F5F5:K16837K16837 : tcpdump before 4.7.2 vulnerabilities CVE-2015-0261, CVE-2015-0261, CVE-2015-2153, CVE-2015-2154, CVE-2015-2155
9.9 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.17 Low
EPSS
Percentile
95.6%
Security Advisory Description
Description
Integer signedness error in the mobility_opt_print function in the IPv6 mobility printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) or possibly execute arbitrary code via a negative length value.
The rpki_rtr_pdu_print function in print-rpki-rtr.c in the TCP printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via a crafted header length in an RPKI-RTR Protocol Data Unit (PDU).
The osi_print_cksum function in print-isoclns.c in the ethernet printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) length, (2) offset, or (3) base pointer checksum value.
The force printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
Impact
A malformed packet may cause tcpdump to fail or execute arbitrary code.
Note: Thetcpdumputility is in use only when debugging network issues. In normal operational mode,tcpdump is not running. For this vulnerability to be relevant, an attacker must send specially crafted traffic at the same time an administrative user is capturing traffic one of the internal nodes of a cluster that has access to an external network in the mobile operator’s network. The chance of this scenario is almost null.
Status
To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:
| Product | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature |
|---|---|---|---|---|
| BIG-IP LTM | None | |||
| 11.0.0 - 11.6.0 | ||||
| 10.1.0 - 10.2.4 | Not vulnerable | None | ||
| BIG-IP AAM | None | 11.4.0 - 11.6.0 | Not vulnerable | None |
| BIG-IP AFM | None | 11.3.0 - 11.6.0 | Not vulnerable | None |
| BIG-IP Analytics | None | 11.0.0 - 11.6.0 | Not vulnerable | None |
| BIG-IP APM | None | 11.0.0 - 11.6.0 | ||
| 10.1.0 - 10.2.4 | Not vulnerable | None | ||
| BIG-IP ASM | None | 11.0.0 - 11.6.0 | ||
| 10.1.0 - 10.2.4 | Not vulnerable | None | ||
| BIG-IP Edge Gateway | ||||
| None | 11.0.0 - 11.3.0 | |||
| 10.1.0 - 10.2.4 | Not vulnerable | None | ||
| BIG-IP GTM | None | 11.0.0 - 11.6.0 | ||
| 10.1.0 - 10.2.4 | Not vulnerable | None | ||
| BIG-IP Link Controller | None | 11.0.0 - 11.6.0 | ||
| 10.1.0 - 10.2.4 | Not vulnerable | None | ||
| BIG-IP PEM | None | 11.3.0 - 11.6.0 | Not vulnerable | None |
| BIG-IP PSM | None | 11.0.0 - 11.4.1 | ||
| 10.1.0 - 10.2.4 | Not vulnerable | None | ||
| BIG-IP WebAccelerator | None | 11.0.0 - 11.3.0 | ||
| 10.1.0 - 10.2.4 | Not vulnerable | None | ||
| BIG-IP WOM | None | 11.0.0 - 11.3.0 | ||
| 10.1.0 - 10.2.4 | Not vulnerable | None | ||
| ARX | None | |||
| 6.0.0 - 6.4.0 | ||||
| Not vulnerable | None |
Enterprise Manager| None
| 3.0.0 - 3.1.1| Not vulnerable| None
FirePass| None
| 7.0.0
6.0.0 - 6.1.0
| Not vulnerable| None
BIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None
BIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None
BIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None
BIG-IQ ADC| None| 4.0.0 - 4.5.0| Not vulnerable| None
LineRate| None
| 2.4.0 - 2.6.0
| Not vulnerable| None
F5 WebSafe| None
| 1.0.0
| Not vulnerable| None
Traffix SDC| 4.0.0 - 4.4.0
3.3.2 - 3.5.1| None
| Low
| tcpdump
Recommended Action
If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.
F5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in K4602: Overview of the F5 security vulnerability response policy.
To mitigate this vulnerability for Traffix SDC, you can use the tshark utility instead of thetcpdump utility.
Supplemental Information
- K9970: Subscribing to email notifications regarding F5 products
- K9957: Creating a custom RSS feed to view new and updated documents
- K4602: Overview of the F5 security vulnerability response policy
- K4918: Overview of the F5 critical issue hotfix policy
- K167: Downloading software and firmware from F5
- K13123: Managing BIG-IP product hotfixes (11.x)
Related
9.9 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.17 Low
EPSS
Percentile
95.6%