Lucene search

K
kasperskyKaspersky LabKLA10498
HistoryMar 24, 2015 - 12:00 a.m.

KLA10498 Denial of service vulnerabilities in tcpdump

2015-03-2400:00:00
Kaspersky Lab
threats.kaspersky.com
47

9.8 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.17 Low

EPSS

Percentile

96.1%

Multiple serious vulnerabilities have been found in tcpdump. Malicious users can exploit these vulnerabilities to cause denial of service.

Below is a complete list of vulnerabilities

  1. An unknown vulnerability can be exploited remotely via a specially designed packets and other unknown vectors;
  2. Integer signedness can be exploited remotely via a cpecially designed length value.

Original advisories

Exploitation

Public exploits exist for this vulnerability.

Related products

tcpdump

CVE list

CVE-2015-0261 critical

CVE-2015-2155 critical

CVE-2015-2154 critical

CVE-2015-2153 critical

Solution

Update to latest version!

Get tcpdump

Impacts

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

Affected Products

  • tcpdump versions earlier thanΒ 4.7.2

9.8 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.17 Low

EPSS

Percentile

96.1%