabilities have been discovered in tcpdump, a\ncommand-line network traffic analyzer. These security vulnerabilities\nmight result in denial of service or, potentially, execution of\narbitrary code.\n\n\nFor Debian 8 Jessie, these problems have been fixed in version\n4.9.3-1~deb8u1.\n\n\nWe recommend that you upgrade your tcpdump packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-10-11T00:00:00", "type": "osv", "title": "tcpdump - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16300", "CVE-2018-14463", "CVE-2018-14469", "CVE-2018-10103", "CVE-2018-14467", "CVE-2018-10105", "CVE-2018-16229", "CVE-2018-16452", "CVE-2018-14466", "CVE-2018-14470", "CVE-2018-14880", "CVE-2018-14882", "CVE-2018-14879", "CVE-2018-16451", "CVE-2018-16227", "CVE-2018-14468", "CVE-2018-16228", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-16230", "CVE-2018-14465", "CVE-2019-15166", "CVE-2018-14464", "CVE-2018-14881"], "modified": "2022-07-21T05:52:51", "id": "OSV:DLA-1955-1", "href": "https://osv.dev/vulnerability/DLA-1955-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2023-11-28T10:48:53", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4547-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nOctober 21, 2019 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : tcpdump\nCVE ID : CVE-2018-10103 CVE-2018-10105 CVE-2018-14461 CVE-2018-14462 \n CVE-2018-14463 CVE-2018-14464 CVE-2018-14465 CVE-2018-14466 \n CVE-2018-14467 CVE-2018-14468 CVE-2018-14469 CVE-2018-14470 \n CVE-2018-14879 CVE-2018-14880 CVE-2018-14881 CVE-2018-14882 \n CVE-2018-16227 CVE-2018-16228 CVE-2018-16229 CVE-2018-16230 \n CVE-2018-16300 CVE-2018-16451 CVE-2018-16452 CVE-2019-15166\n\nSeveral vulnerabilities have been discovered in tcpdump, a command-line\nnetwork traffic analyzer. These vulnerabilities might result in denial of\nservice or, potentially, execution of arbitrary code.\n\nFor the oldstable distribution (stretch), these problems have been fixed\nin version 4.9.3-1~deb9u1.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 4.9.3-1~deb10u1.\n\nWe recommend that you upgrade your tcpdump packages.\n\nFor the detailed security status of tcpdump please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/tcpdump\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2019-10-21T21:26:24", "type": "debian", "title": "[SECURITY] [DSA 4547-1] tcpdump security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16451", "CVE-2018-16452", "CVE-2019-15166"], "modified": "2019-10-21T21:26:24", "id": "DEBIAN:DSA-4547-1:D6E02", "href": "https://lists.debian.org/debian-security-announce/2019/msg00199.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-22T12:09:19", "description": "Package : tcpdump\nVersion : 4.9.3-1~deb8u1\nCVE ID : CVE-2018-10103 CVE-2018-10105 CVE-2018-14461\n CVE-2018-14462 CVE-2018-14463 CVE-2018-14464\n CVE-2018-14465 CVE-2018-14466 CVE-2018-14467\n CVE-2018-14468 CVE-2018-14469 CVE-2018-14470\n CVE-2018-14879 CVE-2018-14880 CVE-2018-14881\n CVE-2018-14882 CVE-2018-16227 CVE-2018-16228\n CVE-2018-16229 CVE-2018-16230 CVE-2018-16300\n CVE-2018-16451 CVE-2018-16452 CVE-2019-15166\nDebian Bug : 941698\n\nSeveral vulnerabilities have been discovered in tcpdump, a\ncommand-line network traffic analyzer. These security vulnerabilities\nmight result in denial of service or, potentially, execution of\narbitrary code.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n4.9.3-1~deb8u1.\n\nWe recommend that you upgrade your tcpdump packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-10-11T20:27:37", "type": "debian", "title": "[SECURITY] [DLA 1955-1] tcpdump security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16451", "CVE-2018-16452", "CVE-2019-15166"], "modified": "2019-10-11T20:27:37", "id": "DEBIAN:DLA-1955-1:52801", "href": "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-24T15:41:05", "description": "Package : tcpdump\nVersion : 4.9.3-1~deb8u1\nCVE ID : CVE-2018-10103 CVE-2018-10105 CVE-2018-14461\n CVE-2018-14462 CVE-2018-14463 CVE-2018-14464\n CVE-2018-14465 CVE-2018-14466 CVE-2018-14467\n CVE-2018-14468 CVE-2018-14469 CVE-2018-14470\n CVE-2018-14879 CVE-2018-14880 CVE-2018-14881\n CVE-2018-14882 CVE-2018-16227 CVE-2018-16228\n CVE-2018-16229 CVE-2018-16230 CVE-2018-16300\n CVE-2018-16451 CVE-2018-16452 CVE-2019-15166\nDebian Bug : 941698\n\nSeveral vulnerabilities have been discovered in tcpdump, a\ncommand-line network traffic analyzer. These security vulnerabilities\nmight result in denial of service or, potentially, execution of\narbitrary code.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n4.9.3-1~deb8u1.\n\nWe recommend that you upgrade your tcpdump packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2019-10-11T20:27:37", "type": "debian", "title": "[SECURITY] [DLA 1955-1] tcpdump security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16451", "CVE-2018-16452", "CVE-2019-15166"], "modified": "2019-10-11T20:27:37", "id": "DEBIAN:DLA-1955-1:22EE5", "href": "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "almalinux": [{"lastseen": "2021-08-11T15:48:29", "description": "The tcpdump packages contain the tcpdump utility for monitoring network traffic. The tcpdump utility can capture and display the packet headers on a particular network interface or on all interfaces.\n\nThe following packages have been upgraded to a later upstream version: tcpdump (4.9.3). (BZ#1804063)\n\nSecurity Fix(es):\n\n* tcpdump: SMB data printing mishandled (CVE-2018-10103)\n\n* tcpdump: SMB data printing mishandled (CVE-2018-10105)\n\n* tcpdump: Out of bounds read/write in get_next_file() in tcpdump.c (CVE-2018-14879)\n\n* tcpdump: Buffer over-read in ldp_tlv_print() function in print-ldp.c (CVE-2018-14461)\n\n* tcpdump: Buffer over-read in icmp_print() function in print-icmp.c (CVE-2018-14462)\n\n* tcpdump: Buffer over-read in vrrp_print() function in print-vrrp.c (CVE-2018-14463)\n\n* tcpdump: Buffer over-read in lmp_print_data_link_subobjs() function in print-lmp.c (CVE-2018-14464)\n\n* tcpdump: Buffer over-read in rsvp_obj_print() function in print-rsvp.c (CVE-2018-14465)\n\n* tcpdump: Buffer over-read in print-icmp6.c (CVE-2018-14466)\n\n* tcpdump: Buffer over-read in bgp_capabilities_print() in print-bgp.c (CVE-2018-14467)\n\n* tcpdump: Buffer over-read in mfr_print() function in print-fr.c (CVE-2018-14468)\n\n* tcpdump: Buffer over-read in ikev1_n_print() function in print-isakmp.c (CVE-2018-14469)\n\n* tcpdump: Buffer over-read in babel_print_v2() in print-babel.c (CVE-2018-14470)\n\n* tcpdump: Buffer over-read in ospf6_print_lshdr() function in print-ospf6.c (CVE-2018-14880)\n\n* tcpdump: Buffer over-read in bgp_capabilities_print() function in print-bgp.c (CVE-2018-14881)\n\n* tcpdump: Buffer over-read in function rpl_dio_printopt in print-icmp6.c (CVE-2018-14882)\n\n* tcpdump: Buffer over-read in print-802_11.c (CVE-2018-16227)\n\n* tcpdump: Access to uninitialized buffer in print_prefix() function in print-hncp.c (CVE-2018-16228)\n\n* tcpdump: Buffer over-read in dccp_print_option() function in print-dccp.c (CVE-2018-16229)\n\n* tcpdump: Buffer over-read in bgp_attr_print() function in print-bgp.c (CVE-2018-16230)\n\n* tcpdump: Resource exhaustion in bgp_attr_print() function in print-bgp.c (CVE-2018-16300)\n\n* tcpdump: Buffer over-read in print_trans() function in print-smb.c (CVE-2018-16451)\n\n* tcpdump: Resource exhaustion in smb_fdata() funtion in smbutil.c (CVE-2018-16452)\n\n* tcpdump: Buffer overflow in lmp_print_data_link_subobjs() in print-lmp.c (CVE-2019-15166)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-03T12:33:49", "type": "almalinux", "title": "Moderate: tcpdump security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16451", "CVE-2018-16452", "CVE-2019-15166"], "modified": "2021-08-11T13:42:14", "id": "ALSA-2020:4760", "href": "https://errata.almalinux.org/8/ALSA-2020-4760.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2023-11-28T06:41:04", "description": "The tcpdump packages contain the tcpdump utility for monitoring network traffic. The tcpdump utility can capture and display the packet headers on a particular network interface or on all interfaces.\n\nThe following packages have been upgraded to a later upstream version: tcpdump (4.9.3). (BZ#1804063)\n\nSecurity Fix(es):\n\n* tcpdump: SMB data printing mishandled (CVE-2018-10103)\n\n* tcpdump: SMB data printing mishandled (CVE-2018-10105)\n\n* tcpdump: Out of bounds read/write in get_next_file() in tcpdump.c (CVE-2018-14879)\n\n* tcpdump: Buffer over-read in ldp_tlv_print() function in print-ldp.c (CVE-2018-14461)\n\n* tcpdump: Buffer over-read in icmp_print() function in print-icmp.c (CVE-2018-14462)\n\n* tcpdump: Buffer over-read in vrrp_print() function in print-vrrp.c (CVE-2018-14463)\n\n* tcpdump: Buffer over-read in lmp_print_data_link_subobjs() function in print-lmp.c (CVE-2018-14464)\n\n* tcpdump: Buffer over-read in rsvp_obj_print() function in print-rsvp.c (CVE-2018-14465)\n\n* tcpdump: Buffer over-read in print-icmp6.c (CVE-2018-14466)\n\n* tcpdump: Buffer over-read in bgp_capabilities_print() in print-bgp.c (CVE-2018-14467)\n\n* tcpdump: Buffer over-read in mfr_print() function in print-fr.c (CVE-2018-14468)\n\n* tcpdump: Buffer over-read in ikev1_n_print() function in print-isakmp.c (CVE-2018-14469)\n\n* tcpdump: Buffer over-read in babel_print_v2() in print-babel.c (CVE-2018-14470)\n\n* tcpdump: Buffer over-read in ospf6_print_lshdr() function in print-ospf6.c (CVE-2018-14880)\n\n* tcpdump: Buffer over-read in bgp_capabilities_print() function in print-bgp.c (CVE-2018-14881)\n\n* tcpdump: Buffer over-read in function rpl_dio_printopt in print-icmp6.c (CVE-2018-14882)\n\n* tcpdump: Buffer over-read in print-802_11.c (CVE-2018-16227)\n\n* tcpdump: Access to uninitialized buffer in print_prefix() function in print-hncp.c (CVE-2018-16228)\n\n* tcpdump: Buffer over-read in dccp_print_option() function in print-dccp.c (CVE-2018-16229)\n\n* tcpdump: Buffer over-read in bgp_attr_print() function in print-bgp.c (CVE-2018-16230)\n\n* tcpdump: Resource exhaustion in bgp_attr_print() function in print-bgp.c (CVE-2018-16300)\n\n* tcpdump: Buffer over-read in print_trans() function in print-smb.c (CVE-2018-16451)\n\n* tcpdump: Resource exhaustion in smb_fdata() funtion in smbutil.c (CVE-2018-16452)\n\n* tcpdump: Buffer overflow in lmp_print_data_link_subobjs() in print-lmp.c (CVE-2019-15166)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2020-11-03T12:33:49", "type": "redhat", "title": "(RHSA-2020:4760) Moderate: tcpdump security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16451", "CVE-2018-16452", "CVE-2019-15166"], "modified": "2020-11-04T00:05:56", "id": "RHSA-2020:4760", "href": "https://access.redhat.com/errata/RHSA-2020:4760", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T06:41:04", "description": "Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Container Storage provisions a multicloud data management service with an S3 compatible API.\n\nThese updated images include numerous security fixes, bug fixes, and enhancements. \n\nSecurity Fix(es):\n\n* nodejs-node-forge: prototype pollution via the util.setPath function (CVE-2020-7720)\n\n* nodejs-json-bigint: Prototype pollution via `__proto__` assignment could result in DoS (CVE-2020-8237)\n\n* golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)\n\n* golang: data race in certain net/http servers including ReverseProxy can lead to DoS (CVE-2020-15586)\n\n* golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (CVE-2020-16845)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nUsers are directed to the Red Hat OpenShift Container Storage Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_container_storage/4.6/html/4.6_release_notes/index\n\nAll Red Hat OpenShift Container Storage users are advised to upgrade to\nthese updated images.", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2020-12-17T05:33:21", "type": "redhat", "title": "(RHSA-2020:5605) Moderate: Red Hat OpenShift Container Storage 4.6.0 security, bug fix, enhancement update", "bulletinFamily": "unix", "cvss2": {"baseSeverity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16451", "CVE-2018-16452", "CVE-2018-20843", "CVE-2019-11068", "CVE-2019-13050", "CVE-2019-13627", "CVE-2019-14889", "CVE-2019-15165", "CVE-2019-15166", "CVE-2019-1551", "CVE-2019-15903", "CVE-2019-16168", "CVE-2019-16935", "CVE-2019-18197", "CVE-2019-18609", "CVE-2019-19221", "CVE-2019-19906", "CVE-2019-19956", "CVE-2019-20218", "CVE-2019-20387", "CVE-2019-20388", "CVE-2019-20454", "CVE-2019-20807", "CVE-2019-20907", "CVE-2019-20916", "CVE-2019-5018", "CVE-2019-8625", "CVE-2019-8710", "CVE-2019-8720", "CVE-2019-8743", "CVE-2019-8764", "CVE-2019-8766", "CVE-2019-8769", "CVE-2019-8771", "CVE-2019-8782", "CVE-2019-8783", "CVE-2019-8808", "CVE-2019-8811", "CVE-2019-8812", "CVE-2019-8813", "CVE-2019-8814", "CVE-2019-8815", "CVE-2019-8816", "CVE-2019-8819", "CVE-2019-8820", "CVE-2019-8823", "CVE-2019-8835", "CVE-2019-8844", "CVE-2019-8846", "CVE-2020-10018", "CVE-2020-10029", "CVE-2020-11793", "CVE-2020-13630", "CVE-2020-13631", "CVE-2020-13632", "CVE-2020-14019", "CVE-2020-14040", "CVE-2020-14382", "CVE-2020-14391", "CVE-2020-14422", "CVE-2020-15503", "CVE-2020-15586", "CVE-2020-16845", "CVE-2020-1730", "CVE-2020-1751", "CVE-2020-1752", "CVE-2020-25660", "CVE-2020-3862", "CVE-2020-3864", "CVE-2020-3865", "CVE-2020-3867", "CVE-2020-3868", "CVE-2020-3885", "CVE-2020-3894", "CVE-2020-3895", "CVE-2020-3897", "CVE-2020-3899", "CVE-2020-3900", "CVE-2020-3901", "CVE-2020-3902", "CVE-2020-6405", "CVE-2020-7595", "CVE-2020-7720", "CVE-2020-8177", "CVE-2020-8237", "CVE-2020-8492", "CVE-2020-9327", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850", "CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925"], "modified": "2020-12-17T05:36:03", "id": "RHSA-2020:5605", "href": "https://access.redhat.com/errata/RHSA-2020:5605", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T06:40:56", "description": "OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.\n\nThis advisory contains the following OpenShift Virtualization 2.6.0 images:\n\nRHEL-8-CNV-2.6\n==============\nkubevirt-cpu-node-labeller-container-v2.6.0-5\nkubevirt-cpu-model-nfd-plugin-container-v2.6.0-5\nnode-maintenance-operator-container-v2.6.0-13\nkubevirt-vmware-container-v2.6.0-5\nvirtio-win-container-v2.6.0-5\nkubevirt-kvm-info-nfd-plugin-container-v2.6.0-5\nbridge-marker-container-v2.6.0-9\nkubevirt-template-validator-container-v2.6.0-9\nkubevirt-v2v-conversion-container-v2.6.0-6\nkubemacpool-container-v2.6.0-13\nkubevirt-ssp-operator-container-v2.6.0-40\nhyperconverged-cluster-webhook-container-v2.6.0-73\nhyperconverged-cluster-operator-container-v2.6.0-73\novs-cni-plugin-container-v2.6.0-10\ncnv-containernetworking-plugins-container-v2.6.0-10\novs-cni-marker-container-v2.6.0-10\ncluster-network-addons-operator-container-v2.6.0-16\nhostpath-provisioner-container-v2.6.0-11\nhostpath-provisioner-operator-container-v2.6.0-14\nvm-import-virtv2v-container-v2.6.0-21\nkubernetes-nmstate-handler-container-v2.6.0-19\nvm-import-controller-container-v2.6.0-21\nvm-import-operator-container-v2.6.0-21\nvirt-api-container-v2.6.0-111\nvirt-controller-container-v2.6.0-111\nvirt-handler-container-v2.6.0-111\nvirt-operator-container-v2.6.0-111\nvirt-launcher-container-v2.6.0-111\ncnv-must-gather-container-v2.6.0-54\nvirt-cdi-importer-container-v2.6.0-24\nvirt-cdi-cloner-container-v2.6.0-24\nvirt-cdi-controller-container-v2.6.0-24\nvirt-cdi-uploadserver-container-v2.6.0-24\nvirt-cdi-apiserver-container-v2.6.0-24\nvirt-cdi-uploadproxy-container-v2.6.0-24\nvirt-cdi-operator-container-v2.6.0-24\nhco-bundle-registry-container-v2.6.0-582\n\nSecurity Fix(es):\n\n* golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283)\n\n* golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference (CVE-2020-29652)\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)\n\n* golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)\n\n* golang: data race in certain net/http servers including ReverseProxy can lead to DoS (CVE-2020-15586)\n\n* golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (CVE-2020-16845)\n\n* jwt-go: access restriction bypass vulnerability (CVE-2020-26160)\n\n* golang-github-gorilla-websocket: integer overflow leads to denial of service (CVE-2020-27813)\n\n* golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362)\n\n* containernetworking-cni: Arbitrary path injection via type field in CNI configuration (CVE-2021-20206)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-03-10T08:47:39", "type": "redhat", "title": "(RHSA-2021:0799) Moderate: OpenShift Virtualization 2.6.0 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"baseSeverity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16451", "CVE-2018-16452", "CVE-2018-20843", "CVE-2019-11068", "CVE-2019-13050", "CVE-2019-13627", "CVE-2019-14559", "CVE-2019-14889", "CVE-2019-15165", "CVE-2019-15166", "CVE-2019-15903", "CVE-2019-16168", "CVE-2019-16935", "CVE-2019-17450", "CVE-2019-18197", "CVE-2019-19221", "CVE-2019-19906", "CVE-2019-19956", "CVE-2019-20218", "CVE-2019-20387", "CVE-2019-20388", "CVE-2019-20454", "CVE-2019-20807", "CVE-2019-20907", "CVE-2019-20916", "CVE-2019-5018", "CVE-2019-8625", "CVE-2019-8710", "CVE-2019-8720", "CVE-2019-8743", "CVE-2019-8764", "CVE-2019-8766", "CVE-2019-8769", "CVE-2019-8771", "CVE-2019-8782", "CVE-2019-8783", "CVE-2019-8808", "CVE-2019-8811", "CVE-2019-8812", "CVE-2019-8813", "CVE-2019-8814", "CVE-2019-8815", "CVE-2019-8816", "CVE-2019-8819", "CVE-2019-8820", "CVE-2019-8823", "CVE-2019-8835", "CVE-2019-8844", "CVE-2019-8846", "CVE-2020-10018", "CVE-2020-10029", "CVE-2020-11793", "CVE-2020-12321", "CVE-2020-12400", "CVE-2020-12403", "CVE-2020-13630", "CVE-2020-13631", "CVE-2020-13632", "CVE-2020-14040", "CVE-2020-14351", "CVE-2020-14382", "CVE-2020-14391", "CVE-2020-14422", "CVE-2020-15503", "CVE-2020-15586", "CVE-2020-15999", "CVE-2020-16845", "CVE-2020-1730", "CVE-2020-1751", "CVE-2020-1752", "CVE-2020-1971", "CVE-2020-24659", "CVE-2020-25681", "CVE-2020-25682", "CVE-2020-25683", "CVE-2020-25684", "CVE-2020-25685", "CVE-2020-25686", "CVE-2020-25687", "CVE-2020-25705", "CVE-2020-26160", "CVE-2020-27813", "CVE-2020-28362", "CVE-2020-29652", "CVE-2020-29661", "CVE-2020-3862", "CVE-2020-3864", "CVE-2020-3865", "CVE-2020-3867", "CVE-2020-3868", "CVE-2020-3885", "CVE-2020-3894", "CVE-2020-3895", "CVE-2020-3897", "CVE-2020-3899", "CVE-2020-3900", "CVE-2020-3901", "CVE-2020-3902", "CVE-2020-6405", "CVE-2020-6829", "CVE-2020-7595", "CVE-2020-8492", "CVE-2020-8619", "CVE-2020-8622", "CVE-2020-8623", "CVE-2020-8624", "CVE-2020-9283", "CVE-2020-9327", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850", "CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925", "CVE-2021-20206", "CVE-2021-3121", "CVE-2021-3156"], "modified": "2021-03-10T08:48:38", "id": "RHSA-2021:0799", "href": "https://access.redhat.com/errata/RHSA-2021:0799", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-11-28T06:40:56", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.7.0. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHSA-2020:5634\n\nSpace precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nYou may download the oc tool and use it to inspect release image metadata as follows:\n\n(For x86_64 architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.0-x86_64\n\nThe image digest is sha256:d74b1cfa81f8c9cc23336aee72d8ae9c9905e62c4874b071317a078c316f8a70\n\n(For s390x architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.0-s390x\n\nThe image digest is sha256:a68ca03d87496ddfea0ac26b82af77231583a58a7836b95de85efe5e390ad45d\n\n(For ppc64le architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.0-ppc64le\n\nThe image digest is sha256:bc7b04e038c8ff3a33b827f4ee19aa79b26e14c359a7dcc1ced9f3b58e5f1ac6\n\nAll OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor.\n\nSecurity Fix(es):\n\n* crewjam/saml: authentication bypass in saml authentication (CVE-2020-27846)\n\n* golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference (CVE-2020-29652)\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)\n\n* nodejs-y18n: prototype pollution vulnerability (CVE-2020-7774)\n\n* kubernetes: Secret leaks in kube-controller-manager when using vSphere Provider (CVE-2020-8563)\n\n* containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters (CVE-2020-10749)\n\n* heketi: gluster-block volume password details available in logs (CVE-2020-10763)\n\n* golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)\n\n* jwt-go: access restriction bypass vulnerability (CVE-2020-26160)\n\n* golang-github-gorilla-websocket: integer overflow leads to denial of service (CVE-2020-27813)\n\n* golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-02-24T14:49:26", "type": "redhat", "title": "(RHSA-2020:5633) Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"baseSeverity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14553", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16451", "CVE-2018-16452", "CVE-2018-20843", "CVE-2019-11068", "CVE-2019-12614", "CVE-2019-13050", "CVE-2019-13225", "CVE-2019-13627", "CVE-2019-14889", "CVE-2019-15165", "CVE-2019-15166", "CVE-2019-15903", "CVE-2019-15917", "CVE-2019-15925", "CVE-2019-16167", "CVE-2019-16168", "CVE-2019-16231", "CVE-2019-16233", "CVE-2019-16935", "CVE-2019-17450", "CVE-2019-17546", "CVE-2019-18197", "CVE-2019-18808", "CVE-2019-18809", "CVE-2019-19046", "CVE-2019-19056", "CVE-2019-19062", "CVE-2019-19063", "CVE-2019-19068", "CVE-2019-19072", "CVE-2019-19221", "CVE-2019-19319", "CVE-2019-19332", "CVE-2019-19447", "CVE-2019-19524", "CVE-2019-19533", "CVE-2019-19537", "CVE-2019-19543", "CVE-2019-19602", "CVE-2019-19767", "CVE-2019-19770", "CVE-2019-19906", "CVE-2019-19956", "CVE-2019-20054", "CVE-2019-20218", "CVE-2019-20386", "CVE-2019-20387", "CVE-2019-20388", "CVE-2019-20454", "CVE-2019-20636", "CVE-2019-20807", "CVE-2019-20812", "CVE-2019-20907", "CVE-2019-20916", "CVE-2019-3884", "CVE-2019-5018", "CVE-2019-6977", "CVE-2019-6978", "CVE-2019-8625", "CVE-2019-8710", "CVE-2019-8720", "CVE-2019-8743", "CVE-2019-8764", "CVE-2019-8766", "CVE-2019-8769", "CVE-2019-8771", "CVE-2019-8782", "CVE-2019-8783", "CVE-2019-8808", "CVE-2019-8811", "CVE-2019-8812", "CVE-2019-8813", "CVE-2019-8814", "CVE-2019-8815", "CVE-2019-8816", "CVE-2019-8819", "CVE-2019-8820", "CVE-2019-8823", "CVE-2019-8835", "CVE-2019-8844", "CVE-2019-8846", "CVE-2019-9455", "CVE-2019-9458", "CVE-2020-0305", "CVE-2020-0444", "CVE-2020-10018", "CVE-2020-10029", "CVE-2020-10732", "CVE-2020-10749", "CVE-2020-10751", "CVE-2020-10763", "CVE-2020-10773", "CVE-2020-10774", "CVE-2020-10942", "CVE-2020-11565", "CVE-2020-11668", "CVE-2020-11793", "CVE-2020-12465", "CVE-2020-12655", "CVE-2020-12659", "CVE-2020-12770", "CVE-2020-12826", "CVE-2020-13249", "CVE-2020-13630", "CVE-2020-13631", "CVE-2020-13632", "CVE-2020-14019", "CVE-2020-14040", "CVE-2020-14381", "CVE-2020-14382", "CVE-2020-14391", "CVE-2020-14422", "CVE-2020-15157", "CVE-2020-15503", "CVE-2020-15862", "CVE-2020-15999", "CVE-2020-16166", "CVE-2020-1716", "CVE-2020-1730", "CVE-2020-1751", "CVE-2020-1752", "CVE-2020-1971", "CVE-2020-24490", "CVE-2020-24659", "CVE-2020-25211", "CVE-2020-25641", "CVE-2020-25658", "CVE-2020-25661", "CVE-2020-25662", "CVE-2020-25681", "CVE-2020-25682", "CVE-2020-25683", "CVE-2020-25684", "CVE-2020-25685", "CVE-2020-25686", "CVE-2020-25687", "CVE-2020-25694", "CVE-2020-25696", "CVE-2020-2574", "CVE-2020-26160", "CVE-2020-2752", "CVE-2020-27813", "CVE-2020-27846", "CVE-2020-28362", "CVE-2020-2922", "CVE-2020-29652", "CVE-2020-3862", "CVE-2020-3864", "CVE-2020-3865", "CVE-2020-3867", "CVE-2020-3868", "CVE-2020-3885", "CVE-2020-3894", "CVE-2020-3895", "CVE-2020-3897", "CVE-2020-3898", "CVE-2020-3899", "CVE-2020-3900", "CVE-2020-3901", "CVE-2020-3902", "CVE-2020-6405", "CVE-2020-7595", "CVE-2020-7774", "CVE-2020-8177", "CVE-2020-8492", "CVE-2020-8563", "CVE-2020-8566", "CVE-2020-8619", "CVE-2020-8622", "CVE-2020-8623", "CVE-2020-8624", "CVE-2020-8647", "CVE-2020-8648", "CVE-2020-8649", "CVE-2020-9327", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850", "CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925", "CVE-2021-2007", "CVE-2021-26539", "CVE-2021-3121"], "modified": "2021-03-02T01:56:45", "id": "RHSA-2020:5633", "href": "https://access.redhat.com/errata/RHSA-2020:5633", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "ibm": [{"lastseen": "2023-02-24T01:36:42", "description": "## Summary\n\nThere are vulnerabilities in tcpdump that affect AIX.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2018-16451](<https://vulners.com/cve/CVE-2018-16451>) \n**DESCRIPTION: **The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168301](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168301>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n**CVEID: **[CVE-2018-16452](<https://vulners.com/cve/CVE-2018-16452>) \n**DESCRIPTION: **The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168300](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168300>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2018-16230](<https://vulners.com/cve/CVE-2018-16230>) \n**DESCRIPTION: **The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI). \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168307>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n \n**CVEID: **[CVE-2019-15166](<https://vulners.com/cve/CVE-2019-15166>) \n**DESCRIPTION: **lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168299](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168299>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2018-14879](<https://vulners.com/cve/CVE-2018-14879>) \n**DESCRIPTION: **The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file(). \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168302](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168302>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H)\n\n \n**CVEID: **[CVE-2018-16228](<https://vulners.com/cve/CVE-2018-16228>) \n**DESCRIPTION: **The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix(). \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168309](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168309>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2018-16229](<https://vulners.com/cve/CVE-2018-16229>) \n**DESCRIPTION: **The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option(). \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168308](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168308>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n \n**CVEID: **[CVE-2018-16227](<https://vulners.com/cve/CVE-2018-16227>) \n**DESCRIPTION: **The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2018-16300](<https://vulners.com/cve/CVE-2018-16300>) \n**DESCRIPTION: **The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168306](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168306>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n \n**CVEID: **[CVE-2018-14882](<https://vulners.com/cve/CVE-2018-14882>) \n**DESCRIPTION: **The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168311](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168311>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2018-14470](<https://vulners.com/cve/CVE-2018-14470>) \n**DESCRIPTION: **The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2(). \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168314](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168314>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n \n**CVEID: **[CVE-2018-10105](<https://vulners.com/cve/CVE-2018-10105>) \n**DESCRIPTION: **tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2). \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168321](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168321>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2018-14461](<https://vulners.com/cve/CVE-2018-14461>) \n**DESCRIPTION: **The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print(). \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168320](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168320>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n \n**CVEID: **[CVE-2018-10103](<https://vulners.com/cve/CVE-2018-10103>) \n**DESCRIPTION: **tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2). \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168670](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168670>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2019-15167](<https://vulners.com/cve/CVE-2019-15167>) \n**DESCRIPTION: **Tcpdump is vulnerable to a buffer overflow, caused by improper bounds checking by the lmp_print_data_link_subobjs function in print-lmp.c. By sending specially-crafted data, a remote attacker could overflow a buffer and cause the application to crash. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168671](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168671>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n \n**CVEID: **[CVE-2018-14466](<https://vulners.com/cve/CVE-2018-14466>) \n**DESCRIPTION: **The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert(). \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168317](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168317>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2018-14469](<https://vulners.com/cve/CVE-2018-14469>) \n**DESCRIPTION: **The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print(). \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168315](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168315>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n \n**CVEID: **[CVE-2018-14468](<https://vulners.com/cve/CVE-2018-14468>) \n**DESCRIPTION: **The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print(). \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168316](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168316>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2018-14881](<https://vulners.com/cve/CVE-2018-14881>) \n**DESCRIPTION: **The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART). \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168312](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168312>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n \n**CVEID: **[CVE-2018-14462](<https://vulners.com/cve/CVE-2018-14462>) \n**DESCRIPTION: **The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print(). \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168319](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168319>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2018-14880](<https://vulners.com/cve/CVE-2018-14880>) \n**DESCRIPTION: **The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr(). \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168313](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168313>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n \n**CVEID: **[CVE-2018-14465](<https://vulners.com/cve/CVE-2018-14465>) \n**DESCRIPTION: **The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print(). \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168318](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168318>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2018-14467](<https://vulners.com/cve/CVE-2018-14467>) \n**DESCRIPTION: **The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP). \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/169829](<https://exchange.xforce.ibmcloud.com/vulnerabilities/169829>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n \n**CVEID: **[CVE-2018-14463](<https://vulners.com/cve/CVE-2018-14463>) \n**DESCRIPTION: **The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print(). \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/169827](<https://exchange.xforce.ibmcloud.com/vulnerabilities/169827>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2018-14464](<https://vulners.com/cve/CVE-2018-14464>) \n**DESCRIPTION: **The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs(). \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/169828](<https://exchange.xforce.ibmcloud.com/vulnerabilities/169828>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n**CVEID: **[CVE-2017-16808](<https://vulners.com/cve/CVE-2017-16808>) \n**DESCRIPTION: **tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/169828>)<https://exchange.xforce.ibmcloud.com/vulnerabilities/134999> for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nAIX | 7.1 \nAIX | 7.2 \nVIOS | 2.2 \nVIOS | 3.1 \n \nThe following fileset levels are vulnerable:\n\nFileset | Lower Level | Upper Level \n---|---|--- \nbos.net.tcp.server | 6.1.9.0 | 6.1.9.401 \nbos.net.tcp.server | 7.1.5.0 | 7.1.5.32 \nbos.net.tcp.tcpdump | 7.2.2.0 | 7.2.2.17 \nbos.net.tcp.tcpdump | 7.2.3.0 | 7.2.3.16 \nbos.net.tcp.tcpdump | 7.2.4.0 | \n\n7.2.4.0 \n \nTo find out whether the affected filesets are installed on your systems, refer to the lslpp command found in AIX user's guide.\n\nExample: lslpp -L | grep -i bos.net.tcp.server\n\n## Remediation/Fixes\n\nA. APARS\n\nIBM has assigned the following APARs to this problem:\n\nAIX Level APAR Availability SP KEY \n\\----------------------------------------------------- \n7.1.5 IJ20783 ** SP06-2015 key_w_apar \n7.2.2 IJ20784 ** SP06-2016 key_w_apar \n7.2.3 IJ20785 ** SP05-2016 key_w_apar \n7.2.4 IJ20786 ** SP02-2015 key_w_apar\n\nVIOS Level APAR Availability SP KEY \n\\---------------------------------------------------- \n2.2.6 IJ20781 ** 2.2.6.60 key_w_apar \n3.1.0 IJ20785 ** 3.1.0.40 key_w_apar \n3.1.1 IJ20786 ** 3.1.1.20 key_w_apar\n\nSubscribe to the APARs here:\n\nhttp://www.ibm.com/support/docview.wss?uid=isg1IJ20781 \nhttp://www.ibm.com/support/docview.wss?uid=isg1IJ20783 \nhttp://www.ibm.com/support/docview.wss?uid=isg1IJ20784 \nhttp://www.ibm.com/support/docview.wss?uid=isg1IJ20785 \nhttp://www.ibm.com/support/docview.wss?uid=isg1IJ20786\n\nhttps://www.ibm.com/support/docview.wss?uid=isg1IJ20781 \nhttps://www.ibm.com/support/docview.wss?uid=isg1IJ20783 \nhttps://www.ibm.com/support/docview.wss?uid=isg1IJ20784 \nhttps://www.ibm.com/support/docview.wss?uid=isg1IJ20785 \nhttps://www.ibm.com/support/docview.wss?uid=isg1IJ20786\n\nBy subscribing, you will receive periodic email alerting you to the status of the APAR, and a link to download the fix once it becomes available.\n\nB. FIXES\n\nAIX and VIOS fixes are available.\n\nThe AIX and VIOS fixes can be downloaded via ftp or http from:\n\nftp://aix.software.ibm.com/aix/efixes/security/tcpdump_fix5.tar \nhttp://aix.software.ibm.com/aix/efixes/security/tcpdump_fix5.tar \nhttps://aix.software.ibm.com/aix/efixes/security/tcpdump_fix5.tar \n\nThe link above is to a tar file containing this signed advisory, fix packages, and OpenSSL signatures for each package. The fixes below include prerequisite checking. This will enforce the correct mapping between the fixes and AIX Technology Levels.\n\nAIX Level Interim Fix (*.Z) KEY \n\\---------------------------------------------- \n7.1.5.3 IJ20783s5a.191115.epkg.Z key_w_fix \n7.1.5.4 IJ20783s4a.191118.epkg.Z key_w_fix \n7.1.5.5 IJ20783s5a.191115.epkg.Z key_w_fix \n7.2.2.2 IJ20784s2a.191118.epkg.Z key_w_fix \n7.2.2.3 IJ20784s3a.191118.epkg.Z key_w_fix \n7.2.2.4 IJ20784s4a.191115.epkg.Z key_w_fix \n7.2.3.1 IJ20785s1a.191120.epkg.Z key_w_fix \n7.2.3.2 IJ20785s2a.191119.epkg.Z key_w_fix \n7.2.3.3 IJ20785s3a.191115.epkg.Z key_w_fix\n\n7.2.3.4 IJ20785s3a.191115.epkg.Z key_w_fix \n7.2.4.0 IJ20786s1a.191120.epkg.Z key_w_fix \n7.2.4.1 IJ20786s1a.191120.epkg.Z key_w_fix \n \nPlease note that the above table refers to AIX TL/SP level as opposed to fileset level, i.e., 7.2.2.3 is AIX 7200-02-03.\n\nPlease reference the Affected Products and Version section above for help with checking installed fileset levels.\n\nVIOS Level Interim Fix (*.Z) KEY \n\\----------------------------------------------- \n2.2.6.31 IJ20781sCc.191121.epkg.Z key_w_fix \n2.2.6.32 IJ20781sCd.191121.epkg.Z key_w_fix \n2.2.6.40 IJ20781sDa.191121.epkg.Z key_w_fix \n2.2.6.41 IJ20781sDb.191121.epkg.Z key_w_fix \n2.2.6.50 IJ20781sEa.191121.epkg.Z key_w_fix \n3.1.0.0 IJ20785s2a.191119.epkg.Z key_w_fix \n3.1.0.10 IJ20785s2a.191119.epkg.Z key_w_fix \n3.1.0.20 IJ20785s3a.191115.epkg.Z key_w_fix\n\n3.1.0.30 IJ20785s3a.191115.epkg.Z key_w_fix \n3.1.1.0 IJ20786s1a.191120.epkg.Z key_w_fix \n3.1.1.10 IJ20786s1a.191120.epkg.Z key_w_fix\n\nTo extract the fixes from the tar file:\n\n \ntar xvf tcpdump_fix5.tar \ncd tcpdump_fix5\n\nVerify you have retrieved the fixes intact:\n\n \nThe checksums below were generated using the \"openssl dgst -sha256 [filename]\" command as the following:\n\nopenssl dgst -sha256 filename KEY \n\\----------------------------------------------------------------------------------------------------- \ne8fc68fe0311cd3fe84b29b0a9eda6144d0ddd01f4e4c6326c5d55712a338b88 IJ20781sCc.191121.epkg.Z key_w_csum \ne4da84993d82493efa11b788b31d06fcdddd52fd9b54ec5b9d290a85f1de916c IJ20781sCd.191121.epkg.Z key_w_csum \n677a27573e419c6060ea0338c37e2bae9989b91fabb5250c8dd8c9145332b016 IJ20781sDa.191121.epkg.Z key_w_csum \n0a3fac5dd8eea545edd5de813cdcaaedaca88cbf5b1fcd1941271540c3c7424a IJ20781sDb.191121.epkg.Z key_w_csum \n2970c0240a28f249431988fd9d4b6f37698c132db83174340d1aa5fe496a2ae0 IJ20781sEa.191121.epkg.Z key_w_csum \n71ef56bd120efb3e8cb0ebda33eed1600a38d3f5b65325b68de1b861d7f3b113 IJ20783s3a.191118.epkg.Z key_w_csum \n1c86e9cc304c2a7a833dbd92eaf11eb7f575047b27dfe2cca59c52ee7d43d39a IJ20783s4a.191118.epkg.Z key_w_csum \nfdd81d76ffdb700959bb77a2419c7a979a86f0c1eed8a21b7d6a4a3b2ceb885b IJ20783s5a.191115.epkg.Z key_w_csum \n731c8b73993d94ca74bee8f7fbde9a79cc7e42db87a60aa0c9a9a49b18273382 IJ20784s2a.191118.epkg.Z key_w_csum \n7c4c366ab91a5a7c1f4ad4fe96fba7bad90accfaa585a1fcdb55fb891bf52345 IJ20784s3a.191118.epkg.Z key_w_csum \nfdcbe85e363e5617abdfb0a0ac4a9bbb5501d133c0eaac72d8a52c6cbf1c6dbe IJ20784s4a.191115.epkg.Z key_w_csum \n278cf7ac32a11322166d641d49ccf584d17dda5d6b507629fcd69bcf61d72b64 IJ20785s1a.191120.epkg.Z key_w_csum \n1346d26230f9725a459b46368108489bfbc3a73d4e71e3b14ca9922e995e9b39 IJ20785s2a.191119.epkg.Z key_w_csum \n51c6fca2564d8bdd4476cc465c2fd22019fb66a87db490a306c17cd4cdd38384 IJ20785s3a.191115.epkg.Z key_w_csum \n20651d1763eed7a3fe4eb83f5ff0428f5f49cc7be1d2de1b6489a39ab2b5daa9 IJ20786s1a.191120.epkg.Z key_w_csum\n\nThese sums should match exactly. The OpenSSL signatures in the tar file and on this advisory can also be used to verify the integrity of the fixes. If the sums or signatures cannot be confirmed, contact IBM Support at \n\nhttp://ibm.com/support/ and describe the discrepancy. \n\nopenssl dgst -sha1 -verify [pubkey_file] -signature [advisory_file].sig [advisory_file]\n\nopenssl dgst -sha1 -verify [pubkey_file] -signature [ifix_file].sig [ifix_file]\n\nPublished advisory OpenSSL signature file location:\n\nhttp://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory5.asc.sig \nhttps://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory5.asc.sig \nftp://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory5.asc.sig \n\nC. FIX AND INTERIM FIX INSTALLATION\n\nIf possible, it is recommended that a mksysb backup of the system be created. Verify it is both bootable and readable before proceeding.\n\nTo preview a fix installation:\n\ninstallp -a -d fix_name -p all # where fix_name is the name of the \n# fix package being previewed.\n\n \nTo install a fix package:\n\ninstallp -a -d fix_name -X all # where fix_name is the name of the \n# fix package being installed.\n\nInterim fixes have had limited functional and regression testing but not the full regression testing that takes place for Service Packs; however, IBM does fully support them.\n\nInterim fix management documentation can be found at:\n\nhttp://www14.software.ibm.com/webapp/set2/sas/f/aix.efixmgmt/home.html\n\nTo preview an interim fix installation:\n\nemgr -e ipkg_name -p # where ipkg_name is the name of the \n# interim fix package being previewed.\n\nTo install an interim fix package:\n\nemgr -e ipkg_name -X # where ipkg_name is the name of the \n# interim fix package being installed.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-02-26T18:48:40", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in tcpdump affect AIX", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16808", "CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16451", "CVE-2018-16452", "CVE-2019-15166", "CVE-2019-15167"], "modified": "2021-02-26T18:48:40", "id": "19BD9444E195601BE99DC098E9C970C68F2E7A0306271E91599BA5B3726DD8AA", "href": "https://www.ibm.com/support/pages/node/1169974", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "rosalinux": [{"lastseen": "2023-11-28T09:44:57", "description": "Software: tcpdump 4.9.2\nOS: Cobalt 7.9\n \nCVE-ID: CVE-2017-16808\nCVE-Crit: MEDIUM\nCVE-DESC: tcpdump before 4.9.3 has a redundant heap-based buffer read associated with aoe_print in print-aoe.c and lookup_ememem in addrtoname.c. \nCVE-STATUS: default\nCVE-REV: default\n \n \nCVE-ID: CVE-2018-10103\nCVE-Crit: CRITICAL\nCVE-DESC: tcpdump before 4.9.3 does not properly handle SMB data printing (problem 1 of 2). \nCVE-STATUS: Default\nCVE-REV: default\n \n \nCVE-ID: CVE-2018-10105\nCVE-Crit: CRITICAL\nCVE-DESC: tcpdump before 4.9.3 does not properly handle SMB data printing (problem 2 of 2). \nCVE-STATUS: Default\nCVE-REV: default\n \n \nCVE-ID: CVE-2018-14461\nCVE-Crit: HIGH\nCVE-DESC: LDP parser in tcpdump before 4.9.3 has a buffer overflow in print-ldp.c: ldp_tlv_print (). \nCVE-STATUS: default\nCVE-REV: default\n \n \nCVE-ID: CVE-2018-14462\nCVE-Crit: HIGH\nCVE-DESC: ICMP parser in tcpdump before 4.9.3 has a buffer overflow in print-icmp.c: icmp_print (). \nCVE-STATUS: default\nCVE-REV: default\n \n \nCVE-ID: CVE-2018-14462\nCVE-Crit: HIGH\nCVE-DESC: ICMP parser in tcpdump before 4.9.3 has a buffer overflow in print-icmp.c: icmp_print (). \nCVE-STATUS: default\nCVE-REV: default\n \n \nCVE-ID: CVE-2018-14463\nCVE-Crit: HIGH\nCVE-DESC: VRRP parser in tcpdump before 4.9.3 has buffer re-read in print-vrrp.c: vrrrp_print (). \nCVE-STATUS: default\nCVE-REV: default\n \n \nCVE-ID: CVE-2018-14463\nCVE-Crit: HIGH\nCVE-DESC: VRRP parser in tcpdump before 4.9.3 has buffer re-read in print-vrrp.c: vrrrp_print (). \nCVE-STATUS: default\nCVE-REV: default\n \n \nCVE-ID: CVE-2018-14464\nCVE-Crit: HIGH\nCVE-DESC: LMP parser in tcpdump before 4.9.3 has a buffer overflow in print-lmp.c: lmp_print_data_link_subobjs (). \nCVE-STATUS: default\nCVE-REV: default\n \n \nCVE-ID: CVE-2018-14465\nCVE-Crit: HIGH\nCVE-DESC: RSVP parser in tcpdump before 4.9.3 has a buffer reread in print-rsvp.c: rsvp_obj_print (). \nCVE-STATUS: default\nCVE-REV: default\n \n \nCVE-ID: CVE-2018-14465\nCVE-Crit: HIGH\nCVE-DESC: RSVP parser in tcpdump before 4.9.3 has a buffer reread in print-rsvp.c: rsvp_obj_print (). \nCVE-STATUS: default\nCVE-REV: default\n \n \nCVE-ID: CVE-2018-14466\nCVE-Crit: HIGH\nCVE-DESC: Rx analyzer in tcpdump before 4.9.3 has buffer reread in print-rx.c: rx_cache_find () and rx_cache_insert (). \nCVE-STATUS: default\nCVE-REV: default\n \n \nCVE-ID: CVE-2018-14467\nCVE-Crit: HIGH\nCVE-DESC: BGP parser in tcpdump before 4.9.3 has buffer re-read in print-bgp.c: bgp_capabilities_print () (BGP_CAPCODE_MP). \nCVE-STATUS: default\nCVE-REV: default\n \n \nCVE-ID: CVE-2018-14468\nCVE-Crit: HIGH\nCVE-DESC: FRF.16 parser in tcpdump before 4.9.3 has a buffer overflow in print-fr.c: mfr_print (). \nCVE-STATUS: default\nCVE-REV: default\n \n \nCVE-ID: CVE-2018-14469\nCVE-Crit: HIGH\nCVE-DESC: IKEv1 parser in tcpdump before 4.9.3 has a buffer reread in print-isakmp.c: ikev1_n_print (). \nCVE-STATUS: default\nCVE-REV: default\n \n \nCVE-ID: CVE-2018-14469\nCVE-Crit: HIGH\nCVE-DESC: IKEv1 parser in tcpdump before 4.9.3 has a buffer reread in print-isakmp.c: ikev1_n_print (). \nCVE-STATUS: default\nCVE-REV: default\n \n \nCVE-ID: CVE-2018-14470\nCVE-Crit: HIGH\nCVE-DESC: Babel parser in tcpdump before 4.9.3 has a buffer reread in print-babel.c: babel_print_v2 (). \nCVE-STATUS: default\nCVE-REV: default\n \n \nCVE-ID: CVE-2018-14879\nCVE-Crit: HIGH\nCVE-DESC: command line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c: get_next_file (). \nCVE-STATUS: default\nCVE-REV: default\n \n \nCVE-ID: CVE-2018-14880\nCVE-Crit: HIGH\nCVE-DESC: OSPFv3 parser in tcpdump before 4.9.3 has a buffer reread in print-ospf6.c: ospf6_print_lshdr (). \nCVE-STATUS: default\nCVE-REV: default\n \n \nCVE-ID: CVE-2018-14881\nCVE-Crit: HIGH\nCVE-DESC: BGP parser in tcpdump before 4.9.3 has a buffer reread in print-bgp.c: bgp_capabilities_print () (BGP_CAPCODE_RESTART). \nCVE-STATUS: default\nCVE-REV: default\n \n \nCVE-ID: CVE-2018-14882\nCVE-Crit: HIGH\nCVE-DESC: ICMPv6 parser in tcpdump before 4.9.3 has a buffer overflow in print-icmp6.c. \nCVE-STATUS: default\nCVE-REV: default\n \n \nCVE-ID: CVE-2018-14882\nCVE-Crit: HIGH\nCVE-DESC: ICMPv6 parser in tcpdump before 4.9.3 has a buffer overflow in print-icmp6.c. \nCVE-STATUS: default\nCVE-REV: default\n \n \nCVE-ID: CVE-2018-16300\nCVE-Crit: HIGH\nCVE-DESC: BGP parser in tcpdump before 4.9.3 allows stack usage in print-bgp.c: bgp_attr_print () due to unrestricted recursion. \nCVE-STATUS: default\nCVE-REV: default\n \n \nCVE-ID: CVE-2018-16452\nCVE-Crit: HIGH\nCVE-DESC: SMB analyzer in tcpdump before 4.9.3 has stack exhaustion in smbutil.c: smb_fdata () due to recursion. \nCVE-STATUS: default\nCVE-REV: default\n \n \nCVE-ID: CVE-2018-16227\nCVE-Crit: HIGH\nCVE-DESC: IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer reread in print-802_11.c for the Mesh Flags subfield. \nCVE-STATUS: default\nCVE-REV: default\n \n \nCVE-ID: CVE-2018-16228\nCVE-Crit: HIGH\nCVE-DESC: HNCP parser in tcpdump before 4.9.3 has a buffer reread in print-hncp.c: print_prefix (). \nCVE-STATUS: default\nCVE-REV: default\n \n \nCVE-ID: CVE-2018-16229\nCVE-Crit: HIGH\nCVE-DESC: The DCCP parser in tcpdump before 4.9.3 has a buffer overflow in print-dccp.c: dccp_print_option (). \nCVE-STATUS: default\nCVE-REV: default\n \n \nCVE-ID: CVE-2018-16229\nCVE-Crit: HIGH\nCVE-DESC: The DCCP parser in tcpdump before 4.9.3 has a buffer overflow in print-dccp.c: dccp_print_option (). \nCVE-STATUS: default\nCVE-REV: default\n \n \nCVE-ID: CVE-2018-16230\nCVE-Crit: HIGH\nCVE-DESC: BGP parser in tcpdump before 4.9.3 has buffer re-read in print-bgp.c: bgp_attr_print () (MP_REACH_NLRI). \nCVE-STATUS: default\nCVE-REV: default\n \n \nCVE-ID: CVE-2018-16451\nCVE-Crit: HIGH\nCVE-DESC: SMB analyzer in tcpdump before 4.9.3 has redundant buffer reads in print-smb.c: print_trans () for \\ MAILSLOT \\ BROWSE and \\ PIPE \\ LANMAN. \nCVE-STATUS: Default\nCVE-REV: Default\n \n \nCVE-ID: CVE-2019-1010220\nCVE-Crit: LOW\nCVE-DESC: tcpdump.org The following affects tcpdump 4.9.2: CWE-126: buffer overflow. Consequences are as follows: the stack may show a stored frame pointer, return address, etc. D. Component: line 234: \"ND_PRINT ((ndo,\"% s \", buf));\" in a function named \"print_prefix\" in \"print-hncp.c\". Attack vector: the victim must open a specially crafted pcap file. \nCVE-STATUS: default\nCVE-REV: default\n \n \nCVE-ID: CVE-2019-15166\nCVE-Crit: HIGH\nCVE-DESC: lmp_print_data_link_subobjs () in print-lmp.c in tcpdump before 4.9.3 has no defined bounds checks. \nCVE-STATUS: default\nCVE-REV: default\n \n\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-07-02T18:15:22", "type": "rosalinux", "title": "Advisory ROSA-SA-2021-1985", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16808", "CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16451", "CVE-2018-16452", "CVE-2019-1010220", "CVE-2019-15166"], "modified": "2021-07-02T18:15:22", "id": "ROSA-SA-2021-1985", "href": "https://abf.rosalinux.ru/advisories/ROSA-SA-2021-1985", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2021-07-28T14:25:02", "description": "[14:4.9.3-1]\n- Resolves: #1804063 - Rebase tcpdump to 4.9.3 to fix multiple CVEs", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-10T00:00:00", "type": "oraclelinux", "title": "tcpdump security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16451", "CVE-2018-16452", "CVE-2019-15166"], "modified": "2020-11-10T00:00:00", "id": "ELSA-2020-4760", "href": "http://linux.oracle.com/errata/ELSA-2020-4760.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "rocky": [{"lastseen": "2023-11-27T23:28:17", "description": "An update is available for tcpdump.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list\nThe tcpdump packages contain the tcpdump utility for monitoring network traffic. The tcpdump utility can capture and display the packet headers on a particular network interface or on all interfaces.\n\nThe following packages have been upgraded to a later upstream version: tcpdump (4.9.3). (BZ#1804063)\n\nSecurity Fix(es):\n\n* tcpdump: SMB data printing mishandled (CVE-2018-10103)\n\n* tcpdump: SMB data printing mishandled (CVE-2018-10105)\n\n* tcpdump: Out of bounds read/write in get_next_file() in tcpdump.c (CVE-2018-14879)\n\n* tcpdump: Buffer over-read in ldp_tlv_print() function in print-ldp.c (CVE-2018-14461)\n\n* tcpdump: Buffer over-read in icmp_print() function in print-icmp.c (CVE-2018-14462)\n\n* tcpdump: Buffer over-read in vrrp_print() function in print-vrrp.c (CVE-2018-14463)\n\n* tcpdump: Buffer over-read in lmp_print_data_link_subobjs() function in print-lmp.c (CVE-2018-14464)\n\n* tcpdump: Buffer over-read in rsvp_obj_print() function in print-rsvp.c (CVE-2018-14465)\n\n* tcpdump: Buffer over-read in print-icmp6.c (CVE-2018-14466)\n\n* tcpdump: Buffer over-read in bgp_capabilities_print() in print-bgp.c (CVE-2018-14467)\n\n* tcpdump: Buffer over-read in mfr_print() function in print-fr.c (CVE-2018-14468)\n\n* tcpdump: Buffer over-read in ikev1_n_print() function in print-isakmp.c (CVE-2018-14469)\n\n* tcpdump: Buffer over-read in babel_print_v2() in print-babel.c (CVE-2018-14470)\n\n* tcpdump: Buffer over-read in ospf6_print_lshdr() function in print-ospf6.c (CVE-2018-14880)\n\n* tcpdump: Buffer over-read in bgp_capabilities_print() function in print-bgp.c (CVE-2018-14881)\n\n* tcpdump: Buffer over-read in function rpl_dio_printopt in print-icmp6.c (CVE-2018-14882)\n\n* tcpdump: Buffer over-read in print-802_11.c (CVE-2018-16227)\n\n* tcpdump: Access to uninitialized buffer in print_prefix() function in print-hncp.c (CVE-2018-16228)\n\n* tcpdump: Buffer over-read in dccp_print_option() function in print-dccp.c (CVE-2018-16229)\n\n* tcpdump: Buffer over-read in bgp_attr_print() function in print-bgp.c (CVE-2018-16230)\n\n* tcpdump: Resource exhaustion in bgp_attr_print() function in print-bgp.c (CVE-2018-16300)\n\n* tcpdump: Buffer over-read in print_trans() function in print-smb.c (CVE-2018-16451)\n\n* tcpdump: Resource exhaustion in smb_fdata() funtion in smbutil.c (CVE-2018-16452)\n\n* tcpdump: Buffer overflow in lmp_print_data_link_subobjs() in print-lmp.c (CVE-2019-15166)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Rocky Linux 8.3 Release Notes linked from the References section.", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2020-11-03T12:33:49", "type": "rocky", "title": "tcpdump security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16451", "CVE-2018-16452", "CVE-2019-15166"], "modified": "2020-11-03T12:33:49", "id": "RLSA-2020:4760", "href": "https://errata.rockylinux.org/RLSA-2020:4760", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "slackware": [{"lastseen": "2023-11-28T00:43:49", "description": "New libpcap and tcpdump packages are available for Slackware 14.0, 14.1, 14.2,\nand -current to fix security issues.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/libpcap-1.9.1-i586-1_slack14.2.txz: Upgraded.\n This update is required for the new version of tcpdump.\npatches/packages/tcpdump-4.9.3-i586-1_slack14.2.txz: Upgraded.\n Fix buffer overflow/overread vulnerabilities and command line\n argument/local issues.\n For more information, see:\n https://vulners.com/cve/CVE-2017-16808\n https://vulners.com/cve/CVE-2018-14468\n https://vulners.com/cve/CVE-2018-14469\n https://vulners.com/cve/CVE-2018-14470\n https://vulners.com/cve/CVE-2018-14466\n https://vulners.com/cve/CVE-2018-14461\n https://vulners.com/cve/CVE-2018-14462\n https://vulners.com/cve/CVE-2018-14465\n https://vulners.com/cve/CVE-2018-14881\n https://vulners.com/cve/CVE-2018-14464\n https://vulners.com/cve/CVE-2018-14463\n https://vulners.com/cve/CVE-2018-14467\n https://vulners.com/cve/CVE-2018-10103\n https://vulners.com/cve/CVE-2018-10105\n https://vulners.com/cve/CVE-2018-14880\n https://vulners.com/cve/CVE-2018-16451\n https://vulners.com/cve/CVE-2018-14882\n https://vulners.com/cve/CVE-2018-16227\n https://vulners.com/cve/CVE-2018-16229\n https://vulners.com/cve/CVE-2018-16301\n https://vulners.com/cve/CVE-2018-16230\n https://vulners.com/cve/CVE-2018-16452\n https://vulners.com/cve/CVE-2018-16300\n https://vulners.com/cve/CVE-2018-16228\n https://vulners.com/cve/CVE-2019-15166\n https://vulners.com/cve/CVE-2019-15167\n https://vulners.com/cve/CVE-2018-14879\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/libpcap-1.9.1-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/tcpdump-4.9.3-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/libpcap-1.9.1-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/tcpdump-4.9.3-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/libpcap-1.9.1-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/tcpdump-4.9.3-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/libpcap-1.9.1-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/tcpdump-4.9.3-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/libpcap-1.9.1-i586-1_slack14.2.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/tcpdump-4.9.3-i586-1_slack14.2.txz\n\nUpdated packages for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/libpcap-1.9.1-x86_64-1_slack14.2.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/tcpdump-4.9.3-x86_64-1_slack14.2.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libpcap-1.9.0-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/tcpdump-4.9.2-i586-3.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libpcap-1.9.1-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/tcpdump-4.9.3-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.0 packages:\n0855bcc24c0d39f6ec3c6fa7d956ebf4 libpcap-1.9.1-i486-1_slack14.0.txz\n1c53d8ea7923c5947dbbf0eb2dfca2aa tcpdump-4.9.3-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n080435560c6498ba82e3131d9d7f36e4 libpcap-1.9.1-x86_64-1_slack14.0.txz\n3740823881e104943cb15be6870a0e7d tcpdump-4.9.3-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n7f1dffd77993897a3729c1fb3ea5e395 libpcap-1.9.1-i486-1_slack14.1.txz\nb267563e154bbddab251e8e2c7a11f69 tcpdump-4.9.3-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\n1177a6f007a4924c2116d15f8cb92900 libpcap-1.9.1-x86_64-1_slack14.1.txz\nde9844ab61993927903a91fc05450c8c tcpdump-4.9.3-x86_64-1_slack14.1.txz\n\nSlackware 14.2 packages:\n2672c9a84590170ff8f7f2b233af9a38 libpcap-1.9.1-i586-1_slack14.2.txz\n578dbf94aa192915243e2d200c557cc5 tcpdump-4.9.3-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 packages:\n16f70962eebe606d3d9668202752bc51 libpcap-1.9.1-x86_64-1_slack14.2.txz\n0a4b8400d30a84bc1df774b3537cb4b5 tcpdump-4.9.3-x86_64-1_slack14.2.txz\n\nSlackware -current packages:\n8765839c82fc67a8075b9e1c5211776b l/libpcap-1.9.0-i586-1.txz\n9de3c38d7c061534d28b5b599ab5d563 n/tcpdump-4.9.2-i586-3.txz\n\nSlackware x86_64 -current packages:\ncb278799afec0d6e99ce9a126b9e65f3 l/libpcap-1.9.1-x86_64-1.txz\n2d14083ccadb447e5af06e0f940fefa5 n/tcpdump-4.9.3-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the packages as root:\n > upgradepkg libpcap-1.9.1-i586-1_slack14.2.txz tcpdump-4.9.3-i586-1_slack14.2.txz", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2019-10-02T06:51:41", "type": "slackware", "title": "[slackware-security] tcpdump", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16808", "CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16301", "CVE-2018-16451", "CVE-2018-16452", "CVE-2019-15166", "CVE-2019-15167"], "modified": "2019-10-02T06:51:41", "id": "SSA-2019-274-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2019&m=slackware-security.682249", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "aix": [{"lastseen": "2023-11-28T02:20:47", "description": "IBM SECURITY ADVISORY\n\nFirst Issued: Wed Jan 8 12:57:55 CST 2020\n\nThe most recent version of this document is available here:\nhttp://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory5.asc\nhttps://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory5.asc\nftp://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory5.asc\n\nSecurity Bulletin: Vulnerabilities in tcpdump affect AIX\n\n===============================================================================\n\nSUMMARY:\n\n There are vulnerabilities in tcpdump that affect AIX.\n\n\n===============================================================================\n\nVULNERABILITY DETAILS:\n\n CVEID: CVE-2018-14467\n https://vulners.com/cve/CVE-2018-14467\n https://vulners.com/cve/CVE-2018-14467\n DESCRIPTION: The BGP parser in tcpdump before 4.9.3 has a buffer \n over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP).\n CVSS Base Score: 6.5\n CVSS Temporal Score: See \n https://exchange.xforce.ibmcloud.com/vulnerabilities/169829\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n CVEID: CVE-2018-14463\n https://vulners.com/cve/CVE-2018-14463\n https://vulners.com/cve/CVE-2018-14463\n DESCRIPTION: The VRRP parser in tcpdump before 4.9.3 has a buffer \n over-read in print-vrrp.c:vrrp_print().\n CVSS Base Score: 6.5\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/169827\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n CVEID: CVE-2018-14464\n https://vulners.com/cve/CVE-2018-14464\n https://vulners.com/cve/CVE-2018-14464\n DESCRIPTION: The LMP parser in tcpdump before 4.9.3 has a buffer \n over-read in print-lmp.c:lmp_print_data_link_subobjs().\n CVSS Base Score: 6.5\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/169828\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n CVEID: CVE-2018-14470\n https://vulners.com/cve/CVE-2018-14470\n https://vulners.com/cve/CVE-2018-14470\n DESCRIPTION: The Babel parser in tcpdump before 4.9.3 has a buffer \n over-read in print-babel.c:babel_print_v2().\n CVSS Base Score: 6.5\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/168314\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n CVEID: CVE-2018-10105\n https://vulners.com/cve/CVE-2018-10105\n https://vulners.com/cve/CVE-2018-10105\n DESCRIPTION: tcpdump before 4.9.3 mishandles the printing of SMB data \n (issue 2 of 2).\n CVSS Base Score: 8.8\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/168321\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n CVEID: CVE-2018-14461\n https://vulners.com/cve/CVE-2018-14461\n https://vulners.com/cve/CVE-2018-14461\n DESCRIPTION: The LDP parser in tcpdump before 4.9.3 has a buffer \n over-read in print-ldp.c:ldp_tlv_print().\n CVSS Base Score: 6.5\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/168320\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n CVEID: CVE-2018-10103\n https://vulners.com/cve/CVE-2018-10103\n https://vulners.com/cve/CVE-2018-10103\n DESCRIPTION: tcpdump before 4.9.3 mishandles the printing of SMB data \n (issue 1 of 2).\n CVSS Base Score: 8.8\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/168670\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n CVEID: CVE-2019-15167\n https://vulners.com/cve/CVE-2019-15167\n https://vulners.com/cve/CVE-2019-15167\n DESCRIPTION: Tcpdump is vulnerable to a buffer overflow, caused by \n improper bounds checking by the lmp_print_data_link_subobjs function \n in print-lmp.c. By sending specially-crafted data, a remote attacker \n could overflow a buffer and cause the application to crash.\n CVSS Base Score: 6.5\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/168671\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n CVEID: CVE-2018-14466\n https://vulners.com/cve/CVE-2018-14466\n https://vulners.com/cve/CVE-2018-14466\n DESCRIPTION: The Rx parser in tcpdump before 4.9.3 has a buffer \n over-read in print-rx.c:rx_cache_find() and rx_cache_insert().\n CVSS Base Score: 6.5\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/168317\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n CVEID: CVE-2018-14469\n https://vulners.com/cve/CVE-2018-14469\n https://vulners.com/cve/CVE-2018-14469\n DESCRIPTION: The IKEv1 parser in tcpdump before 4.9.3 has a buffer \n over-read in print-isakmp.c:ikev1_n_print().\n CVSS Base Score: 6.5\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/168315\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n CVEID: CVE-2018-14468\n https://vulners.com/cve/CVE-2018-14468\n https://vulners.com/cve/CVE-2018-14468\n DESCRIPTION: The FRF.16 parser in tcpdump before 4.9.3 has a buffer \n over-read in print-fr.c:mfr_print().\n CVSS Base Score: 6.5\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/168316\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n CVEID: CVE-2018-14881\n https://vulners.com/cve/CVE-2018-14881\n https://vulners.com/cve/CVE-2018-14881\n DESCRIPTION: The BGP parser in tcpdump before 4.9.3 has a buffer \n over-read in print-bgp.c:bgp_capabilities_print() \n (BGP_CAPCODE_RESTART).\n CVSS Base Score: 6.5\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/168312\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n CVEID: CVE-2018-14462\n https://vulners.com/cve/CVE-2018-14462\n https://vulners.com/cve/CVE-2018-14462\n DESCRIPTION: The ICMP parser in tcpdump before 4.9.3 has a buffer \n over-read in print-icmp.c:icmp_print().\n CVSS Base Score: 6.5\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/168319\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n CVEID: CVE-2018-14880\n https://vulners.com/cve/CVE-2018-14880\n https://vulners.com/cve/CVE-2018-14880\n DESCRIPTION: The OSPFv3 parser in tcpdump before 4.9.3 has a buffer \n over-read in print-ospf6.c:ospf6_print_lshdr().\n CVSS Base Score: 6.5\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/168313\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n CVEID: CVE-2018-14465\n https://vulners.com/cve/CVE-2018-14465\n https://vulners.com/cve/CVE-2018-14465\n DESCRIPTION: The RSVP parser in tcpdump before 4.9.3 has a buffer \n over-read in print-rsvp.c:rsvp_obj_print().\n CVSS Base Score: 6.5\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/168318\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n CVEID: CVE-2018-16451\n https://vulners.com/cve/CVE-2018-16451\n https://vulners.com/cve/CVE-2018-16451\n DESCRIPTION: The SMB parser in tcpdump before 4.9.3 has buffer \n over-reads in print-smb.c:print_trans() for \\MAILSLOT\\BROWSE and \n \\PIPE\\LANMAN.\n CVSS Base Score: 5.5\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/168301\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n CVEID: CVE-2018-16452\n https://vulners.com/cve/CVE-2018-16452\n https://vulners.com/cve/CVE-2018-16452\n DESCRIPTION: The SMB parser in tcpdump before 4.9.3 has stack exhaustion \n in smbutil.c:smb_fdata() via recursion.\n CVSS Base Score: 5.5\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/168300\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n CVEID: CVE-2018-16230\n https://vulners.com/cve/CVE-2018-16230\n https://vulners.com/cve/CVE-2018-16230\n DESCRIPTION: The BGP parser in tcpdump before 4.9.3 has a buffer \n over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI).\n CVSS Base Score: 5.5\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/168307\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n CVEID: CVE-2019-15166\n https://vulners.com/cve/CVE-2019-15166\n https://vulners.com/cve/CVE-2019-15166\n DESCRIPTION: lmp_print_data_link_subobjs() in print-lmp.c in tcpdump \n before 4.9.3 lacks certain bounds checks.\n CVSS Base Score: 5.5\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/168299\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n CVEID: CVE-2018-14879\n https://vulners.com/cve/CVE-2018-14879\n https://vulners.com/cve/CVE-2018-14879\n DESCRIPTION: The command-line argument parser in tcpdump before 4.9.3 has \n a buffer overflow in tcpdump.c:get_next_file().\n CVSS Base Score: 6.1\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/168302\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H)\n\n CVEID: CVE-2018-16228\n https://vulners.com/cve/CVE-2018-16228\n https://vulners.com/cve/CVE-2018-16228\n DESCRIPTION: The HNCP parser in tcpdump before 4.9.3 has a buffer \n over-read in print-hncp.c:print_prefix().\n CVSS Base Score: 5.5\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/168309\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n CVEID: CVE-2018-16229\n https://vulners.com/cve/CVE-2018-16229\n https://vulners.com/cve/CVE-2018-16229\n DESCRIPTION: The DCCP parser in tcpdump before 4.9.3 has a buffer \n over-read in print-dccp.c:dccp_print_option().\n CVSS Base Score: 5.5\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/168308\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n CVEID: CVE-2018-16227\n https://vulners.com/cve/CVE-2018-16227\n https://vulners.com/cve/CVE-2018-16227\n DESCRIPTION: The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer \n over-read in print-802_11.c for the Mesh Flags subfield.\n CVSS Base Score: 5.5\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/168310\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n CVEID: CVE-2018-16300\n https://vulners.com/cve/CVE-2018-16300\n https://vulners.com/cve/CVE-2018-16300\n DESCRIPTION: The BGP parser in tcpdump before 4.9.3 allows stack \n consumption in print-bgp.c:bgp_attr_print() because of unlimited \n recursion.\n CVSS Base Score: 5.5\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/168306\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n CVEID: CVE-2018-14882\n https://vulners.com/cve/CVE-2018-14882\n https://vulners.com/cve/CVE-2018-14882\n DESCRIPTION: The ICMPv6 parser in tcpdump before 4.9.3 has a buffer \n over-read in print-icmp6.c.\n CVSS Base Score: 5.5\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/168311\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n CVEID: CVE-2017-16808\n https://vulners.com/cve/CVE-2017-16808\n https://vulners.com/cve/CVE-2017-16808\n DESCRIPTION: tcpdump before 4.9.3 has a heap-based buffer over-read \n related to aoe_print in print-aoe.c and lookup_emem in \n addrtoname.c.\n CVSS Base Score: 7.5\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/134999\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n\n AFFECTED PRODUCTS AND VERSIONS:\n \n AIX 7.1, 7.2\n VIOS 2.2, 3.1\n\n The following fileset levels are vulnerable:\n \n key_fileset = aix\n\n Fileset Lower Level Upper Level KEY \n ---------------------------------------------------------\n bos.net.tcp.server 6.1.9.0 6.1.9.401 key_w_fs\n bos.net.tcp.server 7.1.5.0 7.1.5.32 key_w_fs\n bos.net.tcp.tcpdump 7.2.2.0 7.2.2.17 key_w_fs\n bos.net.tcp.tcpdump 7.2.3.0 7.2.3.16 key_w_fs\n bos.net.tcp.tcpdump 7.2.4.0 7.2.4.0 key_w_fs\n \n To find out whether the affected filesets are installed \n on your systems, refer to the lslpp command found in AIX user's guide.\n\n Example: lslpp -L | grep -i bos.net.tcp.server\n\n\n REMEDIATION:\n\n A. APARS\n \n IBM has assigned the following APARs to this problem:\n\n AIX Level APAR Availability SP KEY\n -----------------------------------------------------\n 7.1.5 IJ20783 ** SP06-2015 key_w_apar\n 7.2.2 IJ20784 ** SP06-2016 key_w_apar\n 7.2.3 IJ20785 ** SP05-2016 key_w_apar\n 7.2.4 IJ20786 ** SP02-2015 key_w_apar\n\n VIOS Level APAR Availability SP KEY\n ----------------------------------------------------\n 2.2.6 IJ20781 ** 2.2.6.60 key_w_apar\n 3.1.0 IJ20785 ** 3.1.0.40 key_w_apar\n 3.1.1 IJ20786 ** 3.1.1.20 key_w_apar\n\n Subscribe to the APARs here:\n\n http://www.ibm.com/support/docview.wss?uid=isg1IJ20781\n http://www.ibm.com/support/docview.wss?uid=isg1IJ20783\n http://www.ibm.com/support/docview.wss?uid=isg1IJ20784\n http://www.ibm.com/support/docview.wss?uid=isg1IJ20785\n http://www.ibm.com/support/docview.wss?uid=isg1IJ20786\n\n https://www.ibm.com/support/docview.wss?uid=isg1IJ20781\n https://www.ibm.com/support/docview.wss?uid=isg1IJ20783\n https://www.ibm.com/support/docview.wss?uid=isg1IJ20784\n https://www.ibm.com/support/docview.wss?uid=isg1IJ20785\n https://www.ibm.com/support/docview.wss?uid=isg1IJ20786\n\n By subscribing, you will receive periodic email alerting you\n to the status of the APAR, and a link to download the fix once\n it becomes available.\n\n B. FIXES\n\n AIX and VIOS fixes are available.\n\n The AIX and VIOS fixes can be downloaded via ftp or http from:\n\n ftp://aix.software.ibm.com/aix/efixes/security/tcpdump_fix5.tar\n http://aix.software.ibm.com/aix/efixes/security/tcpdump_fix5.tar\n https://aix.software.ibm.com/aix/efixes/security/tcpdump_fix5.tar \n\n The link above is to a tar file containing this signed\n advisory, fix packages, and OpenSSL signatures for each package.\n The fixes below include prerequisite checking. This will\n enforce the correct mapping between the fixes and AIX\n Technology Levels.\n\n AIX Level Interim Fix (*.Z) KEY\n ----------------------------------------------\n 7.1.5.3 IJ20783s5a.191115.epkg.Z key_w_fix\n 7.1.5.4 IJ20783s4a.191118.epkg.Z key_w_fix\n 7.1.5.5 IJ20783s5a.191115.epkg.Z key_w_fix\n 7.2.2.2 IJ20784s2a.191118.epkg.Z key_w_fix\n 7.2.2.3 IJ20784s3a.191118.epkg.Z key_w_fix\n 7.2.2.4 IJ20784s4a.191115.epkg.Z key_w_fix\n 7.2.3.1 IJ20785s1a.191120.epkg.Z key_w_fix\n 7.2.3.2 IJ20785s2a.191119.epkg.Z key_w_fix\n 7.2.3.3 IJ20785s3a.191115.epkg.Z key_w_fix\n 7.2.3.4 IJ20785s3a.191115.epkg.Z key_w_fix\n 7.2.4.0 IJ20786s1a.191120.epkg.Z key_w_fix\n 7.2.4.1 IJ20786s1a.191120.epkg.Z key_w_fix\n \n Please note that the above table refers to AIX TL/SP level as\n opposed to fileset level, i.e., 7.2.2.3 is AIX 7200-02-03.\n\n Please reference the Affected Products and Version section above\n for help with checking installed fileset levels.\n\n VIOS Level Interim Fix (*.Z) KEY\n -----------------------------------------------\n 2.2.6.31 IJ20781sCc.191121.epkg.Z key_w_fix\n 2.2.6.32 IJ20781sCd.191121.epkg.Z key_w_fix\n 2.2.6.40 IJ20781sDa.191121.epkg.Z key_w_fix\n 2.2.6.41 IJ20781sDb.191121.epkg.Z key_w_fix\n 2.2.6.50 IJ20781sEa.191121.epkg.Z key_w_fix\n 3.1.0.0 IJ20785s2a.191119.epkg.Z key_w_fix\n 3.1.0.10 IJ20785s2a.191119.epkg.Z key_w_fix\n 3.1.0.20 IJ20785s3a.191115.epkg.Z key_w_fix\n 3.1.0.30 IJ20785s3a.191115.epkg.Z key_w_fix\n 3.1.1.0 IJ20786s1a.191120.epkg.Z key_w_fix\n 3.1.1.10 IJ20786s1a.191120.epkg.Z key_w_fix\n\n To extract the fixes from the tar file:\n\n tar xvf tcpdump_fix5.tar\n cd tcpdump_fix5\n\n Verify you have retrieved the fixes intact:\n\n The checksums below were generated using the\n \"openssl dgst -sha256 [filename]\" command as the following:\n\n openssl dgst -sha256 filename KEY\n -----------------------------------------------------------------------------------------------------\n e8fc68fe0311cd3fe84b29b0a9eda6144d0ddd01f4e4c6326c5d55712a338b88 IJ20781sCc.191121.epkg.Z key_w_csum\n e4da84993d82493efa11b788b31d06fcdddd52fd9b54ec5b9d290a85f1de916c IJ20781sCd.191121.epkg.Z key_w_csum\n 677a27573e419c6060ea0338c37e2bae9989b91fabb5250c8dd8c9145332b016 IJ20781sDa.191121.epkg.Z key_w_csum\n 0a3fac5dd8eea545edd5de813cdcaaedaca88cbf5b1fcd1941271540c3c7424a IJ20781sDb.191121.epkg.Z key_w_csum\n 2970c0240a28f249431988fd9d4b6f37698c132db83174340d1aa5fe496a2ae0 IJ20781sEa.191121.epkg.Z key_w_csum\n 71ef56bd120efb3e8cb0ebda33eed1600a38d3f5b65325b68de1b861d7f3b113 IJ20783s3a.191118.epkg.Z key_w_csum\n 1c86e9cc304c2a7a833dbd92eaf11eb7f575047b27dfe2cca59c52ee7d43d39a IJ20783s4a.191118.epkg.Z key_w_csum\n fdd81d76ffdb700959bb77a2419c7a979a86f0c1eed8a21b7d6a4a3b2ceb885b IJ20783s5a.191115.epkg.Z key_w_csum\n 731c8b73993d94ca74bee8f7fbde9a79cc7e42db87a60aa0c9a9a49b18273382 IJ20784s2a.191118.epkg.Z key_w_csum\n 7c4c366ab91a5a7c1f4ad4fe96fba7bad90accfaa585a1fcdb55fb891bf52345 IJ20784s3a.191118.epkg.Z key_w_csum\n fdcbe85e363e5617abdfb0a0ac4a9bbb5501d133c0eaac72d8a52c6cbf1c6dbe IJ20784s4a.191115.epkg.Z key_w_csum\n 278cf7ac32a11322166d641d49ccf584d17dda5d6b507629fcd69bcf61d72b64 IJ20785s1a.191120.epkg.Z key_w_csum\n 1346d26230f9725a459b46368108489bfbc3a73d4e71e3b14ca9922e995e9b39 IJ20785s2a.191119.epkg.Z key_w_csum\n 51c6fca2564d8bdd4476cc465c2fd22019fb66a87db490a306c17cd4cdd38384 IJ20785s3a.191115.epkg.Z key_w_csum\n 20651d1763eed7a3fe4eb83f5ff0428f5f49cc7be1d2de1b6489a39ab2b5daa9 IJ20786s1a.191120.epkg.Z key_w_csum\n\n\n These sums should match exactly. The OpenSSL signatures in the tar\n file and on this advisory can also be used to verify the\n integrity of the fixes. If the sums or signatures cannot be\n confirmed, contact IBM Support at\n http://ibm.com/support/ and describe the discrepancy. \n \n openssl dgst -sha1 -verify [pubkey_file] -signature [advisory_file].sig [advisory_file]\n \n openssl dgst -sha1 -verify [pubkey_file] -signature [ifix_file].sig [ifix_file]\n\n Published advisory OpenSSL signature file location:\n \n http://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory5.asc.sig\n https://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory5.asc.sig\n ftp://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory5.asc.sig \n\n C. FIX AND INTERIM FIX INSTALLATION\n\n If possible, it is recommended that a mksysb backup of the system \n be created. Verify it is both bootable and readable before\n proceeding.\n\n To preview a fix installation:\n\n installp -a -d fix_name -p all # where fix_name is the name of the\n # fix package being previewed.\n To install a fix package:\n\n installp -a -d fix_name -X all # where fix_name is the name of the\n # fix package being installed.\n\n Interim fixes have had limited functional and regression\n testing but not the full regression testing that takes place\n for Service Packs; however, IBM does fully support them.\n\n Interim fix management documentation can be found at:\n\n http://www14.software.ibm.com/webapp/set2/sas/f/aix.efixmgmt/home.html\n\n To preview an interim fix installation:\n\n emgr -e ipkg_name -p # where ipkg_name is the name of the\n # interim fix package being previewed.\n\n To install an interim fix package:\n\n emgr -e ipkg_name -X # where ipkg_name is the name of the\n # interim fix package being installed.\n\n WORKAROUNDS AND MITIGATIONS:\n\n None.\n\n\n===============================================================================\n\nCONTACT US:\n\n Note: Keywords labeled as KEY in this document are used for parsing\n purposes.\n\n If you would like to receive AIX Security Advisories via email,\n please visit \"My Notifications\":\n\n http://www.ibm.com/support/mynotifications\n\n To view previously issued advisories, please visit:\n\n http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n \n Contact IBM Support for questions related to this announcement:\n\n http://ibm.com/support/\n https://ibm.com/support/\n\n To obtain the OpenSSL public key that can be used to verify the\n signed advisories and ifixes:\n\n Download the key from our web page:\n\n ftp://ftp.software.ibm.com/systems/power/AIX/systems_p_os_aix_security_pubkey.txt\n\n Please contact your local IBM AIX support center for any\n assistance.\n\n\nREFERENCES:\n \n Complete CVSS v3 Guide: http://www.first.org/cvss/user-guide\n On-line Calculator v3:\n http://www.first.org/cvss/calculator/3.0\n\n\nRELATED INFORMATION:\n\n IBM Secure Engineering Web Portal\n http://www.ibm.com/security/secure-engineering/bulletins.html\n\n IBM Product Security Incident Response Blog\n https://www.ibm.com/blogs/psirt/\n\n Security Bulletin: Vulnerability in tcpdump affects AIX\n https://www.ibm.com/support/pages/node/1169974\n\n\nACKNOWLEDGEMENTS:\n\n None.\n\n\nCHANGE HISTORY:\n\n First Issued: Wed Jan 8 12:57:55 CST 2020\n\n\n===============================================================================\n\n*The CVSS Environment Score is customer environment specific and will \nultimately impact the Overall CVSS Score. Customers can evaluate the impact \nof this vulnerability in their environments by accessing the links in the \nReference section of this Security Bulletin. \n\nDisclaimer\nAccording to the Forum of Incident Response and Security Teams (FIRST), the \nCommon Vulnerability Scoring System (CVSS) is an \"industry open standard \ndesigned to convey vulnerability severity and help to determine urgency and \npriority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY \nOF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS \nFOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT \nOF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2020-01-08T12:57:55", "type": "aix", "title": "There is a vulnerability in tcpdump that affects AIX.,There is a vulnerability in tcpdump that affects VIOS.", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16808", "CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16451", "CVE-2018-16452", "CVE-2019-15166", "CVE-2019-15167"], "modified": "2020-01-08T12:57:55", "id": "TCPDUMP_ADVISORY5.ASC", "href": "https://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory5.asc", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2022-11-09T12:10:20", "description": "An update that fixes 28 vulnerabilities is now available.\n\nDescription:\n\n This update for tcpdump fixes the following issues:\n\n - CVE-2017-16808: Fixed a heap-based buffer over-read related to aoe_print\n and lookup_emem (bsc#1068716 bsc#1153098).\n - CVE-2018-10103: Fixed a mishandling of the printing of SMB data\n (bsc#1153098).\n - CVE-2018-10105: Fixed a mishandling of the printing of SMB data\n (bsc#1153098).\n - CVE-2018-14461: Fixed a buffer over-read in print-ldp.c:ldp_tlv_print\n (bsc#1153098).\n - CVE-2018-14462: Fixed a buffer over-read in print-icmp.c:icmp_print\n (bsc#1153098).\n - CVE-2018-14463: Fixed a buffer over-read in print-vrrp.c:vrrp_print\n (bsc#1153098).\n - CVE-2018-14464: Fixed a buffer over-read in\n print-lmp.c:lmp_print_data_link_subobjs (bsc#1153098).\n - CVE-2018-14465: Fixed a buffer over-read in print-rsvp.c:rsvp_obj_print\n (bsc#1153098).\n - CVE-2018-14466: Fixed a buffer over-read in print-rx.c:rx_cache_find\n (bsc#1153098).\n - CVE-2018-14467: Fixed a buffer over-read in\n print-bgp.c:bgp_capabilities_print (bsc#1153098).\n - CVE-2018-14468: Fixed a buffer over-read in print-fr.c:mfr_print\n (bsc#1153098).\n - CVE-2018-14469: Fixed a buffer over-read in print-isakmp.c:ikev1_n_print\n (bsc#1153098).\n - CVE-2018-14470: Fixed a buffer over-read in print-babel.c:babel_print_v2\n (bsc#1153098).\n - CVE-2018-14879: Fixed a buffer overflow in the command-line argument\n parser (bsc#1153098).\n - CVE-2018-14880: Fixed a buffer over-read in the OSPFv3 parser\n (bsc#1153098).\n - CVE-2018-14881: Fixed a buffer over-read in the BGP parser (bsc#1153098).\n - CVE-2018-14882: Fixed a buffer over-read in the ICMPv6 parser\n (bsc#1153098).\n - CVE-2018-16227: Fixed a buffer over-read in the IEEE 802.11 parser in\n print-802_11.c for the Mesh Flags subfield (bsc#1153098).\n - CVE-2018-16228: Fixed a buffer over-read in the HNCP parser\n (bsc#1153098).\n - CVE-2018-16229: Fixed a buffer over-read in the DCCP parser\n (bsc#1153098).\n - CVE-2018-16230: Fixed a buffer over-read in the BGP parser in\n print-bgp.c:bgp_attr_print (bsc#1153098).\n - CVE-2018-16300: Fixed an unlimited recursion in the BGP parser that\n allowed denial-of-service by stack consumption (bsc#1153098).\n - CVE-2018-16301: Fixed a buffer overflow (bsc#1153332 bsc#1153098).\n - CVE-2018-16451: Fixed several buffer over-reads in\n print-smb.c:print_trans() for \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN\n (bsc#1153098).\n - CVE-2018-16452: Fixed a stack exhaustion in smbutil.c:smb_fdata\n (bsc#1153098).\n - CVE-2019-15166: Fixed a bounds check in lmp_print_data_link_subobjs\n (bsc#1153098).\n - CVE-2019-15167: Fixed a vulnerability in VRRP (bsc#1153098).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-2344=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-10-20T00:00:00", "type": "suse", "title": "Security update for tcpdump (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16808", "CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16301", "CVE-2018-16451", "CVE-2018-16452", "CVE-2019-1010220", "CVE-2019-15166", "CVE-2019-15167"], "modified": "2019-10-20T00:00:00", "id": "OPENSUSE-SU-2019:2344-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MKQWXXAEJMKN6KVJXWDQTBKWQTVSGWAA/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-09T12:10:20", "description": "An update that fixes 28 vulnerabilities is now available.\n\nDescription:\n\n This update for tcpdump fixes the following issues:\n\n - CVE-2017-16808: Fixed a heap-based buffer over-read related to aoe_print\n and lookup_emem (bsc#1068716 bsc#1153098).\n - CVE-2018-10103: Fixed a mishandling of the printing of SMB data\n (bsc#1153098).\n - CVE-2018-10105: Fixed a mishandling of the printing of SMB data\n (bsc#1153098).\n - CVE-2018-14461: Fixed a buffer over-read in print-ldp.c:ldp_tlv_print\n (bsc#1153098).\n - CVE-2018-14462: Fixed a buffer over-read in print-icmp.c:icmp_print\n (bsc#1153098).\n - CVE-2018-14463: Fixed a buffer over-read in print-vrrp.c:vrrp_print\n (bsc#1153098).\n - CVE-2018-14464: Fixed a buffer over-read in\n print-lmp.c:lmp_print_data_link_subobjs (bsc#1153098).\n - CVE-2018-14465: Fixed a buffer over-read in print-rsvp.c:rsvp_obj_print\n (bsc#1153098).\n - CVE-2018-14466: Fixed a buffer over-read in print-rx.c:rx_cache_find\n (bsc#1153098).\n - CVE-2018-14467: Fixed a buffer over-read in\n print-bgp.c:bgp_capabilities_print (bsc#1153098).\n - CVE-2018-14468: Fixed a buffer over-read in print-fr.c:mfr_print\n (bsc#1153098).\n - CVE-2018-14469: Fixed a buffer over-read in print-isakmp.c:ikev1_n_print\n (bsc#1153098).\n - CVE-2018-14470: Fixed a buffer over-read in print-babel.c:babel_print_v2\n (bsc#1153098).\n - CVE-2018-14879: Fixed a buffer overflow in the command-line argument\n parser (bsc#1153098).\n - CVE-2018-14880: Fixed a buffer over-read in the OSPFv3 parser\n (bsc#1153098).\n - CVE-2018-14881: Fixed a buffer over-read in the BGP parser (bsc#1153098).\n - CVE-2018-14882: Fixed a buffer over-read in the ICMPv6 parser\n (bsc#1153098).\n - CVE-2018-16227: Fixed a buffer over-read in the IEEE 802.11 parser in\n print-802_11.c for the Mesh Flags subfield (bsc#1153098).\n - CVE-2018-16228: Fixed a buffer over-read in the HNCP parser\n (bsc#1153098).\n - CVE-2018-16229: Fixed a buffer over-read in the DCCP parser\n (bsc#1153098).\n - CVE-2018-16230: Fixed a buffer over-read in the BGP parser in\n print-bgp.c:bgp_attr_print (bsc#1153098).\n - CVE-2018-16300: Fixed an unlimited recursion in the BGP parser that\n allowed denial-of-service by stack consumption (bsc#1153098).\n - CVE-2018-16301: Fixed a buffer overflow (bsc#1153332 bsc#1153098).\n - CVE-2018-16451: Fixed several buffer over-reads in\n print-smb.c:print_trans() for \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN\n (bsc#1153098).\n - CVE-2018-16452: Fixed a stack exhaustion in smbutil.c:smb_fdata\n (bsc#1153098).\n - CVE-2019-15166: Fixed a bounds check in lmp_print_data_link_subobjs\n (bsc#1153098).\n - CVE-2019-15167: Fixed a vulnerability in VRRP (bsc#1153098).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2019-2348=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-10-20T00:00:00", "type": "suse", "title": "Security update for tcpdump (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16808", "CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16301", "CVE-2018-16451", "CVE-2018-16452", "CVE-2019-1010220", "CVE-2019-15166", "CVE-2019-15167"], "modified": "2019-10-20T00:00:00", "id": "OPENSUSE-SU-2019:2348-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZPOIE2ZQZQ57X2YSWXD43L2MIX37I54G/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cloudfoundry": [{"lastseen": "2023-11-28T00:53:12", "description": "# \n\n## Severity\n\nMedium\n\n## Vendor\n\nCanonical Ubuntu\n\n## Versions Affected\n\n * Canonical Ubuntu 16.04\n * Canonical Ubuntu 18.04\n\n## Description\n\nMultiple security issues were discovered in tcpdump. A remote attacker could use these issues to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code.\n\nCVEs contained in this USN include: CVE-2017-16808, CVE-2018-19519, CVE-2018-10103, CVE-2018-10105, CVE-2018-14461, CVE-2018-14462, CVE-2018-14463, CVE-2018-14464, CVE-2018-14465, CVE-2018-14466, CVE-2018-14467, CVE-2018-14468, CVE-2018-14469, CVE-2018-14470, CVE-2018-14879, CVE-2018-14880, CVE-2018-14881, CVE-2018-14882, CVE-2018-16227, CVE-2018-16228, CVE-2018-16229, CVE-2018-16230, CVE-2018-16300, CVE-2018-16451, CVE-2018-16452, CVE-2019-1010220, CVE-2019-15166, CVE-2019-15167.\n\n## Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * Xenial Stemcells \n * 621.x versions prior to 621.55\n * 456.x versions prior to 456.96\n * 315.x versions prior to 315.167\n * 250.x versions prior to 250.181\n * 170.x versions prior to 170.201\n * 97.x versions prior to 97.230\n * All other stemcells not listed.\n * cflinuxfs3 \n * All versions prior to 0.158.0\n * CF Deployment \n * All versions prior to v12.29.0\n\n## Mitigation\n\nUsers of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:\n\n * Xenial Stemcells \n * Upgrade 621.x versions to 621.55 or greater\n * Upgrade 456.x versions to 456.96 or greater\n * Upgrade 315.x versions to 315.167 or greater\n * Upgrade 250.x versions to 250.181 or greater\n * Upgrade 170.x versions to 170.201 or greater\n * Upgrade 97.x versions to 97.230 or greater\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells>).\n * cflinuxfs3 \n * Upgrade all versions to 0.158.0 or greater\n * CF Deployment \n * Upgrade all versions to v12.29.0 or greater\n\n## References\n\n * [USN Notice](<https://usn.ubuntu.com/4252-1/>)\n * [CVE-2017-16808](<https://vulners.com/cve/CVE-2017-16808>)\n * [CVE-2018-19519](<https://vulners.com/cve/CVE-2018-19519>)\n * [CVE-2018-10103](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-10103>)\n * [CVE-2018-10105](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-10105>)\n * [CVE-2018-14461](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14461>)\n * [CVE-2018-14462](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14462>)\n * [CVE-2018-14463](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14463>)\n * [CVE-2018-14464](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14464>)\n * [CVE-2018-14465](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14465>)\n * [CVE-2018-14466](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14466>)\n * [CVE-2018-14467](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14467>)\n * [CVE-2018-14468](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14468>)\n * [CVE-2018-14469](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14469>)\n * [CVE-2018-14470](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14470>)\n * [CVE-2018-14879](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14879>)\n * [CVE-2018-14880](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14880>)\n * [CVE-2018-14881](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14881>)\n * [CVE-2018-14882](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14882>)\n * [CVE-2018-16227](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16227>)\n * [CVE-2018-16228](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16228>)\n * [CVE-2018-16229](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16229>)\n * [CVE-2018-16230](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16230>)\n * [CVE-2018-16300](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16300>)\n * [CVE-2018-16451](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16451>)\n * [CVE-2018-16452](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16452>)\n * [CVE-2019-1010220](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1010220>)\n * [CVE-2019-15166](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15166>)\n * [CVE-2019-15167](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15167>)\n\n## History\n\n2020-01-27: Initial vulnerability report published.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2020-02-12T00:00:00", "type": "cloudfoundry", "title": "USN-4252-1: tcpdump vulnerabilities | Cloud Foundry", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16808", "CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16451", "CVE-2018-16452", "CVE-2018-19519", "CVE-2019-1010220", "CVE-2019-15166", "CVE-2019-15167"], "modified": "2020-02-12T00:00:00", "id": "CFOUNDRY:40DA9EC9652A3858F9F7AF08C709173D", "href": "https://www.cloudfoundry.org/blog/usn-4252-1/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2021-07-28T14:46:51", "description": "Tcpdump is a command-line tool for monitoring network traffic. Tcpdump can capture and display the packet headers on a particular network interface or on all interfaces. Tcpdump can display all of the packet headers, or just the ones that match particular criteria. Install tcpdump if you need a program to monitor network traffic. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-10-30T00:58:06", "type": "fedora", "title": "[SECURITY] Fedora 31 Update: tcpdump-4.9.3-1.fc31", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16808", "CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16301", "CVE-2018-16451", "CVE-2018-16452", "CVE-2018-19519", "CVE-2019-1010220", "CVE-2019-15166", "CVE-2019-15167"], "modified": "2019-10-30T00:58:06", "id": "FEDORA:30E0D6049C87", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:51", "description": "Tcpdump is a command-line tool for monitoring network traffic. Tcpdump can capture and display the packet headers on a particular network interface or on all interfaces. Tcpdump can display all of the packet headers, or just the ones that match particular criteria. Install tcpdump if you need a program to monitor network traffic. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-10-28T01:03:58", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: tcpdump-4.9.3-1.fc30", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16808", "CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16301", "CVE-2018-16451", "CVE-2018-16452", "CVE-2018-19519", "CVE-2019-1010220", "CVE-2019-15166", "CVE-2019-15167"], "modified": "2019-10-28T01:03:58", "id": "FEDORA:24BBA6076F61", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:51", "description": "Tcpdump is a command-line tool for monitoring network traffic. Tcpdump can capture and display the packet headers on a particular network interface or on all interfaces. Tcpdump can display all of the packet headers, or just the ones that match particular criteria. Install tcpdump if you need a program to monitor network traffic. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-10-25T18:09:47", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: tcpdump-4.9.3-1.fc29", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16808", "CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16301", "CVE-2018-16451", "CVE-2018-16452", "CVE-2018-19519", "CVE-2019-1010220", "CVE-2019-15166", "CVE-2019-15167"], "modified": "2019-10-25T18:09:47", "id": "FEDORA:2D179607011A", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "photon": [{"lastseen": "2021-11-03T20:59:54", "description": "An update of {'python3', 'python2', 'subversion', 'rsyslog', 'tcpdump'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-10-15T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2019-2.0-0182", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10103", "CVE-2018-10105", "CVE-2018-11782", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16301", "CVE-2018-16451", "CVE-2018-16452", "CVE-2019-0203", "CVE-2019-15166", "CVE-2019-16935", "CVE-2019-17040"], "modified": "2019-10-15T00:00:00", "id": "PHSA-2019-2.0-0182", "href": "https://github.com/vmware/photon/wiki/Security-Updates-2-182", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T18:39:08", "description": "Updates of ['tcpdump', 'python3', 'rsyslog', 'python2', 'subversion'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2019-10-15T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2019-0182", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10103", "CVE-2018-10105", "CVE-2018-11782", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16301", "CVE-2018-16451", "CVE-2018-16452", "CVE-2019-0203", "CVE-2019-15166", "CVE-2019-16935", "CVE-2019-17040", "CVE-2023-34060"], "modified": "2019-10-15T00:00:00", "id": "PHSA-2019-0182", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-182", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-12T18:50:26", "description": "Updates of ['rsyslog', 'linux-esx', 'libpcap', 'tcpdump', 'yarn', 'linux', 'linux-secure', 'linux-aws'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-10-15T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2019-0034", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16301", "CVE-2018-16451", "CVE-2018-16452", "CVE-2019-14821", "CVE-2019-14835", "CVE-2019-15161", "CVE-2019-15162", "CVE-2019-15163", "CVE-2019-15164", "CVE-2019-15165", "CVE-2019-15166", "CVE-2019-15918", "CVE-2019-17040", "CVE-2019-19319", "CVE-2019-5448"], "modified": "2019-10-15T00:00:00", "id": "PHSA-2019-0034", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-34", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T06:25:18", "description": "Updates of ['rsyslog', 'libpcap', 'linux', 'linux-aws', 'yarn', 'linux-secure', 'tcpdump', 'linux-esx'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2019-10-15T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2019-3.0-0034", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16301", "CVE-2018-16451", "CVE-2018-16452", "CVE-2019-14821", "CVE-2019-14835", "CVE-2019-15161", "CVE-2019-15162", "CVE-2019-15163", "CVE-2019-15164", "CVE-2019-15165", "CVE-2019-15166", "CVE-2019-15918", "CVE-2019-17040", "CVE-2019-19319", "CVE-2019-5448", "CVE-2023-34060"], "modified": "2019-10-15T00:00:00", "id": "PHSA-2019-3.0-0034", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-34", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T00:59:25", "description": "Updates of ['file', 'git', 'python3', 'libndp', 'curl', 'haproxy', 'libpcap', 'linux', 'tcpdump', 'binutils', 'e2fsprogs', 'linux-esx', 'python2', 'polkit'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2019-11-13T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2019-0255", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3698", "CVE-2018-10103", "CVE-2018-10105", "CVE-2018-1116", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16301", "CVE-2018-16451", "CVE-2018-16452", "CVE-2018-17456", "CVE-2018-18309", "CVE-2018-19486", "CVE-2018-20976", "CVE-2019-1010204", "CVE-2019-14821", "CVE-2019-15161", "CVE-2019-15162", "CVE-2019-15163", "CVE-2019-15164", "CVE-2019-15165", "CVE-2019-15166", "CVE-2019-16935", "CVE-2019-17052", "CVE-2019-17053", "CVE-2019-17054", "CVE-2019-17055", "CVE-2019-17056", "CVE-2019-17514", "CVE-2019-17666", "CVE-2019-18218", "CVE-2019-18277", "CVE-2019-18806", "CVE-2019-19523", "CVE-2019-19525", "CVE-2019-19528", "CVE-2019-5094", "CVE-2019-5481", "CVE-2019-5482", "CVE-2023-34060"], "modified": "2019-11-13T00:00:00", "id": "PHSA-2019-0255", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-255", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-03T17:49:49", "description": "An update of {'libndp', 'haproxy', 'libpcap', 'file', 'salt', 'python2', 'e2fsprogs', 'sysstat', 'linux-esx', 'git', 'tcpdump', 'curl', 'binutils', 'linux', 'python3', 'polkit'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-11-13T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2019-1.0-0255", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3698", "CVE-2018-10103", "CVE-2018-10105", "CVE-2018-1116", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-15751", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16301", "CVE-2018-16451", "CVE-2018-16452", "CVE-2018-17456", "CVE-2018-18309", "CVE-2018-19486", "CVE-2018-20976", "CVE-2019-1010204", "CVE-2019-14821", "CVE-2019-15161", "CVE-2019-15162", "CVE-2019-15163", "CVE-2019-15164", "CVE-2019-15165", "CVE-2019-15166", "CVE-2019-16167", "CVE-2019-16935", "CVE-2019-17052", "CVE-2019-17053", "CVE-2019-17054", "CVE-2019-17055", "CVE-2019-17056", "CVE-2019-17514", "CVE-2019-17666", "CVE-2019-18218", "CVE-2019-18277", "CVE-2019-18806", "CVE-2019-19523", "CVE-2019-19525", "CVE-2019-19528", "CVE-2019-5094", "CVE-2019-5481", "CVE-2019-5482"], "modified": "2019-11-13T00:00:00", "id": "PHSA-2019-1.0-0255", "href": "https://github.com/vmware/photon/wiki/Security-Updates-1.0-255", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2023-11-28T04:33:26", "description": "## Releases\n\n * Ubuntu 18.04 ESM\n * Ubuntu 16.04 ESM\n\n## Packages\n\n * tcpdump \\- command-line network traffic analyzer\n\nMultiple security issues were discovered in tcpdump. A remote attacker \ncould use these issues to cause tcpdump to crash, resulting in a denial of \nservice, or possibly execute arbitrary code.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2020-01-27T00:00:00", "type": "ubuntu", "title": "tcpdump vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16808", "CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16451", "CVE-2018-16452", "CVE-2018-19519", "CVE-2019-1010220", "CVE-2019-15166", "CVE-2019-15167"], "modified": "2020-01-27T00:00:00", "id": "USN-4252-1", "href": "https://ubuntu.com/security/notices/USN-4252-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-10-20T17:38:45", "description": "## Releases\n\n * Ubuntu 14.04 ESM\n * Ubuntu 12.04 \n\n## Packages\n\n * tcpdump \\- command-line network traffic analyzer\n\nUSN-4252-1 fixed several vulnerabilities in tcpdump. This update provides \nthe corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.\n\nOriginal advisory details:\n\nMultiple security issues were discovered in tcpdump. A remote attacker \ncould use these issues to cause tcpdump to crash, resulting in a denial of \nservice, or possibly execute arbitrary code.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-01-27T00:00:00", "type": "ubuntu", "title": "tcpdump vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16808", "CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16451", "CVE-2018-16452", "CVE-2018-19519", "CVE-2019-1010220", "CVE-2019-15166", "CVE-2019-15167"], "modified": "2020-01-27T00:00:00", "id": "USN-4252-2", "href": "https://ubuntu.com/security/notices/USN-4252-2", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "mageia": [{"lastseen": "2023-11-27T23:18:37", "description": "Updated libpcap and tcpdump packages fix security vulnerabilities: The libpcap packages have been updated to versions 1.9.1 and tcpdump to 4.9.3, respectively, fixing several buffer overread and overflow issues. \n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2019-10-16T22:22:41", "type": "mageia", "title": "Updated libpcap and tcpdump packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16808", "CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16301", "CVE-2018-16451", "CVE-2018-16452", "CVE-2019-15161", "CVE-2019-15162", "CVE-2019-15163", "CVE-2019-15164", "CVE-2019-15165", "CVE-2019-15166", "CVE-2019-15167"], "modified": "2019-10-16T22:22:41", "id": "MGASA-2019-0297", "href": "https://advisories.mageia.org/MGASA-2019-0297.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "apple": [{"lastseen": "2020-12-24T20:42:08", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra\n\nReleased December 10, 2019\n\n**ATS**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15\n\nImpact: A malicious application may be able to access restricted files\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2019-8837: Csaba Fitzl (@theevilbit)\n\nEntry updated December 18, 2019\n\n**Bluetooth**\n\nAvailable for: macOS Catalina 10.15\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2019-8853: Jianjun Dai of Qihoo 360 Alpha Lab\n\n**CallKit**\n\nAvailable for: macOS Catalina 10.15\n\nImpact: Calls made using Siri may be initiated using the wrong cellular plan on devices with two active plans\n\nDescription: An API issue existed in the handling of outgoing phone calls initiated with Siri. This issue was addressed with improved state handling.\n\nCVE-2019-8856: Fabrice TERRANCLE of TERRANCLE SARL\n\n**CFNetwork Proxies**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2019-8848: Zhuo Liang of Qihoo 360 Vulcan Team\n\nEntry updated December 18, 2019\n\n**CFNetwork**\n\nAvailable for: macOS Catalina 10.15\n\nImpact: An attacker in a privileged network position may be able to bypass HSTS for a limited number of specific top-level domains previously not in the HSTS preload list\n\nDescription: A configuration issue was addressed with additional restrictions.\n\nCVE-2019-8834: Rob Sayre (@sayrer)\n\nEntry added February 3, 2020\n\n**CUPS**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15\n\nImpact: In certain configurations, a remote attacker may be able to submit arbitrary print jobs\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2019-8842: Niky1235 of China Mobile\n\nEntry updated December 18, 2019\n\n**CUPS**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15\n\nImpact: An attacker in a privileged position may be able to perform a denial of service attack\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2019-8839: Stephan Zeisberg of Security Research Labs\n\nEntry updated December 18, 2019\n\n**FaceTime**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15\n\nImpact: Processing malicious video via FaceTime may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2019-8830: Natalie Silvanovich of Google Project Zero\n\nEntry updated December 18, 2019\n\n**IOGraphics**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15\n\nImpact: A Mac may not lock immediately upon wake\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2019-8851: Vladik Khononov of DoiT International\n\nEntry added February 3, 2020\n\n**Kernel**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed by removing the vulnerable code.\n\nCVE-2019-8833: Ian Beer of Google Project Zero\n\nEntry updated December 18, 2019\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2019-8828: Cim Stordal of Cognite\n\nCVE-2019-8838: Dr Silvio Cesare of InfoSect\n\nCVE-2019-8847: Apple\n\nCVE-2019-8852: pattern-f (@pattern_F_) of WaCai\n\n**libexpat**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15\n\nImpact: Parsing a maliciously crafted XML file may lead to disclosure of user information\n\nDescription: This issue was addressed by updating to expat version 2.2.8.\n\nCVE-2019-15903: Joonun Jang\n\nEntry updated December 18, 2019\n\n**Notes**\n\nAvailable for: macOS Catalina 10.15\n\nImpact: A remote attacker may be able to overwrite existing files\n\nDescription: A parsing issue in the handling of directory paths was addressed with improved path validation.\n\nCVE-2020-9782: Allison Husain of UC Berkeley\n\nEntry added April 4, 2020\n\n**OpenLDAP**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15\n\nImpact: Multiple issues in OpenLDAP\n\nDescription: Multiple issues were addressed by updating to OpenLDAP version 2.4.28.\n\nCVE-2012-1164\n\nCVE-2012-2668\n\nCVE-2013-4449\n\nCVE-2015-1545\n\nCVE-2019-13057\n\nCVE-2019-13565\n\nEntry updated February 3, 2020\n\n**Security**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2019-8832: Insu Yun of SSLab at Georgia Tech\n\n**tcpdump**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15\n\nImpact: Multiple issues in tcpdump\n\nDescription: Multiple issues were addressed by updating to tcpdump version 4.9.3 and libpcap version 1.9.1\n\nCVE-2017-16808\n\nCVE-2018-10103\n\nCVE-2018-10105\n\nCVE-2018-14461\n\nCVE-2018-14462\n\nCVE-2018-14463\n\nCVE-2018-14464\n\nCVE-2018-14465\n\nCVE-2018-14466\n\nCVE-2018-14467\n\nCVE-2018-14468\n\nCVE-2018-14469\n\nCVE-2018-14470\n\nCVE-2018-14879\n\nCVE-2018-14880\n\nCVE-2018-14881\n\nCVE-2018-14882\n\nCVE-2018-16227\n\nCVE-2018-16228\n\nCVE-2018-16229\n\nCVE-2018-16230\n\nCVE-2018-16300\n\nCVE-2018-16301\n\nCVE-2018-16451\n\nCVE-2018-16452\n\nCVE-2019-15166\n\nCVE-2019-15167\n\nEntry updated February 11, 2020\n\n**Wi-Fi**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6\n\nImpact: An attacker in Wi-Fi range may be able to view a small amount of network traffic\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2019-15126: Milos Cermak at ESET\n\nEntry added February 27, 2020\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## Additional recognition\n\n**Accounts**\n\nWe would like to acknowledge Allison Husain of UC Berkeley, Kishan Bagaria (KishanBagaria.com), Tom Snelling of Loughborough University for their assistance.\n\nEntry updated April 4, 2020\n\n**Core Data**\n\nWe would like to acknowledge Natalie Silvanovich of Google Project Zero for their assistance.\n\n**Finder**\n\nWe would like to acknowledge Csaba Fitzl (@theevilbit) for their assistance.\n\nEntry added December 18, 2019\n\n**Kernel**\n\nWe would like to acknowledge Daniel Roethlisberger of Swisscom CSIRT for their assistance.\n\nEntry added December 18, 2019\n", "edition": 5, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-12T07:38:35", "title": "About the security content of macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2668", "CVE-2019-8852", "CVE-2019-8842", "CVE-2019-8851", "CVE-2018-16300", "CVE-2019-13057", "CVE-2018-14463", "CVE-2018-14469", "CVE-2018-10103", "CVE-2019-8834", "CVE-2018-14467", "CVE-2019-8830", "CVE-2018-10105", "CVE-2018-16229", "CVE-2019-8848", "CVE-2019-8847", "CVE-2018-16452", "CVE-2018-14466", "CVE-2019-15126", "CVE-2019-8828", "CVE-2019-8832", "CVE-2018-14470", "CVE-2018-14880", "CVE-2018-16301", "CVE-2020-9782", "CVE-2015-1545", "CVE-2012-1164", "CVE-2018-14882", "CVE-2019-8833", "CVE-2013-4449", "CVE-2017-16808", "CVE-2018-14879", "CVE-2018-16451", "CVE-2019-8853", "CVE-2018-16227", "CVE-2019-8837", "CVE-2018-14468", "CVE-2018-16228", "CVE-2019-8856", "CVE-2019-13565", "CVE-2018-14461", "CVE-2019-15903", "CVE-2018-14462", "CVE-2018-16230", "CVE-2018-14465", "CVE-2019-8839", "CVE-2019-15166", "CVE-2018-14464", "CVE-2019-15167", "CVE-2018-14881", "CVE-2019-8838"], "modified": "2020-11-12T07:38:35", "id": "APPLE:HT210788", "href": "https://support.apple.com/kb/HT210788", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-28T19:30:56", "description": "# About the security content of macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra\n\nThis document describes the security content of macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra\n\nReleased December 10, 2019\n\n**ATS**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15\n\nImpact: A malicious application may be able to access restricted files\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2019-8837: Csaba Fitzl (@theevilbit)\n\nEntry updated December 18, 2019\n\n**Bluetooth**\n\nAvailable for: macOS Catalina 10.15\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2019-8853: Jianjun Dai of Qihoo 360 Alpha Lab\n\n**CallKit**\n\nAvailable for: macOS Catalina 10.15\n\nImpact: Calls made using Siri may be initiated using the wrong cellular plan on devices with two active plans\n\nDescription: An API issue existed in the handling of outgoing phone calls initiated with Siri. This issue was addressed with improved state handling.\n\nCVE-2019-8856: Fabrice TERRANCLE of TERRANCLE SARL\n\n**CFNetwork Proxies**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2019-8848: Zhuo Liang of Qihoo 360 Vulcan Team\n\nEntry updated December 18, 2019\n\n**CFNetwork**\n\nAvailable for: macOS Catalina 10.15\n\nImpact: An attacker in a privileged network position may be able to bypass HSTS for a limited number of specific top-level domains previously not in the HSTS preload list\n\nDescription: A configuration issue was addressed with additional restrictions.\n\nCVE-2019-8834: Rob Sayre (@sayrer)\n\nEntry added February 3, 2020\n\n**CUPS**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15\n\nImpact: In certain configurations, a remote attacker may be able to submit arbitrary print jobs\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2019-8842: Niky1235 of China Mobile\n\nEntry updated December 18, 2019\n\n**CUPS**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15\n\nImpact: An attacker in a privileged position may be able to perform a denial of service attack\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2019-8839: Stephan Zeisberg of Security Research Labs\n\nEntry updated December 18, 2019\n\n**FaceTime**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15\n\nImpact: Processing malicious video via FaceTime may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2019-8830: natashenka of Google Project Zero\n\nEntry updated December 18, 2019\n\n**IOGraphics**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15\n\nImpact: A Mac may not lock immediately upon wake\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2019-8851: Vladik Khononov of DoiT International\n\nEntry added February 3, 2020\n\n**Kernel**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed by removing the vulnerable code.\n\nCVE-2019-8833: Ian Beer of Google Project Zero\n\nEntry updated December 18, 2019\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2019-8828: Cim Stordal of Cognite\n\nCVE-2019-8838: Dr Silvio Cesare of InfoSect\n\nCVE-2019-8847: Apple\n\nCVE-2019-8852: pattern-f (@pattern_F_) of WaCai\n\n**libexpat**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15\n\nImpact: Parsing a maliciously crafted XML file may lead to disclosure of user information\n\nDescription: This issue was addressed by updating to expat version 2.2.8.\n\nCVE-2019-15903: Joonun Jang\n\nEntry updated December 18, 2019\n\n**Notes**\n\nAvailable for: macOS Catalina 10.15\n\nImpact: A remote attacker may be able to overwrite existing files\n\nDescription: A parsing issue in the handling of directory paths was addressed with improved path validation.\n\nCVE-2020-9782: Allison Husain of UC Berkeley\n\nEntry added April 4, 2020\n\n**OpenLDAP**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15\n\nImpact: Multiple issues in OpenLDAP\n\nDescription: Multiple issues were addressed by updating to OpenLDAP version 2.4.28.\n\nCVE-2012-1164\n\nCVE-2012-2668\n\nCVE-2013-4449\n\nCVE-2015-1545\n\nCVE-2019-13057\n\nCVE-2019-13565\n\nEntry updated February 3, 2020\n\n**Security**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2019-8832: Insu Yun of SSLab at Georgia Tech\n\n**tcpdump**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15\n\nImpact: Multiple issues in tcpdump\n\nDescription: Multiple issues were addressed by updating to tcpdump version 4.9.3 and libpcap version 1.9.1\n\nCVE-2017-16808\n\nCVE-2018-10103\n\nCVE-2018-10105\n\nCVE-2018-14461\n\nCVE-2018-14462\n\nCVE-2018-14463\n\nCVE-2018-14464\n\nCVE-2018-14465\n\nCVE-2018-14466\n\nCVE-2018-14467\n\nCVE-2018-14468\n\nCVE-2018-14469\n\nCVE-2018-14470\n\nCVE-2018-14879\n\nCVE-2018-14880\n\nCVE-2018-14881\n\nCVE-2018-14882\n\nCVE-2018-16227\n\nCVE-2018-16228\n\nCVE-2018-16229\n\nCVE-2018-16230\n\nCVE-2018-16300\n\nCVE-2018-16301\n\nCVE-2018-16451\n\nCVE-2018-16452\n\nCVE-2019-15166\n\nCVE-2019-15167\n\nEntry updated February 11, 2020\n\n**Wi-Fi**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6\n\nImpact: An attacker in Wi-Fi range may be able to view a small amount of network traffic\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2019-15126: Milos Cermak at ESET\n\nEntry added February 27, 2020\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## Additional recognition\n\n**Accounts**\n\nWe would like to acknowledge Allison Husain of UC Berkeley, Kishan Bagaria (KishanBagaria.com), Tom Snelling of Loughborough University for their assistance.\n\nEntry updated April 4, 2020\n\n**Core Data**\n\nWe would like to acknowledge Natalie Silvanovich of Google Project Zero for their assistance.\n\n**Finder**\n\nWe would like to acknowledge Csaba Fitzl (@theevilbit) for their assistance.\n\nEntry added December 18, 2019\n\n**Kernel**\n\nWe would like to acknowledge Daniel Roethlisberger of Swisscom CSIRT for their assistance.\n\nEntry added December 18, 2019\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: March 05, 2021\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-12-10T00:00:00", "type": "apple", "title": "About the security content of macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1164", "CVE-2012-2668", "CVE-2013-4449", "CVE-2015-1545", "CVE-2017-16808", "CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16301", "CVE-2018-16451", "CVE-2018-16452", "CVE-2019-13057", "CVE-2019-13565", "CVE-2019-15126", "CVE-2019-15166", "CVE-2019-15167", "CVE-2019-15903", "CVE-2019-8828", "CVE-2019-8830", "CVE-2019-8832", "CVE-2019-8833", "CVE-2019-8834", "CVE-2019-8837", "CVE-2019-8838", "CVE-2019-8839", "CVE-2019-8842", "CVE-2019-8847", "CVE-2019-8848", "CVE-2019-8851", "CVE-2019-8852", "CVE-2019-8853", "CVE-2019-8856", "CVE-2020-9782"], "modified": "2019-12-10T00:00:00", "id": "APPLE:FE34E67588C6E371B47F8C80ED459F90", "href": "https://support.apple.com/kb/HT210788", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}