Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mageiaGentoo FoundationMGASA-2014-0503
HistoryDec 01, 2014 - 8:57 p.m.

Updated tcpdump package fixes security vulnerabilities

2014-12-0120:57:09
Gentoo Foundation
advisories.mageia.org
12

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.073 Low

EPSS

Percentile

94.0%

JSON

The Tcpdump program could crash when processing a malformed OLSR payload when the verbose output flag was set (CVE-2014-8767). The application decoder for the Ad hoc On-Demand Distance Vector (AODV) protocol in Tcpdump fails to perform input validation and performs unsafe out-of-bound accesses. The application will usually not crash, but perform out-of-bounds accesses and output/leak larger amounts of invalid data, which might lead to dropped packets. It is unknown if a payload exists that might trigger segfaults (CVE-2014-8769).

OSVersionArchitecturePackageVersionFilename
Mageia4noarchtcpdump< 4.4.0-2.1tcpdump-4.4.0-2.1.mga4

Related

nessus 19
fedora 7
openvas 16
securityvulns 7
osv 2
debian 3
gentoo 1
ubuntu 1
ubuntucve 2
aix 1
packetstorm 2
debiancve 2
cve 2
prion 2
archlinux 1
nessus
nessus
Fedora 19 : tcpdump-4.4.0-4.fc19 (2014-15549)
2014-12-04 00:00:00
SuSE 11.3 Security Update : tcpdump (SAT Patch Number 10093)
2014-12-26 00:00:00
openSUSE Security Update : tcpdump (openSUSE-2015-146)
2015-02-16 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: tcpdump-4.4.0-4.fc19
2014-12-04 06:25:44
[SECURITY] Fedora 20 Update: tcpdump-4.5.1-2.fc20
2014-11-27 08:33:48
[SECURITY] Fedora 21 Update: tcpdump-4.6.2-2.fc21
2014-12-06 10:25:34
openvas
openvas
Mageia: Security Advisory (MGASA-2014-0503)
2022-01-28 00:00:00
Fedora Update for tcpdump FEDORA-2014-15549
2014-12-05 00:00:00
SUSE: Security Advisory (SUSE-SU-2014:1692-1)
2021-06-09 00:00:00
securityvulns
securityvulns
tcpdump multiple security vulnerabilities
2014-12-03 00:00:00
[SECURITY] [DSA 3086-1] tcpdump security update
2014-12-03 00:00:00
CVE-2014-8767 tcpdump denial of service in verbose mode using malformed OLSR payload
2014-11-24 00:00:00
osv
osv
tcpdump - security update
2014-12-03 00:00:00
tcpdump - security update
2014-12-08 00:00:00
debian
debian
[SECURITY] [DSA 3086-1] tcpdump security update
2014-12-03 19:16:29
[SECURITY] [DSA 3086-1] tcpdump security update
2014-12-03 19:16:29
[SECURITY] [DLA 102-1] tcpdump security update
2014-12-08 18:52:58
gentoo
gentoo
tcpdump: Multiple vulnerabilities
2015-02-07 00:00:00
ubuntu
ubuntu
tcpdump vulnerabilities
2014-12-04 00:00:00
ubuntucve
ubuntucve
CVE-2014-8767
2014-11-20 00:00:00
CVE-2014-8769
2014-11-20 00:00:00
aix
aix
Vulnerability in AIX tcpdump
2015-03-18 10:29:53
packetstorm
packetstorm
tcpdump 4.6.2 OSLR Denial Of Service
2014-11-19 00:00:00
tcpdump 4.6.2 AOVD Unreliable Output
2014-11-19 00:00:00
debiancve
debiancve
CVE-2014-8769
2014-11-20 17:50:00
CVE-2014-8767
2014-11-20 17:50:00
cve
cve
CVE-2014-8767
2014-11-20 17:50:00
CVE-2014-8769
2014-11-20 17:50:00
prion
prion
Design/Logic Flaw
2014-11-20 17:50:00
Integer overflow
2014-11-20 17:50:00
archlinux
archlinux
tcpdump: multiple issues
2015-03-20 00:00:00

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.073 Low

EPSS

Percentile

94.0%

JSON
Related for MGASA-2014-0503
nessus19fedora7openvas16securityvulns7osv2debian3gentoo1ubuntu1ubuntucve2aix1packetstorm2debiancve2cve2prion2archlinux1