Lucene search

K
f5F5F5:K16837
HistoryJul 02, 2015 - 12:00 a.m.

K16837 : tcpdump before 4.7.2 vulnerabilities CVE-2015-0261, CVE-2015-0261, CVE-2015-2153, CVE-2015-2154, CVE-2015-2155

2015-07-0200:00:00
my.f5.com
18

9.9 High

AI Score

Confidence

High

0.17 Low

EPSS

Percentile

96.1%

Security Advisory Description

Description

Integer signedness error in the mobility_opt_print function in the IPv6 mobility printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) or possibly execute arbitrary code via a negative length value.

The rpki_rtr_pdu_print function in print-rpki-rtr.c in the TCP printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via a crafted header length in an RPKI-RTR Protocol Data Unit (PDU).

The osi_print_cksum function in print-isoclns.c in the ethernet printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) length, (2) offset, or (3) base pointer checksum value.

The force printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.

Impact

A malformed packet may cause tcpdump to fail or execute arbitrary code.

Note: Thetcpdumputility is in use only when debugging network issues. In normal operational mode,tcpdump is not running. For this vulnerability to be relevant, an attacker must send specially crafted traffic at the same time an administrative user is capturing traffic one of the internal nodes of a cluster that has access to an external network in the mobile operator’s network. The chance of this scenario is almost null.

Status

To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:

Product Versions known to be vulnerable Versions known to be not vulnerable Severity Vulnerable component or feature
BIG-IP LTM None
11.0.0 - 11.6.0
10.1.0 - 10.2.4 Not vulnerable None
BIG-IP AAM None 11.4.0 - 11.6.0 Not vulnerable None
BIG-IP AFM None 11.3.0 - 11.6.0 Not vulnerable None
BIG-IP Analytics None 11.0.0 - 11.6.0 Not vulnerable None
BIG-IP APM None 11.0.0 - 11.6.0
10.1.0 - 10.2.4 Not vulnerable None
BIG-IP ASM None 11.0.0 - 11.6.0
10.1.0 - 10.2.4 Not vulnerable None
BIG-IP Edge Gateway
None 11.0.0 - 11.3.0
10.1.0 - 10.2.4 Not vulnerable None
BIG-IP GTM None 11.0.0 - 11.6.0
10.1.0 - 10.2.4 Not vulnerable None
BIG-IP Link Controller None 11.0.0 - 11.6.0
10.1.0 - 10.2.4 Not vulnerable None
BIG-IP PEM None 11.3.0 - 11.6.0 Not vulnerable None
BIG-IP PSM None 11.0.0 - 11.4.1
10.1.0 - 10.2.4 Not vulnerable None
BIG-IP WebAccelerator None 11.0.0 - 11.3.0
10.1.0 - 10.2.4 Not vulnerable None
BIG-IP WOM None 11.0.0 - 11.3.0
10.1.0 - 10.2.4 Not vulnerable None
ARX None
6.0.0 - 6.4.0
Not vulnerable None

Enterprise Manager| None
| 3.0.0 - 3.1.1| Not vulnerable| None
FirePass| None
| 7.0.0
6.0.0 - 6.1.0
| Not vulnerable| None

BIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None
BIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None
BIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None
BIG-IQ ADC| None| 4.0.0 - 4.5.0| Not vulnerable| None
LineRate| None
| 2.4.0 - 2.6.0
| Not vulnerable| None

F5 WebSafe| None
| 1.0.0
| Not vulnerable| None

Traffix SDC| 4.0.0 - 4.4.0
3.3.2 - 3.5.1| None
| Low
| tcpdump

Recommended Action

If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.

F5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in K4602: Overview of the F5 security vulnerability response policy.

To mitigate this vulnerability for Traffix SDC, you can use the tshark utility instead of thetcpdump utility.

Supplemental Information