Search...

AIX 7.1 TL 5 : tcpdump (IJ20783)

2020-01-09T00:00:00

ID AIX_IJ20783.NASL
Type nessus
Reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2021-01-02T00:00:00

Description

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14467 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14467 The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP). The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print(). The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs(). The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2(). tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2). The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print(). tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2). Tcpdump is vulnerable to a buffer overflow, caused by improper bounds checking by the lmp_print_data_link_subobjs function in print-lmp.c. By sending specially-crafted data, a remote attacker could overflow a buffer and cause the application to crash. The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert(). The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print(). The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print(). The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART). The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print(). The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr(). The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print(). The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN. The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion. The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI). lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks. The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file(). The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix(). The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option(). The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield. The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion. The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c. tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#
# The text in the description was extracted from AIX Security
# Advisory tcpdump_advisory5.asc.
#

include("compat.inc");

if (description)
{
  script_id(132730);
  script_version("1.2");
  script_cvs_date("Date: 2020/01/13");

  script_cve_id("CVE-2017-16808", "CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16451", "CVE-2018-16452", "CVE-2019-15166", "CVE-2019-15167");

  script_name(english:"AIX 7.1 TL 5 : tcpdump (IJ20783)");
  script_summary(english:"Check for APAR IJ20783");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote AIX host is missing a security patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14467
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14467 The BGP
parser in tcpdump before 4.9.3 has a buffer over-read in
print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP). The VRRP parser
in tcpdump before 4.9.3 has a buffer over-read in
print-vrrp.c:vrrp_print(). The LMP parser in tcpdump before 4.9.3 has
a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs(). The
Babel parser in tcpdump before 4.9.3 has a buffer over-read in
print-babel.c:babel_print_v2(). tcpdump before 4.9.3 mishandles the
printing of SMB data (issue 2 of 2). The LDP parser in tcpdump before
4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print(). tcpdump
before 4.9.3 mishandles the printing of SMB data (issue 1 of 2).
Tcpdump is vulnerable to a buffer overflow, caused by improper bounds
checking by the lmp_print_data_link_subobjs function in print-lmp.c.
By sending specially-crafted data, a remote attacker could overflow a
buffer and cause the application to crash. The Rx parser in tcpdump
before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and
rx_cache_insert(). The IKEv1 parser in tcpdump before 4.9.3 has a
buffer over-read in print-isakmp.c:ikev1_n_print(). The FRF.16 parser
in tcpdump before 4.9.3 has a buffer over-read in
print-fr.c:mfr_print(). The BGP parser in tcpdump before 4.9.3 has a
buffer over-read in print-bgp.c:bgp_capabilities_print()
(BGP_CAPCODE_RESTART). The ICMP parser in tcpdump before 4.9.3 has a
buffer over-read in print-icmp.c:icmp_print(). The OSPFv3 parser in
tcpdump before 4.9.3 has a buffer over-read in
print-ospf6.c:ospf6_print_lshdr(). The RSVP parser in tcpdump before
4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print(). The SMB
parser in tcpdump before 4.9.3 has buffer over-reads in
print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN. The
SMB parser in tcpdump before 4.9.3 has stack exhaustion in
smbutil.c:smb_fdata() via recursion. The BGP parser in tcpdump before
4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print()
(MP_REACH_NLRI). lmp_print_data_link_subobjs() in print-lmp.c in
tcpdump before 4.9.3 lacks certain bounds checks. The command-line
argument parser in tcpdump before 4.9.3 has a buffer overflow in
tcpdump.c:get_next_file(). The HNCP parser in tcpdump before 4.9.3 has
a buffer over-read in print-hncp.c:print_prefix(). The DCCP parser in
tcpdump before 4.9.3 has a buffer over-read in
print-dccp.c:dccp_print_option(). The IEEE 802.11 parser in tcpdump
before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh
Flags subfield. The BGP parser in tcpdump before 4.9.3 allows stack
consumption in print-bgp.c:bgp_attr_print() because of unlimited
recursion. The ICMPv6 parser in tcpdump before 4.9.3 has a buffer
over-read in print-icmp6.c. tcpdump before 4.9.3 has a heap-based
buffer over-read related to aoe_print in print-aoe.c and lookup_emem
in addrtoname.c."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory5.asc"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Install the appropriate interim fix."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:ibm:aix:7.1");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/08");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/01/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/09");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"AIX Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/AIX/lslpp", "Host/local_checks_enabled", "Host/AIX/version");

  exit(0);
}



include("audit.inc");
include("global_settings.inc");
include("aix.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if ( ! get_kb_item("Host/AIX/version") ) audit(AUDIT_OS_NOT, "AIX");
if ( ! get_kb_item("Host/AIX/lslpp") ) audit(AUDIT_PACKAGE_LIST_MISSING);

if ( get_kb_item("Host/AIX/emgr_failure" ) ) exit(0, "This iFix check is disabled because : "+get_kb_item("Host/AIX/emgr_failure") );

flag = 0;

if (aix_check_ifix(release:"7.1", ml:"05", sp:"03", patch:"IJ20783s3a", package:"bos.net.tcp.server", minfilesetver:"7.1.5.0", maxfilesetver:"7.1.5.32") &lt; 0) flag++;
if (aix_check_ifix(release:"7.1", ml:"05", sp:"04", patch:"IJ20783s4a", package:"bos.net.tcp.server", minfilesetver:"7.1.5.0", maxfilesetver:"7.1.5.32") &lt; 0) flag++;
if (aix_check_ifix(release:"7.1", ml:"05", sp:"05", patch:"IJ20783s5a", package:"bos.net.tcp.server", minfilesetver:"7.1.5.0", maxfilesetver:"7.1.5.32") &lt; 0) flag++;

if (flag)
{
  if (report_verbosity &gt; 0) security_hole(port:0, extra:aix_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

JSON Vulners Source

Initial Source

{"id": "AIX_IJ20783.NASL", "bulletinFamily": "scanner", "title": "AIX 7.1 TL 5 : tcpdump (IJ20783)", "description": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14467\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14467 The BGP\nparser in tcpdump before 4.9.3 has a buffer over-read in\nprint-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP). The VRRP parser\nin tcpdump before 4.9.3 has a buffer over-read in\nprint-vrrp.c:vrrp_print(). The LMP parser in tcpdump before 4.9.3 has\na buffer over-read in print-lmp.c:lmp_print_data_link_subobjs(). The\nBabel parser in tcpdump before 4.9.3 has a buffer over-read in\nprint-babel.c:babel_print_v2(). tcpdump before 4.9.3 mishandles the\nprinting of SMB data (issue 2 of 2). The LDP parser in tcpdump before\n4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print(). tcpdump\nbefore 4.9.3 mishandles the printing of SMB data (issue 1 of 2).\nTcpdump is vulnerable to a buffer overflow, caused by improper bounds\nchecking by the lmp_print_data_link_subobjs function in print-lmp.c.\nBy sending specially-crafted data, a remote attacker could overflow a\nbuffer and cause the application to crash. The Rx parser in tcpdump\nbefore 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and\nrx_cache_insert(). The IKEv1 parser in tcpdump before 4.9.3 has a\nbuffer over-read in print-isakmp.c:ikev1_n_print(). The FRF.16 parser\nin tcpdump before 4.9.3 has a buffer over-read in\nprint-fr.c:mfr_print(). The BGP parser in tcpdump before 4.9.3 has a\nbuffer over-read in print-bgp.c:bgp_capabilities_print()\n(BGP_CAPCODE_RESTART). The ICMP parser in tcpdump before 4.9.3 has a\nbuffer over-read in print-icmp.c:icmp_print(). The OSPFv3 parser in\ntcpdump before 4.9.3 has a buffer over-read in\nprint-ospf6.c:ospf6_print_lshdr(). The RSVP parser in tcpdump before\n4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print(). The SMB\nparser in tcpdump before 4.9.3 has buffer over-reads in\nprint-smb.c:print_trans() for \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN. The\nSMB parser in tcpdump before 4.9.3 has stack exhaustion in\nsmbutil.c:smb_fdata() via recursion. The BGP parser in tcpdump before\n4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print()\n(MP_REACH_NLRI). lmp_print_data_link_subobjs() in print-lmp.c in\ntcpdump before 4.9.3 lacks certain bounds checks. The command-line\nargument parser in tcpdump before 4.9.3 has a buffer overflow in\ntcpdump.c:get_next_file(). The HNCP parser in tcpdump before 4.9.3 has\na buffer over-read in print-hncp.c:print_prefix(). The DCCP parser in\ntcpdump before 4.9.3 has a buffer over-read in\nprint-dccp.c:dccp_print_option(). The IEEE 802.11 parser in tcpdump\nbefore 4.9.3 has a buffer over-read in print-802_11.c for the Mesh\nFlags subfield. The BGP parser in tcpdump before 4.9.3 allows stack\nconsumption in print-bgp.c:bgp_attr_print() because of unlimited\nrecursion. The ICMPv6 parser in tcpdump before 4.9.3 has a buffer\nover-read in print-icmp6.c. tcpdump before 4.9.3 has a heap-based\nbuffer over-read related to aoe_print in print-aoe.c and lookup_emem\nin addrtoname.c.", "published": "2020-01-09T00:00:00", "modified": "2021-01-02T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/132730", "reporter": "This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory5.asc"], "cvelist": ["CVE-2018-16300", "CVE-2018-14463", "CVE-2018-14469", "CVE-2018-10103", "CVE-2018-14467", "CVE-2018-10105", "CVE-2018-16229", "CVE-2018-16452", "CVE-2018-14466", "CVE-2018-14470", "CVE-2018-14880", "CVE-2018-14882", "CVE-2017-16808", "CVE-2018-14879", "CVE-2018-16451", "CVE-2018-16227", "CVE-2018-14468", "CVE-2018-16228", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-16230", "CVE-2018-14465", "CVE-2019-15166", "CVE-2018-14464", "CVE-2019-15167", "CVE-2018-14881"], "type": "nessus", "lastseen": "2021-01-01T01:15:32", "edition": 14, "viewCount": 111, "enchantments": {"dependencies": {"references": [{"type": "aix", "idList": ["TCPDUMP_ADVISORY5.ASC"]}, {"type": "nessus", "idList": ["PHOTONOS_PHSA-2019-3_0-0034_TCPDUMP.NASL", "AIX_IJ20784.NASL", "DEBIAN_DSA-4547.NASL", "REDHAT-RHSA-2020-4760.NASL", "ORACLELINUX_ELSA-2020-4760.NASL", "DEBIAN_DLA-1955.NASL", "AIX_IJ20785.NASL", "EULEROS_SA-2020-1437.NASL", "PHOTONOS_PHSA-2019-2_0-0182_TCPDUMP.NASL", "AIX_IJ20786.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310876932", "OPENVAS:1361412562310876949", "OPENVAS:1361412562310704547", "OPENVAS:1361412562310891955", "OPENVAS:1361412562310113543", "OPENVAS:1361412562310877172", "OPENVAS:1361412562310852829", "OPENVAS:1361412562310852744", "OPENVAS:1361412562311220201437", "OPENVAS:1361412562310844311"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1955-1:22EE5", "DEBIAN:DSA-4547-1:D6E02"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-5662", "ELSA-2020-4760"]}, {"type": "redhat", "idList": ["RHSA-2020:4760", "RHSA-2020:5605"]}, {"type": "slackware", "idList": ["SSA-2019-274-01"]}, {"type": "ubuntu", "idList": ["USN-4252-2", "USN-4252-1"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:2344-1", "OPENSUSE-SU-2019:2348-1"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:40DA9EC9652A3858F9F7AF08C709173D"]}, {"type": "fedora", "idList": ["FEDORA:24BBA6076F61", "FEDORA:2D179607011A", "FEDORA:30E0D6049C87"]}, {"type": "f5", "idList": ["F5:K04367730", "F5:K56551263", "F5:K44551633", "F5:K51512510"]}, {"type": "cve", "idList": ["CVE-2018-14470", "CVE-2018-14464", "CVE-2018-14469", "CVE-2018-14466", "CVE-2018-16228", "CVE-2017-16808", "CVE-2018-16300", "CVE-2018-14465", "CVE-2018-14461", "CVE-2018-14467"]}, {"type": "apple", "idList": ["APPLE:HT210788"]}, {"type": "hackerone", "idList": ["H1:724243", "H1:724253", "H1:724217"]}], "modified": "2021-01-01T01:15:32", "rev": 2}, "score": {"value": 7.6, "vector": "NONE", "modified": "2021-01-01T01:15:32", "rev": 2}, "vulnersScore": 7.6}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory tcpdump_advisory5.asc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132730);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/13\");\n\n script_cve_id(\"CVE-2017-16808\", \"CVE-2018-10103\", \"CVE-2018-10105\", \"CVE-2018-14461\", \"CVE-2018-14462\", \"CVE-2018-14463\", \"CVE-2018-14464\", \"CVE-2018-14465\", \"CVE-2018-14466\", \"CVE-2018-14467\", \"CVE-2018-14468\", \"CVE-2018-14469\", \"CVE-2018-14470\", \"CVE-2018-14879\", \"CVE-2018-14880\", \"CVE-2018-14881\", \"CVE-2018-14882\", \"CVE-2018-16227\", \"CVE-2018-16228\", \"CVE-2018-16229\", \"CVE-2018-16230\", \"CVE-2018-16300\", \"CVE-2018-16451\", \"CVE-2018-16452\", \"CVE-2019-15166\", \"CVE-2019-15167\");\n\n script_name(english:\"AIX 7.1 TL 5 : tcpdump (IJ20783)\");\n script_summary(english:\"Check for APAR IJ20783\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote AIX host is missing a security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14467\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14467 The BGP\nparser in tcpdump before 4.9.3 has a buffer over-read in\nprint-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP). The VRRP parser\nin tcpdump before 4.9.3 has a buffer over-read in\nprint-vrrp.c:vrrp_print(). The LMP parser in tcpdump before 4.9.3 has\na buffer over-read in print-lmp.c:lmp_print_data_link_subobjs(). The\nBabel parser in tcpdump before 4.9.3 has a buffer over-read in\nprint-babel.c:babel_print_v2(). tcpdump before 4.9.3 mishandles the\nprinting of SMB data (issue 2 of 2). The LDP parser in tcpdump before\n4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print(). tcpdump\nbefore 4.9.3 mishandles the printing of SMB data (issue 1 of 2).\nTcpdump is vulnerable to a buffer overflow, caused by improper bounds\nchecking by the lmp_print_data_link_subobjs function in print-lmp.c.\nBy sending specially-crafted data, a remote attacker could overflow a\nbuffer and cause the application to crash. The Rx parser in tcpdump\nbefore 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and\nrx_cache_insert(). The IKEv1 parser in tcpdump before 4.9.3 has a\nbuffer over-read in print-isakmp.c:ikev1_n_print(). The FRF.16 parser\nin tcpdump before 4.9.3 has a buffer over-read in\nprint-fr.c:mfr_print(). The BGP parser in tcpdump before 4.9.3 has a\nbuffer over-read in print-bgp.c:bgp_capabilities_print()\n(BGP_CAPCODE_RESTART). The ICMP parser in tcpdump before 4.9.3 has a\nbuffer over-read in print-icmp.c:icmp_print(). The OSPFv3 parser in\ntcpdump before 4.9.3 has a buffer over-read in\nprint-ospf6.c:ospf6_print_lshdr(). The RSVP parser in tcpdump before\n4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print(). The SMB\nparser in tcpdump before 4.9.3 has buffer over-reads in\nprint-smb.c:print_trans() for \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN. The\nSMB parser in tcpdump before 4.9.3 has stack exhaustion in\nsmbutil.c:smb_fdata() via recursion. The BGP parser in tcpdump before\n4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print()\n(MP_REACH_NLRI). lmp_print_data_link_subobjs() in print-lmp.c in\ntcpdump before 4.9.3 lacks certain bounds checks. The command-line\nargument parser in tcpdump before 4.9.3 has a buffer overflow in\ntcpdump.c:get_next_file(). The HNCP parser in tcpdump before 4.9.3 has\na buffer over-read in print-hncp.c:print_prefix(). The DCCP parser in\ntcpdump before 4.9.3 has a buffer over-read in\nprint-dccp.c:dccp_print_option(). The IEEE 802.11 parser in tcpdump\nbefore 4.9.3 has a buffer over-read in print-802_11.c for the Mesh\nFlags subfield. The BGP parser in tcpdump before 4.9.3 allows stack\nconsumption in print-bgp.c:bgp_attr_print() because of unlimited\nrecursion. The ICMPv6 parser in tcpdump before 4.9.3 has a buffer\nover-read in print-icmp6.c. tcpdump before 4.9.3 has a heap-based\nbuffer over-read related to aoe_print in print-aoe.c and lookup_emem\nin addrtoname.c.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory5.asc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the appropriate interim fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:7.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"7.1\", ml:\"05\", sp:\"03\", patch:\"IJ20783s3a\", package:\"bos.net.tcp.server\", minfilesetver:\"7.1.5.0\", maxfilesetver:\"7.1.5.32\") < 0) flag++;\nif (aix_check_ifix(release:\"7.1\", ml:\"05\", sp:\"04\", patch:\"IJ20783s4a\", package:\"bos.net.tcp.server\", minfilesetver:\"7.1.5.0\", maxfilesetver:\"7.1.5.32\") < 0) flag++;\nif (aix_check_ifix(release:\"7.1\", ml:\"05\", sp:\"05\", patch:\"IJ20783s5a\", package:\"bos.net.tcp.server\", minfilesetver:\"7.1.5.0\", maxfilesetver:\"7.1.5.32\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:aix_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "AIX Local Security Checks", "pluginID": "132730", "cpe": ["cpe:/o:ibm:aix:7.1"], "scheme": null, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}

{"aix": [{"lastseen": "2020-06-11T23:22:19", "bulletinFamily": "unix", "cvelist": ["CVE-2018-16300", "CVE-2018-14463", "CVE-2018-14469", "CVE-2018-10103", "CVE-2018-14467", "CVE-2018-10105", "CVE-2018-16229", "CVE-2018-16452", "CVE-2018-14466", "CVE-2018-14470", "CVE-2018-14880", "CVE-2018-14882", "CVE-2017-16808", "CVE-2018-14879", "CVE-2018-16451", "CVE-2018-16227", "CVE-2018-14468", "CVE-2018-16228", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-16230", "CVE-2018-14465", "CVE-2019-15166", "CVE-2018-14464", "CVE-2019-15167", "CVE-2018-14881"], "description": "IBM SECURITY ADVISORY\n\nFirst Issued: Wed Jan 8 12:57:55 CST 2020\n\nThe most recent version of this document is available here:\nhttp://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory5.asc\nhttps://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory5.asc\nftp://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory5.asc\n\nSecurity Bulletin: Vulnerabilities in tcpdump affect AIX\n\n===============================================================================\n\nSUMMARY:\n\n There are vulnerabilities in tcpdump that affect AIX.\n\n\n===============================================================================\n\nVULNERABILITY DETAILS:\n\n CVEID: CVE-2018-14467\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14467\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14467\n DESCRIPTION: The BGP parser in tcpdump before 4.9.3 has a buffer \n over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP).\n CVSS Base Score: 6.5\n CVSS Temporal Score: See \n https://exchange.xforce.ibmcloud.com/vulnerabilities/169829\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n CVEID: CVE-2018-14463\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14463\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14463\n DESCRIPTION: The VRRP parser in tcpdump before 4.9.3 has a buffer \n over-read in print-vrrp.c:vrrp_print().\n CVSS Base Score: 6.5\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/169827\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n CVEID: CVE-2018-14464\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14464\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14464\n DESCRIPTION: The LMP parser in tcpdump before 4.9.3 has a buffer \n over-read in print-lmp.c:lmp_print_data_link_subobjs().\n CVSS Base Score: 6.5\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/169828\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n CVEID: CVE-2018-14470\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14470\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14470\n DESCRIPTION: The Babel parser in tcpdump before 4.9.3 has a buffer \n over-read in print-babel.c:babel_print_v2().\n CVSS Base Score: 6.5\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/168314\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n CVEID: CVE-2018-10105\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10105\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10105\n DESCRIPTION: tcpdump before 4.9.3 mishandles the printing of SMB data \n (issue 2 of 2).\n CVSS Base Score: 8.8\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/168321\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n CVEID: CVE-2018-14461\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14461\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14461\n DESCRIPTION: The LDP parser in tcpdump before 4.9.3 has a buffer \n over-read in print-ldp.c:ldp_tlv_print().\n CVSS Base Score: 6.5\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/168320\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n CVEID: CVE-2018-10103\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10103\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10103\n DESCRIPTION: tcpdump before 4.9.3 mishandles the printing of SMB data \n (issue 1 of 2).\n CVSS Base Score: 8.8\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/168670\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n CVEID: CVE-2019-15167\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15167\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15167\n DESCRIPTION: Tcpdump is vulnerable to a buffer overflow, caused by \n improper bounds checking by the lmp_print_data_link_subobjs function \n in print-lmp.c. By sending specially-crafted data, a remote attacker \n could overflow a buffer and cause the application to crash.\n CVSS Base Score: 6.5\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/168671\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n CVEID: CVE-2018-14466\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14466\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14466\n DESCRIPTION: The Rx parser in tcpdump before 4.9.3 has a buffer \n over-read in print-rx.c:rx_cache_find() and rx_cache_insert().\n CVSS Base Score: 6.5\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/168317\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n CVEID: CVE-2018-14469\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14469\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14469\n DESCRIPTION: The IKEv1 parser in tcpdump before 4.9.3 has a buffer \n over-read in print-isakmp.c:ikev1_n_print().\n CVSS Base Score: 6.5\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/168315\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n CVEID: CVE-2018-14468\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14468\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14468\n DESCRIPTION: The FRF.16 parser in tcpdump before 4.9.3 has a buffer \n over-read in print-fr.c:mfr_print().\n CVSS Base Score: 6.5\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/168316\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n CVEID: CVE-2018-14881\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14881\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14881\n DESCRIPTION: The BGP parser in tcpdump before 4.9.3 has a buffer \n over-read in print-bgp.c:bgp_capabilities_print() \n (BGP_CAPCODE_RESTART).\n CVSS Base Score: 6.5\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/168312\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n CVEID: CVE-2018-14462\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14462\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14462\n DESCRIPTION: The ICMP parser in tcpdump before 4.9.3 has a buffer \n over-read in print-icmp.c:icmp_print().\n CVSS Base Score: 6.5\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/168319\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n CVEID: CVE-2018-14880\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14880\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14880\n DESCRIPTION: The OSPFv3 parser in tcpdump before 4.9.3 has a buffer \n over-read in print-ospf6.c:ospf6_print_lshdr().\n CVSS Base Score: 6.5\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/168313\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n CVEID: CVE-2018-14465\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14465\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14465\n DESCRIPTION: The RSVP parser in tcpdump before 4.9.3 has a buffer \n over-read in print-rsvp.c:rsvp_obj_print().\n CVSS Base Score: 6.5\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/168318\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n CVEID: CVE-2018-16451\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16451\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16451\n DESCRIPTION: The SMB parser in tcpdump before 4.9.3 has buffer \n over-reads in print-smb.c:print_trans() for \\MAILSLOT\\BROWSE and \n \\PIPE\\LANMAN.\n CVSS Base Score: 5.5\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/168301\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n CVEID: CVE-2018-16452\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16452\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16452\n DESCRIPTION: The SMB parser in tcpdump before 4.9.3 has stack exhaustion \n in smbutil.c:smb_fdata() via recursion.\n CVSS Base Score: 5.5\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/168300\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n CVEID: CVE-2018-16230\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16230\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16230\n DESCRIPTION: The BGP parser in tcpdump before 4.9.3 has a buffer \n over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI).\n CVSS Base Score: 5.5\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/168307\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n CVEID: CVE-2019-15166\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15166\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15166\n DESCRIPTION: lmp_print_data_link_subobjs() in print-lmp.c in tcpdump \n before 4.9.3 lacks certain bounds checks.\n CVSS Base Score: 5.5\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/168299\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n CVEID: CVE-2018-14879\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14879\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14879\n DESCRIPTION: The command-line argument parser in tcpdump before 4.9.3 has \n a buffer overflow in tcpdump.c:get_next_file().\n CVSS Base Score: 6.1\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/168302\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H)\n\n CVEID: CVE-2018-16228\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16228\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16228\n DESCRIPTION: The HNCP parser in tcpdump before 4.9.3 has a buffer \n over-read in print-hncp.c:print_prefix().\n CVSS Base Score: 5.5\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/168309\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n CVEID: CVE-2018-16229\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16229\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16229\n DESCRIPTION: The DCCP parser in tcpdump before 4.9.3 has a buffer \n over-read in print-dccp.c:dccp_print_option().\n CVSS Base Score: 5.5\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/168308\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n CVEID: CVE-2018-16227\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16227\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16227\n DESCRIPTION: The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer \n over-read in print-802_11.c for the Mesh Flags subfield.\n CVSS Base Score: 5.5\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/168310\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n CVEID: CVE-2018-16300\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16300\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16300\n DESCRIPTION: The BGP parser in tcpdump before 4.9.3 allows stack \n consumption in print-bgp.c:bgp_attr_print() because of unlimited \n recursion.\n CVSS Base Score: 5.5\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/168306\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n CVEID: CVE-2018-14882\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14882\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14882\n DESCRIPTION: The ICMPv6 parser in tcpdump before 4.9.3 has a buffer \n over-read in print-icmp6.c.\n CVSS Base Score: 5.5\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/168311\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n CVEID: CVE-2017-16808\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16808\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16808\n DESCRIPTION: tcpdump before 4.9.3 has a heap-based buffer over-read \n related to aoe_print in print-aoe.c and lookup_emem in \n addrtoname.c.\n CVSS Base Score: 7.5\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/134999\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n\n AFFECTED PRODUCTS AND VERSIONS:\n \n AIX 7.1, 7.2\n VIOS 2.2, 3.1\n\n The following fileset levels are vulnerable:\n \n key_fileset = aix\n\n Fileset Lower Level Upper Level KEY \n ---------------------------------------------------------\n bos.net.tcp.server 6.1.9.0 6.1.9.401 key_w_fs\n bos.net.tcp.server 7.1.5.0 7.1.5.32 key_w_fs\n bos.net.tcp.tcpdump 7.2.2.0 7.2.2.17 key_w_fs\n bos.net.tcp.tcpdump 7.2.3.0 7.2.3.16 key_w_fs\n bos.net.tcp.tcpdump 7.2.4.0 7.2.4.0 key_w_fs\n \n To find out whether the affected filesets are installed \n on your systems, refer to the lslpp command found in AIX user's guide.\n\n Example: lslpp -L | grep -i bos.net.tcp.server\n\n\n REMEDIATION:\n\n A. APARS\n \n IBM has assigned the following APARs to this problem:\n\n AIX Level APAR Availability SP KEY\n -----------------------------------------------------\n 7.1.5 IJ20783 ** SP06-2015 key_w_apar\n 7.2.2 IJ20784 ** SP06-2016 key_w_apar\n 7.2.3 IJ20785 ** SP05-2016 key_w_apar\n 7.2.4 IJ20786 ** SP02-2015 key_w_apar\n\n VIOS Level APAR Availability SP KEY\n ----------------------------------------------------\n 2.2.6 IJ20781 ** 2.2.6.60 key_w_apar\n 3.1.0 IJ20785 ** 3.1.0.40 key_w_apar\n 3.1.1 IJ20786 ** 3.1.1.20 key_w_apar\n\n Subscribe to the APARs here:\n\n http://www.ibm.com/support/docview.wss?uid=isg1IJ20781\n http://www.ibm.com/support/docview.wss?uid=isg1IJ20783\n http://www.ibm.com/support/docview.wss?uid=isg1IJ20784\n http://www.ibm.com/support/docview.wss?uid=isg1IJ20785\n http://www.ibm.com/support/docview.wss?uid=isg1IJ20786\n\n https://www.ibm.com/support/docview.wss?uid=isg1IJ20781\n https://www.ibm.com/support/docview.wss?uid=isg1IJ20783\n https://www.ibm.com/support/docview.wss?uid=isg1IJ20784\n https://www.ibm.com/support/docview.wss?uid=isg1IJ20785\n https://www.ibm.com/support/docview.wss?uid=isg1IJ20786\n\n By subscribing, you will receive periodic email alerting you\n to the status of the APAR, and a link to download the fix once\n it becomes available.\n\n B. FIXES\n\n AIX and VIOS fixes are available.\n\n The AIX and VIOS fixes can be downloaded via ftp or http from:\n\n ftp://aix.software.ibm.com/aix/efixes/security/tcpdump_fix5.tar\n http://aix.software.ibm.com/aix/efixes/security/tcpdump_fix5.tar\n https://aix.software.ibm.com/aix/efixes/security/tcpdump_fix5.tar \n\n The link above is to a tar file containing this signed\n advisory, fix packages, and OpenSSL signatures for each package.\n The fixes below include prerequisite checking. This will\n enforce the correct mapping between the fixes and AIX\n Technology Levels.\n\n AIX Level Interim Fix (*.Z) KEY\n ----------------------------------------------\n 7.1.5.3 IJ20783s3a.191118.epkg.Z key_w_fix\n 7.1.5.4 IJ20783s4a.191118.epkg.Z key_w_fix\n 7.1.5.5 IJ20783s5a.191115.epkg.Z key_w_fix\n 7.2.2.2 IJ20784s2a.191118.epkg.Z key_w_fix\n 7.2.2.3 IJ20784s3a.191118.epkg.Z key_w_fix\n 7.2.2.4 IJ20784s4a.191115.epkg.Z key_w_fix\n 7.2.3.1 IJ20785s1a.191120.epkg.Z key_w_fix\n 7.2.3.2 IJ20785s2a.191119.epkg.Z key_w_fix\n 7.2.3.3 IJ20785s3a.191115.epkg.Z key_w_fix\n 7.2.3.4 IJ20785s3a.191115.epkg.Z key_w_fix\n 7.2.4.0 IJ20786s1a.191120.epkg.Z key_w_fix\n 7.2.4.1 IJ20786s1a.191120.epkg.Z key_w_fix\n \n Please note that the above table refers to AIX TL/SP level as\n opposed to fileset level, i.e., 7.2.2.3 is AIX 7200-02-03.\n\n Please reference the Affected Products and Version section above\n for help with checking installed fileset levels.\n\n VIOS Level Interim Fix (*.Z) KEY\n -----------------------------------------------\n 2.2.6.31 IJ20781sCc.191121.epkg.Z key_w_fix\n 2.2.6.32 IJ20781sCd.191121.epkg.Z key_w_fix\n 2.2.6.40 IJ20781sDa.191121.epkg.Z key_w_fix\n 2.2.6.41 IJ20781sDb.191121.epkg.Z key_w_fix\n 2.2.6.50 IJ20781sEa.191121.epkg.Z key_w_fix\n 3.1.0.0 IJ20785s2a.191119.epkg.Z key_w_fix\n 3.1.0.10 IJ20785s2a.191119.epkg.Z key_w_fix\n 3.1.0.20 IJ20785s3a.191115.epkg.Z key_w_fix\n 3.1.0.30 IJ20785s3a.191115.epkg.Z key_w_fix\n 3.1.1.0 IJ20786s1a.191120.epkg.Z key_w_fix\n 3.1.1.10 IJ20786s1a.191120.epkg.Z key_w_fix\n\n To extract the fixes from the tar file:\n\n tar xvf tcpdump_fix5.tar\n cd tcpdump_fix5\n\n Verify you have retrieved the fixes intact:\n\n The checksums below were generated using the\n \"openssl dgst -sha256 [filename]\" command as the following:\n\n openssl dgst -sha256 filename KEY\n -----------------------------------------------------------------------------------------------------\n e8fc68fe0311cd3fe84b29b0a9eda6144d0ddd01f4e4c6326c5d55712a338b88 IJ20781sCc.191121.epkg.Z key_w_csum\n e4da84993d82493efa11b788b31d06fcdddd52fd9b54ec5b9d290a85f1de916c IJ20781sCd.191121.epkg.Z key_w_csum\n 677a27573e419c6060ea0338c37e2bae9989b91fabb5250c8dd8c9145332b016 IJ20781sDa.191121.epkg.Z key_w_csum\n 0a3fac5dd8eea545edd5de813cdcaaedaca88cbf5b1fcd1941271540c3c7424a IJ20781sDb.191121.epkg.Z key_w_csum\n 2970c0240a28f249431988fd9d4b6f37698c132db83174340d1aa5fe496a2ae0 IJ20781sEa.191121.epkg.Z key_w_csum\n 71ef56bd120efb3e8cb0ebda33eed1600a38d3f5b65325b68de1b861d7f3b113 IJ20783s3a.191118.epkg.Z key_w_csum\n 1c86e9cc304c2a7a833dbd92eaf11eb7f575047b27dfe2cca59c52ee7d43d39a IJ20783s4a.191118.epkg.Z key_w_csum\n fdd81d76ffdb700959bb77a2419c7a979a86f0c1eed8a21b7d6a4a3b2ceb885b IJ20783s5a.191115.epkg.Z key_w_csum\n 731c8b73993d94ca74bee8f7fbde9a79cc7e42db87a60aa0c9a9a49b18273382 IJ20784s2a.191118.epkg.Z key_w_csum\n 7c4c366ab91a5a7c1f4ad4fe96fba7bad90accfaa585a1fcdb55fb891bf52345 IJ20784s3a.191118.epkg.Z key_w_csum\n fdcbe85e363e5617abdfb0a0ac4a9bbb5501d133c0eaac72d8a52c6cbf1c6dbe IJ20784s4a.191115.epkg.Z key_w_csum\n 278cf7ac32a11322166d641d49ccf584d17dda5d6b507629fcd69bcf61d72b64 IJ20785s1a.191120.epkg.Z key_w_csum\n 1346d26230f9725a459b46368108489bfbc3a73d4e71e3b14ca9922e995e9b39 IJ20785s2a.191119.epkg.Z key_w_csum\n 51c6fca2564d8bdd4476cc465c2fd22019fb66a87db490a306c17cd4cdd38384 IJ20785s3a.191115.epkg.Z key_w_csum\n 20651d1763eed7a3fe4eb83f5ff0428f5f49cc7be1d2de1b6489a39ab2b5daa9 IJ20786s1a.191120.epkg.Z key_w_csum\n\n\n These sums should match exactly. The OpenSSL signatures in the tar\n file and on this advisory can also be used to verify the\n integrity of the fixes. If the sums or signatures cannot be\n confirmed, contact IBM Support at\n http://ibm.com/support/ and describe the discrepancy. \n \n openssl dgst -sha1 -verify [pubkey_file] -signature [advisory_file].sig [advisory_file]\n \n openssl dgst -sha1 -verify [pubkey_file] -signature [ifix_file].sig [ifix_file]\n\n Published advisory OpenSSL signature file location:\n \n http://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory5.asc.sig\n https://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory5.asc.sig\n ftp://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory5.asc.sig \n\n C. FIX AND INTERIM FIX INSTALLATION\n\n If possible, it is recommended that a mksysb backup of the system \n be created. Verify it is both bootable and readable before\n proceeding.\n\n To preview a fix installation:\n\n installp -a -d fix_name -p all # where fix_name is the name of the\n # fix package being previewed.\n To install a fix package:\n\n installp -a -d fix_name -X all # where fix_name is the name of the\n # fix package being installed.\n\n Interim fixes have had limited functional and regression\n testing but not the full regression testing that takes place\n for Service Packs; however, IBM does fully support them.\n\n Interim fix management documentation can be found at:\n\n http://www14.software.ibm.com/webapp/set2/sas/f/aix.efixmgmt/home.html\n\n To preview an interim fix installation:\n\n emgr -e ipkg_name -p # where ipkg_name is the name of the\n # interim fix package being previewed.\n\n To install an interim fix package:\n\n emgr -e ipkg_name -X # where ipkg_name is the name of the\n # interim fix package being installed.\n\n WORKAROUNDS AND MITIGATIONS:\n\n None.\n\n\n===============================================================================\n\nCONTACT US:\n\n Note: Keywords labeled as KEY in this document are used for parsing\n purposes.\n\n If you would like to receive AIX Security Advisories via email,\n please visit \"My Notifications\":\n\n http://www.ibm.com/support/mynotifications\n\n To view previously issued advisories, please visit:\n\n http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n \n Contact IBM Support for questions related to this announcement:\n\n http://ibm.com/support/\n https://ibm.com/support/\n\n To obtain the OpenSSL public key that can be used to verify the\n signed advisories and ifixes:\n\n Download the key from our web page:\n\n ftp://ftp.software.ibm.com/systems/power/AIX/systems_p_os_aix_security_pubkey.txt\n\n Please contact your local IBM AIX support center for any\n assistance.\n\n\nREFERENCES:\n \n Complete CVSS v3 Guide: http://www.first.org/cvss/user-guide\n On-line Calculator v3:\n http://www.first.org/cvss/calculator/3.0\n\n\nRELATED INFORMATION:\n\n IBM Secure Engineering Web Portal\n http://www.ibm.com/security/secure-engineering/bulletins.html\n\n IBM Product Security Incident Response Blog\n https://www.ibm.com/blogs/psirt/\n\n Security Bulletin: Vulnerability in tcpdump affects AIX\n https://www.ibm.com/support/pages/node/1169974\n\n\nACKNOWLEDGEMENTS:\n\n None.\n\n\nCHANGE HISTORY:\n\n First Issued: Wed Jan 8 12:57:55 CST 2020\n\n\n===============================================================================\n\n*The CVSS Environment Score is customer environment specific and will \nultimately impact the Overall CVSS Score. Customers can evaluate the impact \nof this vulnerability in their environments by accessing the links in the \nReference section of this Security Bulletin. \n\nDisclaimer\nAccording to the Forum of Incident Response and Security Teams (FIRST), the \nCommon Vulnerability Scoring System (CVSS) is an \"industry open standard \ndesigned to convey vulnerability severity and help to determine urgency and \npriority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY \nOF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS \nFOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT \nOF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n\n", "edition": 6, "modified": "2020-01-08T12:57:55", "published": "2020-01-08T12:57:55", "id": "TCPDUMP_ADVISORY5.ASC", "href": "https://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory5.asc", "title": "There is a vulnerability in tcpdump that affects AIX.,There is a vulnerability in tcpdump that affects VIOS.", "type": "aix", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-01T01:15:32", "description": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14467\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14467 The BGP\nparser in tcpdump before 4.9.3 has a buffer over-read in\nprint-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP). The VRRP parser\nin tcpdump before 4.9.3 has a buffer over-read in\nprint-vrrp.c:vrrp_print(). The LMP parser in tcpdump before 4.9.3 has\na buffer over-read in print-lmp.c:lmp_print_data_link_subobjs(). The\nBabel parser in tcpdump before 4.9.3 has a buffer over-read in\nprint-babel.c:babel_print_v2(). tcpdump before 4.9.3 mishandles the\nprinting of SMB data (issue 2 of 2). The LDP parser in tcpdump before\n4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print(). tcpdump\nbefore 4.9.3 mishandles the printing of SMB data (issue 1 of 2).\nTcpdump is vulnerable to a buffer overflow, caused by improper bounds\nchecking by the lmp_print_data_link_subobjs function in print-lmp.c.\nBy sending specially-crafted data, a remote attacker could overflow a\nbuffer and cause the application to crash. The Rx parser in tcpdump\nbefore 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and\nrx_cache_insert(). The IKEv1 parser in tcpdump before 4.9.3 has a\nbuffer over-read in print-isakmp.c:ikev1_n_print(). The FRF.16 parser\nin tcpdump before 4.9.3 has a buffer over-read in\nprint-fr.c:mfr_print(). The BGP parser in tcpdump before 4.9.3 has a\nbuffer over-read in print-bgp.c:bgp_capabilities_print()\n(BGP_CAPCODE_RESTART). The ICMP parser in tcpdump before 4.9.3 has a\nbuffer over-read in print-icmp.c:icmp_print(). The OSPFv3 parser in\ntcpdump before 4.9.3 has a buffer over-read in\nprint-ospf6.c:ospf6_print_lshdr(). The RSVP parser in tcpdump before\n4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print(). The SMB\nparser in tcpdump before 4.9.3 has buffer over-reads in\nprint-smb.c:print_trans() for \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN. The\nSMB parser in tcpdump before 4.9.3 has stack exhaustion in\nsmbutil.c:smb_fdata() via recursion. The BGP parser in tcpdump before\n4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print()\n(MP_REACH_NLRI). lmp_print_data_link_subobjs() in print-lmp.c in\ntcpdump before 4.9.3 lacks certain bounds checks. The command-line\nargument parser in tcpdump before 4.9.3 has a buffer overflow in\ntcpdump.c:get_next_file(). The HNCP parser in tcpdump before 4.9.3 has\na buffer over-read in print-hncp.c:print_prefix(). The DCCP parser in\ntcpdump before 4.9.3 has a buffer over-read in\nprint-dccp.c:dccp_print_option(). The IEEE 802.11 parser in tcpdump\nbefore 4.9.3 has a buffer over-read in print-802_11.c for the Mesh\nFlags subfield. The BGP parser in tcpdump before 4.9.3 allows stack\nconsumption in print-bgp.c:bgp_attr_print() because of unlimited\nrecursion. The ICMPv6 parser in tcpdump before 4.9.3 has a buffer\nover-read in print-icmp6.c. tcpdump before 4.9.3 has a heap-based\nbuffer over-read related to aoe_print in print-aoe.c and lookup_emem\nin addrtoname.c.", "edition": 14, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-01-09T00:00:00", "title": "AIX 7.2 TL 4 : tcpdump (IJ20786)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16300", "CVE-2018-14463", "CVE-2018-14469", "CVE-2018-10103", "CVE-2018-14467", "CVE-2018-10105", "CVE-2018-16229", "CVE-2018-16452", "CVE-2018-14466", "CVE-2018-14470", "CVE-2018-14880", "CVE-2018-14882", "CVE-2017-16808", "CVE-2018-14879", "CVE-2018-16451", "CVE-2018-16227", "CVE-2018-14468", "CVE-2018-16228", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-16230", "CVE-2018-14465", "CVE-2019-15166", "CVE-2018-14464", "CVE-2019-15167", "CVE-2018-14881"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:ibm:aix:7.2"], "id": "AIX_IJ20786.NASL", "href": "https://www.tenable.com/plugins/nessus/132733", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory tcpdump_advisory5.asc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132733);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/13\");\n\n script_cve_id(\"CVE-2017-16808\", \"CVE-2018-10103\", \"CVE-2018-10105\", \"CVE-2018-14461\", \"CVE-2018-14462\", \"CVE-2018-14463\", \"CVE-2018-14464\", \"CVE-2018-14465\", \"CVE-2018-14466\", \"CVE-2018-14467\", \"CVE-2018-14468\", \"CVE-2018-14469\", \"CVE-2018-14470\", \"CVE-2018-14879\", \"CVE-2018-14880\", \"CVE-2018-14881\", \"CVE-2018-14882\", \"CVE-2018-16227\", \"CVE-2018-16228\", \"CVE-2018-16229\", \"CVE-2018-16230\", \"CVE-2018-16300\", \"CVE-2018-16451\", \"CVE-2018-16452\", \"CVE-2019-15166\", \"CVE-2019-15167\");\n\n script_name(english:\"AIX 7.2 TL 4 : tcpdump (IJ20786)\");\n script_summary(english:\"Check for APAR IJ20786\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote AIX host is missing a security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14467\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14467 The BGP\nparser in tcpdump before 4.9.3 has a buffer over-read in\nprint-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP). The VRRP parser\nin tcpdump before 4.9.3 has a buffer over-read in\nprint-vrrp.c:vrrp_print(). The LMP parser in tcpdump before 4.9.3 has\na buffer over-read in print-lmp.c:lmp_print_data_link_subobjs(). The\nBabel parser in tcpdump before 4.9.3 has a buffer over-read in\nprint-babel.c:babel_print_v2(). tcpdump before 4.9.3 mishandles the\nprinting of SMB data (issue 2 of 2). The LDP parser in tcpdump before\n4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print(). tcpdump\nbefore 4.9.3 mishandles the printing of SMB data (issue 1 of 2).\nTcpdump is vulnerable to a buffer overflow, caused by improper bounds\nchecking by the lmp_print_data_link_subobjs function in print-lmp.c.\nBy sending specially-crafted data, a remote attacker could overflow a\nbuffer and cause the application to crash. The Rx parser in tcpdump\nbefore 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and\nrx_cache_insert(). The IKEv1 parser in tcpdump before 4.9.3 has a\nbuffer over-read in print-isakmp.c:ikev1_n_print(). The FRF.16 parser\nin tcpdump before 4.9.3 has a buffer over-read in\nprint-fr.c:mfr_print(). The BGP parser in tcpdump before 4.9.3 has a\nbuffer over-read in print-bgp.c:bgp_capabilities_print()\n(BGP_CAPCODE_RESTART). The ICMP parser in tcpdump before 4.9.3 has a\nbuffer over-read in print-icmp.c:icmp_print(). The OSPFv3 parser in\ntcpdump before 4.9.3 has a buffer over-read in\nprint-ospf6.c:ospf6_print_lshdr(). The RSVP parser in tcpdump before\n4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print(). The SMB\nparser in tcpdump before 4.9.3 has buffer over-reads in\nprint-smb.c:print_trans() for \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN. The\nSMB parser in tcpdump before 4.9.3 has stack exhaustion in\nsmbutil.c:smb_fdata() via recursion. The BGP parser in tcpdump before\n4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print()\n(MP_REACH_NLRI). lmp_print_data_link_subobjs() in print-lmp.c in\ntcpdump before 4.9.3 lacks certain bounds checks. The command-line\nargument parser in tcpdump before 4.9.3 has a buffer overflow in\ntcpdump.c:get_next_file(). The HNCP parser in tcpdump before 4.9.3 has\na buffer over-read in print-hncp.c:print_prefix(). The DCCP parser in\ntcpdump before 4.9.3 has a buffer over-read in\nprint-dccp.c:dccp_print_option(). The IEEE 802.11 parser in tcpdump\nbefore 4.9.3 has a buffer over-read in print-802_11.c for the Mesh\nFlags subfield. The BGP parser in tcpdump before 4.9.3 allows stack\nconsumption in print-bgp.c:bgp_attr_print() because of unlimited\nrecursion. The ICMPv6 parser in tcpdump before 4.9.3 has a buffer\nover-read in print-icmp6.c. tcpdump before 4.9.3 has a heap-based\nbuffer over-read related to aoe_print in print-aoe.c and lookup_emem\nin addrtoname.c.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory5.asc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the appropriate interim fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:7.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"7.2\", ml:\"04\", sp:\"00\", patch:\"IJ20786s1a\", package:\"bos.net.tcp.tcpdump\", minfilesetver:\"7.2.4.0\", maxfilesetver:\"7.2.4.0\") < 0) flag++;\nif (aix_check_ifix(release:\"7.2\", ml:\"04\", sp:\"01\", patch:\"IJ20786s1a\", package:\"bos.net.tcp.tcpdump\", minfilesetver:\"7.2.4.0\", maxfilesetver:\"7.2.4.0\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:aix_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T01:15:32", "description": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14467\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14467 The BGP\nparser in tcpdump before 4.9.3 has a buffer over-read in\nprint-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP). The VRRP parser\nin tcpdump before 4.9.3 has a buffer over-read in\nprint-vrrp.c:vrrp_print(). The LMP parser in tcpdump before 4.9.3 has\na buffer over-read in print-lmp.c:lmp_print_data_link_subobjs(). The\nBabel parser in tcpdump before 4.9.3 has a buffer over-read in\nprint-babel.c:babel_print_v2(). tcpdump before 4.9.3 mishandles the\nprinting of SMB data (issue 2 of 2). The LDP parser in tcpdump before\n4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print(). tcpdump\nbefore 4.9.3 mishandles the printing of SMB data (issue 1 of 2).\nTcpdump is vulnerable to a buffer overflow, caused by improper bounds\nchecking by the lmp_print_data_link_subobjs function in print-lmp.c.\nBy sending specially-crafted data, a remote attacker could overflow a\nbuffer and cause the application to crash. The Rx parser in tcpdump\nbefore 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and\nrx_cache_insert(). The IKEv1 parser in tcpdump before 4.9.3 has a\nbuffer over-read in print-isakmp.c:ikev1_n_print(). The FRF.16 parser\nin tcpdump before 4.9.3 has a buffer over-read in\nprint-fr.c:mfr_print(). The BGP parser in tcpdump before 4.9.3 has a\nbuffer over-read in print-bgp.c:bgp_capabilities_print()\n(BGP_CAPCODE_RESTART). The ICMP parser in tcpdump before 4.9.3 has a\nbuffer over-read in print-icmp.c:icmp_print(). The OSPFv3 parser in\ntcpdump before 4.9.3 has a buffer over-read in\nprint-ospf6.c:ospf6_print_lshdr(). The RSVP parser in tcpdump before\n4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print(). The SMB\nparser in tcpdump before 4.9.3 has buffer over-reads in\nprint-smb.c:print_trans() for \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN. The\nSMB parser in tcpdump before 4.9.3 has stack exhaustion in\nsmbutil.c:smb_fdata() via recursion. The BGP parser in tcpdump before\n4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print()\n(MP_REACH_NLRI). lmp_print_data_link_subobjs() in print-lmp.c in\ntcpdump before 4.9.3 lacks certain bounds checks. The command-line\nargument parser in tcpdump before 4.9.3 has a buffer overflow in\ntcpdump.c:get_next_file(). The HNCP parser in tcpdump before 4.9.3 has\na buffer over-read in print-hncp.c:print_prefix(). The DCCP parser in\ntcpdump before 4.9.3 has a buffer over-read in\nprint-dccp.c:dccp_print_option(). The IEEE 802.11 parser in tcpdump\nbefore 4.9.3 has a buffer over-read in print-802_11.c for the Mesh\nFlags subfield. The BGP parser in tcpdump before 4.9.3 allows stack\nconsumption in print-bgp.c:bgp_attr_print() because of unlimited\nrecursion. The ICMPv6 parser in tcpdump before 4.9.3 has a buffer\nover-read in print-icmp6.c. tcpdump before 4.9.3 has a heap-based\nbuffer over-read related to aoe_print in print-aoe.c and lookup_emem\nin addrtoname.c.", "edition": 14, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-01-09T00:00:00", "title": "AIX 7.2 TL 2 : tcpdump (IJ20784)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16300", "CVE-2018-14463", "CVE-2018-14469", "CVE-2018-10103", "CVE-2018-14467", "CVE-2018-10105", "CVE-2018-16229", "CVE-2018-16452", "CVE-2018-14466", "CVE-2018-14470", "CVE-2018-14880", "CVE-2018-14882", "CVE-2017-16808", "CVE-2018-14879", "CVE-2018-16451", "CVE-2018-16227", "CVE-2018-14468", "CVE-2018-16228", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-16230", "CVE-2018-14465", "CVE-2019-15166", "CVE-2018-14464", "CVE-2019-15167", "CVE-2018-14881"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:ibm:aix:7.2"], "id": "AIX_IJ20784.NASL", "href": "https://www.tenable.com/plugins/nessus/132731", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory tcpdump_advisory5.asc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132731);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/13\");\n\n script_cve_id(\"CVE-2017-16808\", \"CVE-2018-10103\", \"CVE-2018-10105\", \"CVE-2018-14461\", \"CVE-2018-14462\", \"CVE-2018-14463\", \"CVE-2018-14464\", \"CVE-2018-14465\", \"CVE-2018-14466\", \"CVE-2018-14467\", \"CVE-2018-14468\", \"CVE-2018-14469\", \"CVE-2018-14470\", \"CVE-2018-14879\", \"CVE-2018-14880\", \"CVE-2018-14881\", \"CVE-2018-14882\", \"CVE-2018-16227\", \"CVE-2018-16228\", \"CVE-2018-16229\", \"CVE-2018-16230\", \"CVE-2018-16300\", \"CVE-2018-16451\", \"CVE-2018-16452\", \"CVE-2019-15166\", \"CVE-2019-15167\");\n\n script_name(english:\"AIX 7.2 TL 2 : tcpdump (IJ20784)\");\n script_summary(english:\"Check for APAR IJ20784\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote AIX host is missing a security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14467\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14467 The BGP\nparser in tcpdump before 4.9.3 has a buffer over-read in\nprint-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP). The VRRP parser\nin tcpdump before 4.9.3 has a buffer over-read in\nprint-vrrp.c:vrrp_print(). The LMP parser in tcpdump before 4.9.3 has\na buffer over-read in print-lmp.c:lmp_print_data_link_subobjs(). The\nBabel parser in tcpdump before 4.9.3 has a buffer over-read in\nprint-babel.c:babel_print_v2(). tcpdump before 4.9.3 mishandles the\nprinting of SMB data (issue 2 of 2). The LDP parser in tcpdump before\n4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print(). tcpdump\nbefore 4.9.3 mishandles the printing of SMB data (issue 1 of 2).\nTcpdump is vulnerable to a buffer overflow, caused by improper bounds\nchecking by the lmp_print_data_link_subobjs function in print-lmp.c.\nBy sending specially-crafted data, a remote attacker could overflow a\nbuffer and cause the application to crash. The Rx parser in tcpdump\nbefore 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and\nrx_cache_insert(). The IKEv1 parser in tcpdump before 4.9.3 has a\nbuffer over-read in print-isakmp.c:ikev1_n_print(). The FRF.16 parser\nin tcpdump before 4.9.3 has a buffer over-read in\nprint-fr.c:mfr_print(). The BGP parser in tcpdump before 4.9.3 has a\nbuffer over-read in print-bgp.c:bgp_capabilities_print()\n(BGP_CAPCODE_RESTART). The ICMP parser in tcpdump before 4.9.3 has a\nbuffer over-read in print-icmp.c:icmp_print(). The OSPFv3 parser in\ntcpdump before 4.9.3 has a buffer over-read in\nprint-ospf6.c:ospf6_print_lshdr(). The RSVP parser in tcpdump before\n4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print(). The SMB\nparser in tcpdump before 4.9.3 has buffer over-reads in\nprint-smb.c:print_trans() for \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN. The\nSMB parser in tcpdump before 4.9.3 has stack exhaustion in\nsmbutil.c:smb_fdata() via recursion. The BGP parser in tcpdump before\n4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print()\n(MP_REACH_NLRI). lmp_print_data_link_subobjs() in print-lmp.c in\ntcpdump before 4.9.3 lacks certain bounds checks. The command-line\nargument parser in tcpdump before 4.9.3 has a buffer overflow in\ntcpdump.c:get_next_file(). The HNCP parser in tcpdump before 4.9.3 has\na buffer over-read in print-hncp.c:print_prefix(). The DCCP parser in\ntcpdump before 4.9.3 has a buffer over-read in\nprint-dccp.c:dccp_print_option(). The IEEE 802.11 parser in tcpdump\nbefore 4.9.3 has a buffer over-read in print-802_11.c for the Mesh\nFlags subfield. The BGP parser in tcpdump before 4.9.3 allows stack\nconsumption in print-bgp.c:bgp_attr_print() because of unlimited\nrecursion. The ICMPv6 parser in tcpdump before 4.9.3 has a buffer\nover-read in print-icmp6.c. tcpdump before 4.9.3 has a heap-based\nbuffer over-read related to aoe_print in print-aoe.c and lookup_emem\nin addrtoname.c.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory5.asc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the appropriate interim fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:7.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"7.2\", ml:\"02\", sp:\"02\", patch:\"IJ20784s2a\", package:\"bos.net.tcp.tcpdump\", minfilesetver:\"7.2.2.0\", maxfilesetver:\"7.2.2.17\") < 0) flag++;\nif (aix_check_ifix(release:\"7.2\", ml:\"02\", sp:\"03\", patch:\"IJ20784s3a\", package:\"bos.net.tcp.tcpdump\", minfilesetver:\"7.2.2.0\", maxfilesetver:\"7.2.2.17\") < 0) flag++;\nif (aix_check_ifix(release:\"7.2\", ml:\"02\", sp:\"04\", patch:\"IJ20784s4a\", package:\"bos.net.tcp.tcpdump\", minfilesetver:\"7.2.2.0\", maxfilesetver:\"7.2.2.17\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:aix_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-13T00:56:27", "description": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14467\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14467 The BGP\nparser in tcpdump before 4.9.3 has a buffer over-read in\nprint-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP). The VRRP parser\nin tcpdump before 4.9.3 has a buffer over-read in\nprint-vrrp.c:vrrp_print(). The LMP parser in tcpdump before 4.9.3 has\na buffer over-read in print-lmp.c:lmp_print_data_link_subobjs(). The\nBabel parser in tcpdump before 4.9.3 has a buffer over-read in\nprint-babel.c:babel_print_v2(). tcpdump before 4.9.3 mishandles the\nprinting of SMB data (issue 2 of 2). The LDP parser in tcpdump before\n4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print(). tcpdump\nbefore 4.9.3 mishandles the printing of SMB data (issue 1 of 2).\nTcpdump is vulnerable to a buffer overflow, caused by improper bounds\nchecking by the lmp_print_data_link_subobjs function in print-lmp.c.\nBy sending specially-crafted data, a remote attacker could overflow a\nbuffer and cause the application to crash. The Rx parser in tcpdump\nbefore 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and\nrx_cache_insert(). The IKEv1 parser in tcpdump before 4.9.3 has a\nbuffer over-read in print-isakmp.c:ikev1_n_print(). The FRF.16 parser\nin tcpdump before 4.9.3 has a buffer over-read in\nprint-fr.c:mfr_print(). The BGP parser in tcpdump before 4.9.3 has a\nbuffer over-read in print-bgp.c:bgp_capabilities_print()\n(BGP_CAPCODE_RESTART). The ICMP parser in tcpdump before 4.9.3 has a\nbuffer over-read in print-icmp.c:icmp_print(). The OSPFv3 parser in\ntcpdump before 4.9.3 has a buffer over-read in\nprint-ospf6.c:ospf6_print_lshdr(). The RSVP parser in tcpdump before\n4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print(). The SMB\nparser in tcpdump before 4.9.3 has buffer over-reads in\nprint-smb.c:print_trans() for \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN. The\nSMB parser in tcpdump before 4.9.3 has stack exhaustion in\nsmbutil.c:smb_fdata() via recursion. The BGP parser in tcpdump before\n4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print()\n(MP_REACH_NLRI). lmp_print_data_link_subobjs() in print-lmp.c in\ntcpdump before 4.9.3 lacks certain bounds checks. The command-line\nargument parser in tcpdump before 4.9.3 has a buffer overflow in\ntcpdump.c:get_next_file(). The HNCP parser in tcpdump before 4.9.3 has\na buffer over-read in print-hncp.c:print_prefix(). The DCCP parser in\ntcpdump before 4.9.3 has a buffer over-read in\nprint-dccp.c:dccp_print_option(). The IEEE 802.11 parser in tcpdump\nbefore 4.9.3 has a buffer over-read in print-802_11.c for the Mesh\nFlags subfield. The BGP parser in tcpdump before 4.9.3 allows stack\nconsumption in print-bgp.c:bgp_attr_print() because of unlimited\nrecursion. The ICMPv6 parser in tcpdump before 4.9.3 has a buffer\nover-read in print-icmp6.c. tcpdump before 4.9.3 has a heap-based\nbuffer over-read related to aoe_print in print-aoe.c and lookup_emem\nin addrtoname.c.", "edition": 8, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-01-09T00:00:00", "title": "AIX 7.2 TL 3 : tcpdump (IJ20785)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16300", "CVE-2018-14463", "CVE-2018-14469", "CVE-2018-10103", "CVE-2018-14467", "CVE-2018-10105", "CVE-2018-16229", "CVE-2018-16452", "CVE-2018-14466", "CVE-2018-14470", "CVE-2018-14880", "CVE-2018-14882", "CVE-2017-16808", "CVE-2018-14879", "CVE-2018-16451", "CVE-2018-16227", "CVE-2018-14468", "CVE-2018-16228", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-16230", "CVE-2018-14465", "CVE-2019-15166", "CVE-2018-14464", "CVE-2019-15167", "CVE-2018-14881"], "modified": "2020-01-09T00:00:00", "cpe": ["cpe:/o:ibm:aix:7.2"], "id": "AIX_IJ20785.NASL", "href": "https://www.tenable.com/plugins/nessus/132732", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory tcpdump_advisory5.asc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132732);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/12\");\n\n script_cve_id(\"CVE-2017-16808\", \"CVE-2018-10103\", \"CVE-2018-10105\", \"CVE-2018-14461\", \"CVE-2018-14462\", \"CVE-2018-14463\", \"CVE-2018-14464\", \"CVE-2018-14465\", \"CVE-2018-14466\", \"CVE-2018-14467\", \"CVE-2018-14468\", \"CVE-2018-14469\", \"CVE-2018-14470\", \"CVE-2018-14879\", \"CVE-2018-14880\", \"CVE-2018-14881\", \"CVE-2018-14882\", \"CVE-2018-16227\", \"CVE-2018-16228\", \"CVE-2018-16229\", \"CVE-2018-16230\", \"CVE-2018-16300\", \"CVE-2018-16451\", \"CVE-2018-16452\", \"CVE-2019-15166\", \"CVE-2019-15167\");\n\n script_name(english:\"AIX 7.2 TL 3 : tcpdump (IJ20785)\");\n script_summary(english:\"Check for APAR IJ20785\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote AIX host is missing a security patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14467\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14467 The BGP\nparser in tcpdump before 4.9.3 has a buffer over-read in\nprint-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP). The VRRP parser\nin tcpdump before 4.9.3 has a buffer over-read in\nprint-vrrp.c:vrrp_print(). The LMP parser in tcpdump before 4.9.3 has\na buffer over-read in print-lmp.c:lmp_print_data_link_subobjs(). The\nBabel parser in tcpdump before 4.9.3 has a buffer over-read in\nprint-babel.c:babel_print_v2(). tcpdump before 4.9.3 mishandles the\nprinting of SMB data (issue 2 of 2). The LDP parser in tcpdump before\n4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print(). tcpdump\nbefore 4.9.3 mishandles the printing of SMB data (issue 1 of 2).\nTcpdump is vulnerable to a buffer overflow, caused by improper bounds\nchecking by the lmp_print_data_link_subobjs function in print-lmp.c.\nBy sending specially-crafted data, a remote attacker could overflow a\nbuffer and cause the application to crash. The Rx parser in tcpdump\nbefore 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and\nrx_cache_insert(). The IKEv1 parser in tcpdump before 4.9.3 has a\nbuffer over-read in print-isakmp.c:ikev1_n_print(). The FRF.16 parser\nin tcpdump before 4.9.3 has a buffer over-read in\nprint-fr.c:mfr_print(). The BGP parser in tcpdump before 4.9.3 has a\nbuffer over-read in print-bgp.c:bgp_capabilities_print()\n(BGP_CAPCODE_RESTART). The ICMP parser in tcpdump before 4.9.3 has a\nbuffer over-read in print-icmp.c:icmp_print(). The OSPFv3 parser in\ntcpdump before 4.9.3 has a buffer over-read in\nprint-ospf6.c:ospf6_print_lshdr(). The RSVP parser in tcpdump before\n4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print(). The SMB\nparser in tcpdump before 4.9.3 has buffer over-reads in\nprint-smb.c:print_trans() for \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN. The\nSMB parser in tcpdump before 4.9.3 has stack exhaustion in\nsmbutil.c:smb_fdata() via recursion. The BGP parser in tcpdump before\n4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print()\n(MP_REACH_NLRI). lmp_print_data_link_subobjs() in print-lmp.c in\ntcpdump before 4.9.3 lacks certain bounds checks. The command-line\nargument parser in tcpdump before 4.9.3 has a buffer overflow in\ntcpdump.c:get_next_file(). The HNCP parser in tcpdump before 4.9.3 has\na buffer over-read in print-hncp.c:print_prefix(). The DCCP parser in\ntcpdump before 4.9.3 has a buffer over-read in\nprint-dccp.c:dccp_print_option(). The IEEE 802.11 parser in tcpdump\nbefore 4.9.3 has a buffer over-read in print-802_11.c for the Mesh\nFlags subfield. The BGP parser in tcpdump before 4.9.3 allows stack\nconsumption in print-bgp.c:bgp_attr_print() because of unlimited\nrecursion. The ICMPv6 parser in tcpdump before 4.9.3 has a buffer\nover-read in print-icmp6.c. tcpdump before 4.9.3 has a heap-based\nbuffer over-read related to aoe_print in print-aoe.c and lookup_emem\nin addrtoname.c.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory5.asc\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Install the appropriate interim fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:7.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"7.2\", ml:\"03\", sp:\"01\", patch:\"IJ20785s1a\", package:\"bos.net.tcp.tcpdump\", minfilesetver:\"7.2.3.0\", maxfilesetver:\"7.2.3.16\") < 0) flag++;\nif (aix_check_ifix(release:\"7.2\", ml:\"03\", sp:\"02\", patch:\"IJ20785s2a\", package:\"bos.net.tcp.tcpdump\", minfilesetver:\"7.2.3.0\", maxfilesetver:\"7.2.3.16\") < 0) flag++;\nif (aix_check_ifix(release:\"7.2\", ml:\"03\", sp:\"03\", patch:\"IJ20785s3a\", package:\"bos.net.tcp.tcpdump\", minfilesetver:\"7.2.3.0\", maxfilesetver:\"7.2.3.16\") < 0) flag++;\nif (aix_check_ifix(release:\"7.2\", ml:\"03\", sp:\"04\", patch:\"IJ20785s3a\", package:\"bos.net.tcp.tcpdump\", minfilesetver:\"7.2.3.0\", maxfilesetver:\"7.2.3.16\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:aix_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-15T05:23:01", "description": "The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nELSA-2020-4760 advisory.\n\n - The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().\n (CVE-2018-14468)\n\n - tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2). (CVE-2018-10105)\n\n - The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print().\n (CVE-2018-14461)\n\n - The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print().\n (CVE-2018-14463)\n\n - The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-\n lmp.c:lmp_print_data_link_subobjs(). (CVE-2018-14464)\n\n - The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().\n (CVE-2018-14465)\n\n - tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2). (CVE-2018-10103)\n\n - The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().\n (CVE-2018-14462)\n\n - The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and\n rx_cache_insert(). (CVE-2018-14466)\n\n - The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in\n tcpdump.c:get_next_file(). (CVE-2018-14879)\n\n - The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags\n subfield. (CVE-2018-16227)\n\n - The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print()\n (BGP_CAPCODE_MP). (CVE-2018-14467)\n\n - The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().\n (CVE-2018-14469)\n\n - The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().\n (CVE-2018-14470)\n\n - The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().\n (CVE-2018-14880)\n\n - The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print()\n (BGP_CAPCODE_RESTART). (CVE-2018-14881)\n\n - The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c. (CVE-2018-14882)\n\n - The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().\n (CVE-2018-16228)\n\n - The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().\n (CVE-2018-16229)\n\n - The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print()\n (MP_REACH_NLRI). (CVE-2018-16230)\n\n - The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of\n unlimited recursion. (CVE-2018-16300)\n\n - The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for\n \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN. (CVE-2018-16451)\n\n - The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion.\n (CVE-2018-16452)\n\n - lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.\n (CVE-2019-15166)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-11-12T00:00:00", "title": "Oracle Linux 8 : tcpdump (ELSA-2020-4760)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16300", "CVE-2018-14463", "CVE-2018-14469", "CVE-2018-10103", "CVE-2018-14467", "CVE-2018-10105", "CVE-2018-16229", "CVE-2018-16452", "CVE-2018-14466", "CVE-2018-14470", "CVE-2018-14880", "CVE-2018-14882", "CVE-2018-14879", "CVE-2018-16451", "CVE-2018-16227", "CVE-2018-14468", "CVE-2018-16228", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-16230", "CVE-2018-14465", "CVE-2019-15166", "CVE-2018-14464", "CVE-2018-14881"], "modified": "2020-11-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:tcpdump", "cpe:/o:oracle:linux:8"], "id": "ORACLELINUX_ELSA-2020-4760.NASL", "href": "https://www.tenable.com/plugins/nessus/142765", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-4760.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142765);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/13\");\n\n script_cve_id(\n \"CVE-2018-10103\",\n \"CVE-2018-10105\",\n \"CVE-2018-14461\",\n \"CVE-2018-14462\",\n \"CVE-2018-14463\",\n \"CVE-2018-14464\",\n \"CVE-2018-14465\",\n \"CVE-2018-14466\",\n \"CVE-2018-14467\",\n \"CVE-2018-14468\",\n \"CVE-2018-14469\",\n \"CVE-2018-14470\",\n \"CVE-2018-14879\",\n \"CVE-2018-14880\",\n \"CVE-2018-14881\",\n \"CVE-2018-14882\",\n \"CVE-2018-16227\",\n \"CVE-2018-16228\",\n \"CVE-2018-16229\",\n \"CVE-2018-16230\",\n \"CVE-2018-16300\",\n \"CVE-2018-16451\",\n \"CVE-2018-16452\",\n \"CVE-2019-15166\"\n );\n\n script_name(english:\"Oracle Linux 8 : tcpdump (ELSA-2020-4760)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nELSA-2020-4760 advisory.\n\n - The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().\n (CVE-2018-14468)\n\n - tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2). (CVE-2018-10105)\n\n - The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print().\n (CVE-2018-14461)\n\n - The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print().\n (CVE-2018-14463)\n\n - The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-\n lmp.c:lmp_print_data_link_subobjs(). (CVE-2018-14464)\n\n - The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().\n (CVE-2018-14465)\n\n - tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2). (CVE-2018-10103)\n\n - The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().\n (CVE-2018-14462)\n\n - The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and\n rx_cache_insert(). (CVE-2018-14466)\n\n - The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in\n tcpdump.c:get_next_file(). (CVE-2018-14879)\n\n - The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags\n subfield. (CVE-2018-16227)\n\n - The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print()\n (BGP_CAPCODE_MP). (CVE-2018-14467)\n\n - The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().\n (CVE-2018-14469)\n\n - The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().\n (CVE-2018-14470)\n\n - The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().\n (CVE-2018-14880)\n\n - The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print()\n (BGP_CAPCODE_RESTART). (CVE-2018-14881)\n\n - The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c. (CVE-2018-14882)\n\n - The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().\n (CVE-2018-16228)\n\n - The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().\n (CVE-2018-16229)\n\n - The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print()\n (MP_REACH_NLRI). (CVE-2018-16230)\n\n - The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of\n unlimited recursion. (CVE-2018-16300)\n\n - The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for\n \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN. (CVE-2018-16451)\n\n - The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion.\n (CVE-2018-16452)\n\n - lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.\n (CVE-2019-15166)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-4760.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected tcpdump package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-10105\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tcpdump\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\npkgs = [\n {'reference':'tcpdump-4.9.3-1.el8', 'cpu':'aarch64', 'release':'8', 'epoch':'14'},\n {'reference':'tcpdump-4.9.3-1.el8', 'cpu':'x86_64', 'release':'8', 'epoch':'14'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'tcpdump');\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T01:08:26", "description": "An update of the tcpdump package has been released.", "edition": 17, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-10-22T00:00:00", "title": "Photon OS 2.0: Tcpdump PHSA-2019-2.0-0182", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16300", "CVE-2018-14463", "CVE-2018-14469", "CVE-2018-10103", "CVE-2018-14467", "CVE-2018-10105", "CVE-2018-16229", "CVE-2018-16452", "CVE-2018-14466", "CVE-2018-14470", "CVE-2018-14880", "CVE-2018-16301", "CVE-2018-14882", "CVE-2018-14879", "CVE-2018-16451", "CVE-2018-16227", "CVE-2018-14468", "CVE-2018-16228", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-16230", "CVE-2018-14465", "CVE-2019-15166", "CVE-2018-14464", "CVE-2018-14881"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:vmware:photonos:2.0", "p-cpe:/a:vmware:photonos:tcpdump"], "id": "PHOTONOS_PHSA-2019-2_0-0182_TCPDUMP.NASL", "href": "https://www.tenable.com/plugins/nessus/130118", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-2.0-0182. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130118);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/17\");\n\n script_cve_id(\n \"CVE-2018-10103\",\n \"CVE-2018-10105\",\n \"CVE-2018-14461\",\n \"CVE-2018-14462\",\n \"CVE-2018-14463\",\n \"CVE-2018-14464\",\n \"CVE-2018-14465\",\n \"CVE-2018-14466\",\n \"CVE-2018-14467\",\n \"CVE-2018-14468\",\n \"CVE-2018-14469\",\n \"CVE-2018-14470\",\n \"CVE-2018-14879\",\n \"CVE-2018-14880\",\n \"CVE-2018-14881\",\n \"CVE-2018-14882\",\n \"CVE-2018-16227\",\n \"CVE-2018-16228\",\n \"CVE-2018-16229\",\n \"CVE-2018-16230\",\n \"CVE-2018-16300\",\n \"CVE-2018-16301\",\n \"CVE-2018-16451\",\n \"CVE-2018-16452\",\n \"CVE-2019-15166\"\n );\n\n script_name(english:\"Photon OS 2.0: Tcpdump PHSA-2019-2.0-0182\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the tcpdump package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-182.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-15166\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"tcpdump-4.9.3-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"tcpdump-debuginfo-4.9.3-1.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tcpdump\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T01:08:39", "description": "An update of the tcpdump package has been released.", "edition": 17, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-10-22T00:00:00", "title": "Photon OS 3.0: Tcpdump PHSA-2019-3.0-0034", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16300", "CVE-2018-14463", "CVE-2018-14469", "CVE-2018-10103", "CVE-2018-14467", "CVE-2018-10105", "CVE-2018-16229", "CVE-2018-16452", "CVE-2018-14466", "CVE-2018-14470", "CVE-2018-14880", "CVE-2018-16301", "CVE-2018-14882", "CVE-2018-14879", "CVE-2018-16451", "CVE-2018-16227", "CVE-2018-14468", "CVE-2018-16228", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-16230", "CVE-2018-14465", "CVE-2019-15166", "CVE-2018-14464", "CVE-2018-14881"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:tcpdump", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2019-3_0-0034_TCPDUMP.NASL", "href": "https://www.tenable.com/plugins/nessus/130122", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-3.0-0034. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130122);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/17\");\n\n script_cve_id(\n \"CVE-2018-10103\",\n \"CVE-2018-10105\",\n \"CVE-2018-14461\",\n \"CVE-2018-14462\",\n \"CVE-2018-14463\",\n \"CVE-2018-14464\",\n \"CVE-2018-14465\",\n \"CVE-2018-14466\",\n \"CVE-2018-14467\",\n \"CVE-2018-14468\",\n \"CVE-2018-14469\",\n \"CVE-2018-14470\",\n \"CVE-2018-14879\",\n \"CVE-2018-14880\",\n \"CVE-2018-14881\",\n \"CVE-2018-14882\",\n \"CVE-2018-16227\",\n \"CVE-2018-16228\",\n \"CVE-2018-16229\",\n \"CVE-2018-16230\",\n \"CVE-2018-16300\",\n \"CVE-2018-16301\",\n \"CVE-2018-16451\",\n \"CVE-2018-16452\",\n \"CVE-2019-15166\"\n );\n\n script_name(english:\"Photon OS 3.0: Tcpdump PHSA-2019-3.0-0034\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the tcpdump package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-0034.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-15166\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 3.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"tcpdump-4.9.3-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"tcpdump-debuginfo-4.9.3-1.ph3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tcpdump\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T09:03:45", "description": "According to the versions of the tcpdump package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - tcpdump before 4.9.3 mishandles the printing of SMB\n data (issue 1 of 2).(CVE-2018-10103)\n\n - tcpdump before 4.9.3 mishandles the printing of SMB\n data (issue 2 of 2).(CVE-2018-10105)\n\n - The FRF.16 parser in tcpdump before 4.9.3 has a buffer\n over-read in print-fr.c:mfr_print().(CVE-2018-14468)\n\n - The ICMPv6 parser in tcpdump before 4.9.3 has a buffer\n over-read in print-icmp6.c.(CVE-2018-14882)\n\n - lmp_print_data_link_subobjs() in print-lmp.c in tcpdump\n before 4.9.3 lacks certain bounds\n checks.(CVE-2019-15166)\n\n - The LDP parser in tcpdump before 4.9.3 has a buffer\n over-read in\n print-ldp.c:ldp_tlv_print().(CVE-2018-14461)\n\n - The ICMP parser in tcpdump before 4.9.3 has a buffer\n over-read in print-icmp.c:icmp_print().(CVE-2018-14462)\n\n - The VRRP parser in tcpdump before 4.9.3 has a buffer\n over-read in print-vrrp.c:vrrp_print().(CVE-2018-14463)\n\n - The LMP parser in tcpdump before 4.9.3 has a buffer\n over-read in\n print-lmp.c:lmp_print_data_link_subobjs().(CVE-2018-144\n 64)\n\n - The RSVP parser in tcpdump before 4.9.3 has a buffer\n over-read in\n print-rsvp.c:rsvp_obj_print().(CVE-2018-14465)\n\n - The Rx parser in tcpdump before 4.9.3 has a buffer\n over-read in print-rx.c:rx_cache_find() and\n rx_cache_insert().(CVE-2018-14466)\n\n - The BGP parser in tcpdump before 4.9.3 has a buffer\n over-read in print-bgp.c:bgp_capabilities_print()\n (BGP_CAPCODE_MP).(CVE-2018-14467)\n\n - The IKEv1 parser in tcpdump before 4.9.3 has a buffer\n over-read in\n print-isakmp.c:ikev1_n_print().(CVE-2018-14469)\n\n - The Babel parser in tcpdump before 4.9.3 has a buffer\n over-read in\n print-babel.c:babel_print_v2().(CVE-2018-14470)\n\n - The command-line argument parser in tcpdump before\n 4.9.3 has a buffer overflow in\n tcpdump.c:get_next_file().(CVE-2018-14879)\n\n - The OSPFv3 parser in tcpdump before 4.9.3 has a buffer\n over-read in\n print-ospf6.c:ospf6_print_lshdr().(CVE-2018-14880)\n\n - The BGP parser in tcpdump before 4.9.3 has a buffer\n over-read in print-bgp.c:bgp_capabilities_print()\n (BGP_CAPCODE_RESTART).(CVE-2018-14881)\n\n - The IEEE 802.11 parser in tcpdump before 4.9.3 has a\n buffer over-read in print-802_11.c for the Mesh Flags\n subfield.(CVE-2018-16227)\n\n - The DCCP parser in tcpdump before 4.9.3 has a buffer\n over-read in\n print-dccp.c:dccp_print_option().(CVE-2018-16229)\n\n - The BGP parser in tcpdump before 4.9.3 has a buffer\n over-read in print-bgp.c:bgp_attr_print()\n (MP_REACH_NLRI).(CVE-2018-16230)\n\n - The BGP parser in tcpdump before 4.9.3 allows stack\n consumption in print-bgp.c:bgp_attr_print() because of\n unlimited recursion.(CVE-2018-16300)\n\n - The SMB parser in tcpdump before 4.9.3 has buffer\n over-reads in print-smb.c:print_trans() for\n \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN.(CVE-2018-16451)\n\n - The SMB parser in tcpdump before 4.9.3 has stack\n exhaustion in smbutil.c:smb_fdata() via\n recursion.(CVE-2018-16452)\n\n - The HNCP parser in tcpdump before 4.9.3 has a buffer\n over-read in\n print-hncp.c:print_prefix().(CVE-2018-16228)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 6, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-04-15T00:00:00", "title": "EulerOS 2.0 SP3 : tcpdump (EulerOS-SA-2020-1437)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16300", "CVE-2018-14463", "CVE-2018-14469", "CVE-2018-10103", "CVE-2018-14467", "CVE-2018-10105", "CVE-2018-16229", "CVE-2018-16452", "CVE-2018-14466", "CVE-2018-14470", "CVE-2018-14880", "CVE-2018-14882", "CVE-2018-14879", "CVE-2018-16451", "CVE-2018-16227", "CVE-2018-14468", "CVE-2018-16228", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-16230", "CVE-2018-14465", "CVE-2019-15166", "CVE-2018-14464", "CVE-2018-14881"], "modified": "2020-04-15T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:tcpdump", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1437.NASL", "href": "https://www.tenable.com/plugins/nessus/135566", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135566);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-10103\",\n \"CVE-2018-10105\",\n \"CVE-2018-14461\",\n \"CVE-2018-14462\",\n \"CVE-2018-14463\",\n \"CVE-2018-14464\",\n \"CVE-2018-14465\",\n \"CVE-2018-14466\",\n \"CVE-2018-14467\",\n \"CVE-2018-14468\",\n \"CVE-2018-14469\",\n \"CVE-2018-14470\",\n \"CVE-2018-14879\",\n \"CVE-2018-14880\",\n \"CVE-2018-14881\",\n \"CVE-2018-14882\",\n \"CVE-2018-16227\",\n \"CVE-2018-16228\",\n \"CVE-2018-16229\",\n \"CVE-2018-16230\",\n \"CVE-2018-16300\",\n \"CVE-2018-16451\",\n \"CVE-2018-16452\",\n \"CVE-2019-15166\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : tcpdump (EulerOS-SA-2020-1437)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the tcpdump package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - tcpdump before 4.9.3 mishandles the printing of SMB\n data (issue 1 of 2).(CVE-2018-10103)\n\n - tcpdump before 4.9.3 mishandles the printing of SMB\n data (issue 2 of 2).(CVE-2018-10105)\n\n - The FRF.16 parser in tcpdump before 4.9.3 has a buffer\n over-read in print-fr.c:mfr_print().(CVE-2018-14468)\n\n - The ICMPv6 parser in tcpdump before 4.9.3 has a buffer\n over-read in print-icmp6.c.(CVE-2018-14882)\n\n - lmp_print_data_link_subobjs() in print-lmp.c in tcpdump\n before 4.9.3 lacks certain bounds\n checks.(CVE-2019-15166)\n\n - The LDP parser in tcpdump before 4.9.3 has a buffer\n over-read in\n print-ldp.c:ldp_tlv_print().(CVE-2018-14461)\n\n - The ICMP parser in tcpdump before 4.9.3 has a buffer\n over-read in print-icmp.c:icmp_print().(CVE-2018-14462)\n\n - The VRRP parser in tcpdump before 4.9.3 has a buffer\n over-read in print-vrrp.c:vrrp_print().(CVE-2018-14463)\n\n - The LMP parser in tcpdump before 4.9.3 has a buffer\n over-read in\n print-lmp.c:lmp_print_data_link_subobjs().(CVE-2018-144\n 64)\n\n - The RSVP parser in tcpdump before 4.9.3 has a buffer\n over-read in\n print-rsvp.c:rsvp_obj_print().(CVE-2018-14465)\n\n - The Rx parser in tcpdump before 4.9.3 has a buffer\n over-read in print-rx.c:rx_cache_find() and\n rx_cache_insert().(CVE-2018-14466)\n\n - The BGP parser in tcpdump before 4.9.3 has a buffer\n over-read in print-bgp.c:bgp_capabilities_print()\n (BGP_CAPCODE_MP).(CVE-2018-14467)\n\n - The IKEv1 parser in tcpdump before 4.9.3 has a buffer\n over-read in\n print-isakmp.c:ikev1_n_print().(CVE-2018-14469)\n\n - The Babel parser in tcpdump before 4.9.3 has a buffer\n over-read in\n print-babel.c:babel_print_v2().(CVE-2018-14470)\n\n - The command-line argument parser in tcpdump before\n 4.9.3 has a buffer overflow in\n tcpdump.c:get_next_file().(CVE-2018-14879)\n\n - The OSPFv3 parser in tcpdump before 4.9.3 has a buffer\n over-read in\n print-ospf6.c:ospf6_print_lshdr().(CVE-2018-14880)\n\n - The BGP parser in tcpdump before 4.9.3 has a buffer\n over-read in print-bgp.c:bgp_capabilities_print()\n (BGP_CAPCODE_RESTART).(CVE-2018-14881)\n\n - The IEEE 802.11 parser in tcpdump before 4.9.3 has a\n buffer over-read in print-802_11.c for the Mesh Flags\n subfield.(CVE-2018-16227)\n\n - The DCCP parser in tcpdump before 4.9.3 has a buffer\n over-read in\n print-dccp.c:dccp_print_option().(CVE-2018-16229)\n\n - The BGP parser in tcpdump before 4.9.3 has a buffer\n over-read in print-bgp.c:bgp_attr_print()\n (MP_REACH_NLRI).(CVE-2018-16230)\n\n - The BGP parser in tcpdump before 4.9.3 allows stack\n consumption in print-bgp.c:bgp_attr_print() because of\n unlimited recursion.(CVE-2018-16300)\n\n - The SMB parser in tcpdump before 4.9.3 has buffer\n over-reads in print-smb.c:print_trans() for\n \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN.(CVE-2018-16451)\n\n - The SMB parser in tcpdump before 4.9.3 has stack\n exhaustion in smbutil.c:smb_fdata() via\n recursion.(CVE-2018-16452)\n\n - The HNCP parser in tcpdump before 4.9.3 has a buffer\n over-read in\n print-hncp.c:print_prefix().(CVE-2018-16228)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1437\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7825f0c3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected tcpdump packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"tcpdump-4.9.0-5.h179\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tcpdump\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T09:41:35", "description": "Several vulnerabilities have been discovered in tcpdump, a\ncommand-line network traffic analyzer. These security vulnerabilities\nmight result in denial of service or, potentially, execution of\narbitrary code.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n4.9.3-1~deb8u1.\n\nWe recommend that you upgrade your tcpdump packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 17, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-10-14T00:00:00", "title": "Debian DLA-1955-1 : tcpdump security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16300", "CVE-2018-14463", "CVE-2018-14469", "CVE-2018-10103", "CVE-2018-14467", "CVE-2018-10105", "CVE-2018-16229", "CVE-2018-16452", "CVE-2018-14466", "CVE-2018-14470", "CVE-2018-14880", "CVE-2018-14882", "CVE-2018-14879", "CVE-2018-16451", "CVE-2018-16227", "CVE-2018-14468", "CVE-2018-16228", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-16230", "CVE-2018-14465", "CVE-2019-15166", "CVE-2018-14464", "CVE-2018-14881"], "modified": "2019-10-14T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:tcpdump"], "id": "DEBIAN_DLA-1955.NASL", "href": "https://www.tenable.com/plugins/nessus/129828", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1955-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129828);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2018-10103\", \"CVE-2018-10105\", \"CVE-2018-14461\", \"CVE-2018-14462\", \"CVE-2018-14463\", \"CVE-2018-14464\", \"CVE-2018-14465\", \"CVE-2018-14466\", \"CVE-2018-14467\", \"CVE-2018-14468\", \"CVE-2018-14469\", \"CVE-2018-14470\", \"CVE-2018-14879\", \"CVE-2018-14880\", \"CVE-2018-14881\", \"CVE-2018-14882\", \"CVE-2018-16227\", \"CVE-2018-16228\", \"CVE-2018-16229\", \"CVE-2018-16230\", \"CVE-2018-16300\", \"CVE-2018-16451\", \"CVE-2018-16452\", \"CVE-2019-15166\");\n\n script_name(english:\"Debian DLA-1955-1 : tcpdump security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in tcpdump, a\ncommand-line network traffic analyzer. These security vulnerabilities\nmight result in denial of service or, potentially, execution of\narbitrary code.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n4.9.3-1~deb8u1.\n\nWe recommend that you upgrade your tcpdump packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/tcpdump\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected tcpdump package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"tcpdump\", reference:\"4.9.3-1~deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-21T06:06:01", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4760 advisory.\n\n - tcpdump: SMB data printing mishandled (CVE-2018-10103, CVE-2018-10105)\n\n - tcpdump: Buffer over-read in ldp_tlv_print() function in print-ldp.c (CVE-2018-14461)\n\n - tcpdump: Buffer over-read in icmp_print() function in print-icmp.c (CVE-2018-14462)\n\n - tcpdump: Buffer over-read in vrrp_print() function in print-vrrp.c (CVE-2018-14463)\n\n - tcpdump: Buffer over-read in lmp_print_data_link_subobjs() function in print-lmp.c (CVE-2018-14464)\n\n - tcpdump: Buffer over-read in rsvp_obj_print() function in print-rsvp.c (CVE-2018-14465)\n\n - tcpdump: Buffer over-read in print-icmp6.c (CVE-2018-14466)\n\n - tcpdump: Buffer over-read in bgp_capabilities_print() in print-bgp.c (CVE-2018-14467)\n\n - tcpdump: Buffer over-read in mfr_print() function in print-fr.c (CVE-2018-14468)\n\n - tcpdump: Buffer over-read in ikev1_n_print() function in print-isakmp.c (CVE-2018-14469)\n\n - tcpdump: Buffer over-read in babel_print_v2() in print-babel.c (CVE-2018-14470)\n\n - tcpdump: Out of bounds read/write in in get_next_file() in tcpdump.c (CVE-2018-14879)\n\n - tcpdump: Buffer over-read in ospf6_print_lshdr() function in print-ospf6.c (CVE-2018-14880)\n\n - tcpdump: Buffer over-read in bgp_capabilities_print() function in print-bgp.c (CVE-2018-14881)\n\n - tcpdump: Buffer over-read in function rpl_dio_printopt in print-icmp6.c (CVE-2018-14882)\n\n - tcpdump: Buffer over-read in print-802_11.c (CVE-2018-16227)\n\n - tcpdump: Access to uninitialized buffer in print_prefix() function in print-hncp.c (CVE-2018-16228)\n\n - tcpdump: Buffer over-read in dccp_print_option() function in print-dccp.c (CVE-2018-16229)\n\n - tcpdump: Buffer over-read in bgp_attr_print() function in print-bgp.c (CVE-2018-16230)\n\n - tcpdump: Resource exhaustion in bgp_attr_print() function in print-bgp.c (CVE-2018-16300)\n\n - tcpdump: Buffer over-read in print_trans() function in print-smb.c (CVE-2018-16451)\n\n - tcpdump: Resource exhaustion in smb_fdata() funtion in smbutil.c (CVE-2018-16452)\n\n - tcpdump: Buffer overflow in lmp_print_data_link_subobjs() in print-lmp.c (CVE-2019-15166)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "edition": 3, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-11-04T00:00:00", "title": "RHEL 8 : tcpdump (RHSA-2020:4760)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16300", "CVE-2018-14463", "CVE-2018-14469", "CVE-2018-10103", "CVE-2018-14467", "CVE-2018-10105", "CVE-2018-16229", "CVE-2018-16452", "CVE-2018-14466", "CVE-2018-14470", "CVE-2018-14880", "CVE-2018-14882", "CVE-2018-14879", "CVE-2018-16451", "CVE-2018-16227", "CVE-2018-14468", "CVE-2018-16228", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-16230", "CVE-2018-14465", "CVE-2019-15166", "CVE-2018-14464", "CVE-2018-14881"], "modified": "2020-11-04T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:tcpdump", "p-cpe:/a:redhat:enterprise_linux:tcpdump-debugsource", "cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/o:redhat:enterprise_linux:8"], "id": "REDHAT-RHSA-2020-4760.NASL", "href": "https://www.tenable.com/plugins/nessus/142444", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:4760. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142444);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/19\");\n\n script_cve_id(\n \"CVE-2018-10103\",\n \"CVE-2018-10105\",\n \"CVE-2018-14461\",\n \"CVE-2018-14462\",\n \"CVE-2018-14463\",\n \"CVE-2018-14464\",\n \"CVE-2018-14465\",\n \"CVE-2018-14466\",\n \"CVE-2018-14467\",\n \"CVE-2018-14468\",\n \"CVE-2018-14469\",\n \"CVE-2018-14470\",\n \"CVE-2018-14879\",\n \"CVE-2018-14880\",\n \"CVE-2018-14881\",\n \"CVE-2018-14882\",\n \"CVE-2018-16227\",\n \"CVE-2018-16228\",\n \"CVE-2018-16229\",\n \"CVE-2018-16230\",\n \"CVE-2018-16300\",\n \"CVE-2018-16451\",\n \"CVE-2018-16452\",\n \"CVE-2019-15166\"\n );\n script_xref(name:\"RHSA\", value:\"2020:4760\");\n\n script_name(english:\"RHEL 8 : tcpdump (RHSA-2020:4760)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4760 advisory.\n\n - tcpdump: SMB data printing mishandled (CVE-2018-10103, CVE-2018-10105)\n\n - tcpdump: Buffer over-read in ldp_tlv_print() function in print-ldp.c (CVE-2018-14461)\n\n - tcpdump: Buffer over-read in icmp_print() function in print-icmp.c (CVE-2018-14462)\n\n - tcpdump: Buffer over-read in vrrp_print() function in print-vrrp.c (CVE-2018-14463)\n\n - tcpdump: Buffer over-read in lmp_print_data_link_subobjs() function in print-lmp.c (CVE-2018-14464)\n\n - tcpdump: Buffer over-read in rsvp_obj_print() function in print-rsvp.c (CVE-2018-14465)\n\n - tcpdump: Buffer over-read in print-icmp6.c (CVE-2018-14466)\n\n - tcpdump: Buffer over-read in bgp_capabilities_print() in print-bgp.c (CVE-2018-14467)\n\n - tcpdump: Buffer over-read in mfr_print() function in print-fr.c (CVE-2018-14468)\n\n - tcpdump: Buffer over-read in ikev1_n_print() function in print-isakmp.c (CVE-2018-14469)\n\n - tcpdump: Buffer over-read in babel_print_v2() in print-babel.c (CVE-2018-14470)\n\n - tcpdump: Out of bounds read/write in in get_next_file() in tcpdump.c (CVE-2018-14879)\n\n - tcpdump: Buffer over-read in ospf6_print_lshdr() function in print-ospf6.c (CVE-2018-14880)\n\n - tcpdump: Buffer over-read in bgp_capabilities_print() function in print-bgp.c (CVE-2018-14881)\n\n - tcpdump: Buffer over-read in function rpl_dio_printopt in print-icmp6.c (CVE-2018-14882)\n\n - tcpdump: Buffer over-read in print-802_11.c (CVE-2018-16227)\n\n - tcpdump: Access to uninitialized buffer in print_prefix() function in print-hncp.c (CVE-2018-16228)\n\n - tcpdump: Buffer over-read in dccp_print_option() function in print-dccp.c (CVE-2018-16229)\n\n - tcpdump: Buffer over-read in bgp_attr_print() function in print-bgp.c (CVE-2018-16230)\n\n - tcpdump: Resource exhaustion in bgp_attr_print() function in print-bgp.c (CVE-2018-16300)\n\n - tcpdump: Buffer over-read in print_trans() function in print-smb.c (CVE-2018-16451)\n\n - tcpdump: Resource exhaustion in smb_fdata() funtion in smbutil.c (CVE-2018-16452)\n\n - tcpdump: Buffer overflow in lmp_print_data_link_subobjs() in print-lmp.c (CVE-2019-15166)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/119.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/125.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/400.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/665.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-10103\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-10105\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-14461\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-14462\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-14463\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-14464\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-14465\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-14466\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-14467\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-14468\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-14469\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-14470\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-14879\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-14880\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-14881\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-14882\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-16227\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-16228\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-16229\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-16230\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-16300\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-16451\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-16452\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-15166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:4760\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760430\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760445\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760449\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760453\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760457\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760458\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760461\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760463\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760464\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760468\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760504\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760505\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760506\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760512\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760513\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760517\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760518\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1760520\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected tcpdump and / or tcpdump-debugsource packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-10105\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(20, 119, 125, 400, 665);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:enterprise_linux:8::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tcpdump-debugsource\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'enterprise_linux_8_appstream': [\n 'rhel-8-for-aarch64-appstream-debug-rpms',\n 'rhel-8-for-aarch64-appstream-rpms',\n 'rhel-8-for-aarch64-appstream-source-rpms',\n 'rhel-8-for-s390x-appstream-debug-rpms',\n 'rhel-8-for-s390x-appstream-rpms',\n 'rhel-8-for-s390x-appstream-source-rpms',\n 'rhel-8-for-x86_64-appstream-debug-rpms',\n 'rhel-8-for-x86_64-appstream-rpms',\n 'rhel-8-for-x86_64-appstream-source-rpms'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2020:4760');\n}\n\npkgs = [\n {'reference':'tcpdump-4.9.3-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'14', 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'tcpdump-4.9.3-1.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'14', 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'tcpdump-4.9.3-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'14', 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'tcpdump-debugsource-4.9.3-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'14', 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'tcpdump-debugsource-4.9.3-1.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'14', 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'tcpdump-debugsource-4.9.3-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'14', 'repo_list':['enterprise_linux_8_appstream']}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'tcpdump / tcpdump-debugsource');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T01:51:53", "description": "Several vulnerabilities have been discovered in tcpdump, a\ncommand-line network traffic analyzer. These vulnerabilities might\nresult in denial of service or, potentially, execution of arbitrary\ncode.", "edition": 18, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-10-22T00:00:00", "title": "Debian DSA-4547-1 : tcpdump - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16300", "CVE-2018-14463", "CVE-2018-14469", "CVE-2018-10103", "CVE-2018-14467", "CVE-2018-10105", "CVE-2018-16229", "CVE-2018-16452", "CVE-2018-14466", "CVE-2018-14470", "CVE-2018-14880", "CVE-2018-14882", "CVE-2018-14879", "CVE-2018-16451", "CVE-2018-16227", "CVE-2018-14468", "CVE-2018-16228", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-16230", "CVE-2018-14465", "CVE-2019-15166", "CVE-2018-14464", "CVE-2018-14881"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:10.0", "p-cpe:/a:debian:debian_linux:tcpdump", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4547.NASL", "href": "https://www.tenable.com/plugins/nessus/130135", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4547. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130135);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/12/18\");\n\n script_cve_id(\"CVE-2018-10103\", \"CVE-2018-10105\", \"CVE-2018-14461\", \"CVE-2018-14462\", \"CVE-2018-14463\", \"CVE-2018-14464\", \"CVE-2018-14465\", \"CVE-2018-14466\", \"CVE-2018-14467\", \"CVE-2018-14468\", \"CVE-2018-14469\", \"CVE-2018-14470\", \"CVE-2018-14879\", \"CVE-2018-14880\", \"CVE-2018-14881\", \"CVE-2018-14882\", \"CVE-2018-16227\", \"CVE-2018-16228\", \"CVE-2018-16229\", \"CVE-2018-16230\", \"CVE-2018-16300\", \"CVE-2018-16451\", \"CVE-2018-16452\", \"CVE-2019-15166\");\n script_xref(name:\"DSA\", value:\"4547\");\n\n script_name(english:\"Debian DSA-4547-1 : tcpdump - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in tcpdump, a\ncommand-line network traffic analyzer. These vulnerabilities might\nresult in denial of service or, potentially, execution of arbitrary\ncode.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/tcpdump\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/tcpdump\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/tcpdump\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2019/dsa-4547\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the tcpdump packages.\n\nFor the oldstable distribution (stretch), these problems have been\nfixed in version 4.9.3-1~deb9u1.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 4.9.3-1~deb10u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"tcpdump\", reference:\"4.9.3-1~deb10u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"tcpdump\", reference:\"4.9.3-1~deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2020-01-21T14:51:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16300", "CVE-2018-14463", "CVE-2018-14469", "CVE-2018-14467", "CVE-2018-16229", "CVE-2018-16452", "CVE-2018-14466", "CVE-2018-14470", "CVE-2018-14880", "CVE-2018-14882", "CVE-2018-14879", "CVE-2018-16451", "CVE-2018-16227", "CVE-2018-14468", "CVE-2018-16228", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-16230", "CVE-2018-14465", "CVE-2019-15166", "CVE-2018-14464", "CVE-2018-14881"], "description": "tcpdump is prone to multiple vulnerabilities.", "modified": "2020-01-21T00:00:00", "published": "2019-10-21T00:00:00", "id": "OPENVAS:1361412562310113543", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310113543", "type": "openvas", "title": "tcpdump < 4.9.3 Multiple Vulnerabilities", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.113543\");\n script_version(\"2020-01-21T07:42:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-21 07:42:39 +0000 (Tue, 21 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-10-21 15:35:17 +0000 (Mon, 21 Oct 2019)\");\n script_tag(name:\"cvss_base\", value:\"5.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n\n script_tag(name:\"qod_type\", value:\"executable_version_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_cve_id(\"CVE-2018-14461\", \"CVE-2018-14462\", \"CVE-2018-14463\", \"CVE-2018-14464\", \"CVE-2018-14465\", \"CVE-2018-14466\", \"CVE-2018-14467\", \"CVE-2018-14468\", \"CVE-2018-14469\", \"CVE-2018-14470\", \"CVE-2018-14879\", \"CVE-2018-14880\", \"CVE-2018-14881\", \"CVE-2018-14882\", \"CVE-2018-16227\", \"CVE-2018-16228\", \"CVE-2018-16229\", \"CVE-2018-16230\", \"CVE-2018-16300\", \"CVE-2018-16451\", \"CVE-2018-16452\", \"CVE-2019-15166\");\n\n script_name(\"tcpdump < 4.9.3 Multiple Vulnerabilities\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Buffer overflow\");\n script_dependencies(\"gb_tcpdump_ssh_detect.nasl\");\n script_mandatory_keys(\"tcpdump/detected\");\n\n script_tag(name:\"summary\", value:\"tcpdump is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"There are buffer over-read vulnerabilities in the following modules:\n\n print-ldp.c:ldp_tlv_print(), print_icmp.c:icmp_print(), print_vrrp.c:vrrp_print(),\n print_lmp.c:lmp_print_data_link_subobjs(), print_rsvp.c:rsvp_obj_print(),\n print-rx.c:rx_cache_find(), print-rx.c:rx_cache_insert(),\n print-bgp.c:bgp_capabilities_print(), print-fr.c:mfr_print(), print-isakkmp.c:ikev1_n_print(),\n print_babel.c:babel_print_v2(), print-ospf6.c:ospf6_print_lshdr(), print-icmp6.c,\n print-802_11.c, print-hncp.c:print_prefix(), print-dccp.c:dccp_print_option(),\n print_bgp.c:bgp_attr_print(), print-smb.c:print_trans()\n\n There is a buffer overflow vulnerability in tcpdump.c:get_next_file().\n\n There is a stack consumption vulnerability in print-bgp.c:bgp_attr_print().\n\n There is a stack exhaustion vulnerability in smbutil.c:smb_fdata().\n\n print_lmp.c:lmp_print_data_link_subobjs() lacks bounds checks.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation would allow an attacker to read sensitive information\n or execute arbitrary code on the target machine.\");\n\n script_tag(name:\"affected\", value:\"tcpdump through version 4.9.2.\");\n\n script_tag(name:\"solution\", value:\"Update to version 4.9.3.\");\n\n script_xref(name:\"URL\", value:\"https://www.tcpdump.org/tcpdump-changes.txt\");\n\n exit(0);\n}\n\nCPE = \"cpe:/a:tcpdump:tcpdump\";\n\ninclude( \"host_details.inc\" );\ninclude( \"version_func.inc\" );\n\nif( ! infos = get_app_version_and_location( cpe: CPE, exit_no_version: TRUE ) ) exit( 0 );\nversion = infos[\"version\"];\nlocation = infos[\"location\"];\n\nif( version_is_less( version: version, test_version: \"4.9.3\" ) ) {\n report = report_fixed_ver( installed_version: version, fixed_version: \"4.9.3\", install_path: location );\n security_message( data: report, port: 0 );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-10-23T14:51:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16300", "CVE-2018-14463", "CVE-2018-14469", "CVE-2018-10103", "CVE-2018-14467", "CVE-2018-10105", "CVE-2018-16229", "CVE-2018-16452", "CVE-2018-14466", "CVE-2018-14470", "CVE-2018-14880", "CVE-2018-14882", "CVE-2018-14879", "CVE-2018-16451", "CVE-2018-16227", "CVE-2018-14468", "CVE-2018-16228", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-16230", "CVE-2018-14465", "CVE-2019-15166", "CVE-2018-14464", "CVE-2018-14881"], "description": "The remote host is missing an update for the ", "modified": "2019-10-23T00:00:00", "published": "2019-10-23T00:00:00", "id": "OPENVAS:1361412562310704547", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704547", "type": "openvas", "title": "Debian Security Advisory DSA 4547-1 (tcpdump - security update)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704547\");\n script_version(\"2019-10-23T02:00:33+0000\");\n script_cve_id(\"CVE-2018-10103\", \"CVE-2018-10105\", \"CVE-2018-14461\", \"CVE-2018-14462\", \"CVE-2018-14463\", \"CVE-2018-14464\", \"CVE-2018-14465\", \"CVE-2018-14466\", \"CVE-2018-14467\", \"CVE-2018-14468\", \"CVE-2018-14469\", \"CVE-2018-14470\", \"CVE-2018-14879\", \"CVE-2018-14880\", \"CVE-2018-14881\", \"CVE-2018-14882\", \"CVE-2018-16227\", \"CVE-2018-16228\", \"CVE-2018-16229\", \"CVE-2018-16230\", \"CVE-2018-16300\", \"CVE-2018-16451\", \"CVE-2018-16452\", \"CVE-2019-15166\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 02:00:33 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-10-23 02:00:33 +0000 (Wed, 23 Oct 2019)\");\n script_name(\"Debian Security Advisory DSA 4547-1 (tcpdump - security update)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(10|9)\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2019/dsa-4547.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DSA-4547-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tcpdump'\n package(s) announced via the DSA-4547-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Several vulnerabilities have been discovered in tcpdump, a command-line\nnetwork traffic analyzer. These vulnerabilities might result in denial of\nservice or, potentially, execution of arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"'tcpdump' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For the oldstable distribution (stretch), these problems have been fixed\nin version 4.9.3-1~deb9u1.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 4.9.3-1~deb10u1.\n\nWe recommend that you upgrade your tcpdump packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"tcpdump\", ver:\"4.9.3-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"tcpdump\", ver:\"4.9.3-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-17T17:01:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16300", "CVE-2018-14463", "CVE-2018-14469", "CVE-2018-10103", "CVE-2018-14467", "CVE-2018-10105", "CVE-2018-16229", "CVE-2018-16452", "CVE-2018-14466", "CVE-2018-14470", "CVE-2018-14880", "CVE-2018-14882", "CVE-2018-14879", "CVE-2018-16451", "CVE-2018-16227", "CVE-2018-14468", "CVE-2018-16228", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-16230", "CVE-2018-14465", "CVE-2019-15166", "CVE-2018-14464", "CVE-2018-14881"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-04-16T00:00:00", "published": "2020-04-16T00:00:00", "id": "OPENVAS:1361412562311220201437", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201437", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for tcpdump (EulerOS-SA-2020-1437)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from the referenced\n# advisories, and are Copyright (C) by the respective right holder(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1437\");\n script_version(\"2020-04-16T05:52:58+0000\");\n script_cve_id(\"CVE-2018-10103\", \"CVE-2018-10105\", \"CVE-2018-14461\", \"CVE-2018-14462\", \"CVE-2018-14463\", \"CVE-2018-14464\", \"CVE-2018-14465\", \"CVE-2018-14466\", \"CVE-2018-14467\", \"CVE-2018-14468\", \"CVE-2018-14469\", \"CVE-2018-14470\", \"CVE-2018-14879\", \"CVE-2018-14880\", \"CVE-2018-14881\", \"CVE-2018-14882\", \"CVE-2018-16227\", \"CVE-2018-16228\", \"CVE-2018-16229\", \"CVE-2018-16230\", \"CVE-2018-16300\", \"CVE-2018-16451\", \"CVE-2018-16452\", \"CVE-2019-15166\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-16 05:52:58 +0000 (Thu, 16 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-16 05:52:58 +0000 (Thu, 16 Apr 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for tcpdump (EulerOS-SA-2020-1437)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1437\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1437\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'tcpdump' package(s) announced via the EulerOS-SA-2020-1437 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2).(CVE-2018-10103)\n\n\n\ntcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2).(CVE-2018-10105)\n\n\n\nThe FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().(CVE-2018-14468)\n\n\n\nThe ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c.(CVE-2018-14882)\n\n\n\nlmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.(CVE-2019-15166)\n\n\n\nThe LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print().(CVE-2018-14461)\n\n\n\nThe ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().(CVE-2018-14462)\n\n\n\nThe VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print().(CVE-2018-14463)\n\n\n\nThe LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs().(CVE-2018-14464)\n\n\n\nThe RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().(CVE-2018-14465)\n\n\n\nThe Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert().(CVE-2018-14466)\n\n\n\nThe BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP).(CVE-2018-14467)\n\n\n\nThe IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().(CVE-2018-14469)\n\n\n\nThe Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().(CVE-2018-14470)\n\n\n\nThe command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file().(CVE-2018-14879)\n\n\n\nThe OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().(CVE-2018-14880)\n\n\n\nThe BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART).(CVE-2018-14881)\n\n\n\nThe IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield.(CVE-2018-16227)\n\n\n\nThe DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().(CVE-2018-16229)\n\n\n\nThe BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI).(CVE-2018-16230)\n\n\n\nThe BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion.(CVE-2018-16300)\n\n\n\nThe SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \\MAILSLOT\\BROW ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'tcpdump' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"tcpdump\", rpm:\"tcpdump~4.9.0~5.h179\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-29T19:27:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16300", "CVE-2018-14463", "CVE-2018-14469", "CVE-2018-10103", "CVE-2018-14467", "CVE-2018-10105", "CVE-2018-16229", "CVE-2018-16452", "CVE-2018-14466", "CVE-2018-14470", "CVE-2018-14880", "CVE-2018-14882", "CVE-2018-14879", "CVE-2018-16451", "CVE-2018-16227", "CVE-2018-14468", "CVE-2018-16228", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-16230", "CVE-2018-14465", "CVE-2019-15166", "CVE-2018-14464", "CVE-2018-14881"], "description": "The remote host is missing an update for the ", "modified": "2020-01-29T00:00:00", "published": "2019-10-12T00:00:00", "id": "OPENVAS:1361412562310891955", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891955", "type": "openvas", "title": "Debian LTS: Security Advisory for tcpdump (DLA-1955-1)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891955\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2018-10103\", \"CVE-2018-10105\", \"CVE-2018-14461\", \"CVE-2018-14462\", \"CVE-2018-14463\", \"CVE-2018-14464\", \"CVE-2018-14465\", \"CVE-2018-14466\", \"CVE-2018-14467\", \"CVE-2018-14468\", \"CVE-2018-14469\", \"CVE-2018-14470\", \"CVE-2018-14879\", \"CVE-2018-14880\", \"CVE-2018-14881\", \"CVE-2018-14882\", \"CVE-2018-16227\", \"CVE-2018-16228\", \"CVE-2018-16229\", \"CVE-2018-16230\", \"CVE-2018-16300\", \"CVE-2018-16451\", \"CVE-2018-16452\", \"CVE-2019-15166\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-10-12 02:00:27 +0000 (Sat, 12 Oct 2019)\");\n script_name(\"Debian LTS: Security Advisory for tcpdump (DLA-1955-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-1955-1\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/941698\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tcpdump'\n package(s) announced via the DLA-1955-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Several vulnerabilities have been discovered in tcpdump, a\ncommand-line network traffic analyzer. These security vulnerabilities\nmight result in denial of service or, potentially, execution of\narbitrary code.\");\n\n script_tag(name:\"affected\", value:\"'tcpdump' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n4.9.3-1~deb8u1.\n\nWe recommend that you upgrade your tcpdump packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"tcpdump\", ver:\"4.9.3-1~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T16:48:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16300", "CVE-2018-14463", "CVE-2018-14469", "CVE-2018-10103", "CVE-2018-14467", "CVE-2018-10105", "CVE-2018-16229", "CVE-2018-16452", "CVE-2018-14466", "CVE-2018-14470", "CVE-2018-14880", "CVE-2018-16301", "CVE-2018-14882", "CVE-2017-16808", "CVE-2018-14879", "CVE-2018-16451", "CVE-2018-16227", "CVE-2019-1010220", "CVE-2018-14468", "CVE-2018-16228", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-16230", "CVE-2018-14465", "CVE-2019-15166", "CVE-2018-14464", "CVE-2019-15167", "CVE-2018-14881"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2019-10-21T00:00:00", "id": "OPENVAS:1361412562310852744", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852744", "type": "openvas", "title": "openSUSE: Security Advisory for tcpdump (openSUSE-SU-2019:2344-1)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852744\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2017-16808\", \"CVE-2018-10103\", \"CVE-2018-10105\", \"CVE-2018-14461\", \"CVE-2018-14462\", \"CVE-2018-14463\", \"CVE-2018-14464\", \"CVE-2018-14465\", \"CVE-2018-14466\", \"CVE-2018-14467\", \"CVE-2018-14468\", \"CVE-2018-14469\", \"CVE-2018-14470\", \"CVE-2018-14879\", \"CVE-2018-14880\", \"CVE-2018-14881\", \"CVE-2018-14882\", \"CVE-2018-16227\", \"CVE-2018-16228\", \"CVE-2018-16229\", \"CVE-2018-16230\", \"CVE-2018-16300\", \"CVE-2018-16301\", \"CVE-2018-16451\", \"CVE-2018-16452\", \"CVE-2019-1010220\", \"CVE-2019-15166\", \"CVE-2019-15167\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-10-21 02:00:39 +0000 (Mon, 21 Oct 2019)\");\n script_name(\"openSUSE: Security Advisory for tcpdump (openSUSE-SU-2019:2344-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:2344-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tcpdump'\n package(s) announced via the openSUSE-SU-2019:2344-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for tcpdump fixes the following issues:\n\n - CVE-2017-16808: Fixed a heap-based buffer over-read related to aoe_print\n and lookup_emem (bsc#1068716 bsc#1153098).\n\n - CVE-2018-10103: Fixed a mishandling of the printing of SMB data\n (bsc#1153098).\n\n - CVE-2018-10105: Fixed a mishandling of the printing of SMB data\n (bsc#1153098).\n\n - CVE-2018-14461: Fixed a buffer over-read in print-ldp.c:ldp_tlv_print\n (bsc#1153098).\n\n - CVE-2018-14462: Fixed a buffer over-read in print-icmp.c:icmp_print\n (bsc#1153098).\n\n - CVE-2018-14463: Fixed a buffer over-read in print-vrrp.c:vrrp_print\n (bsc#1153098).\n\n - CVE-2018-14464: Fixed a buffer over-read in\n print-lmp.c:lmp_print_data_link_subobjs (bsc#1153098).\n\n - CVE-2018-14465: Fixed a buffer over-read in print-rsvp.c:rsvp_obj_print\n (bsc#1153098).\n\n - CVE-2018-14466: Fixed a buffer over-read in print-rx.c:rx_cache_find\n (bsc#1153098).\n\n - CVE-2018-14467: Fixed a buffer over-read in\n print-bgp.c:bgp_capabilities_print (bsc#1153098).\n\n - CVE-2018-14468: Fixed a buffer over-read in print-fr.c:mfr_print\n (bsc#1153098).\n\n - CVE-2018-14469: Fixed a buffer over-read in print-isakmp.c:ikev1_n_print\n (bsc#1153098).\n\n - CVE-2018-14470: Fixed a buffer over-read in print-babel.c:babel_print_v2\n (bsc#1153098).\n\n - CVE-2018-14879: Fixed a buffer overflow in the command-line argument\n parser (bsc#1153098).\n\n - CVE-2018-14880: Fixed a buffer over-read in the OSPFv3 parser\n (bsc#1153098).\n\n - CVE-2018-14881: Fixed a buffer over-read in the BGP parser (bsc#1153098).\n\n - CVE-2018-14882: Fixed a buffer over-read in the ICMPv6 parser\n (bsc#1153098).\n\n - CVE-2018-16227: Fixed a buffer over-read in the IEEE 802.11 parser in\n print-802_11.c for the Mesh Flags subfield (bsc#1153098).\n\n - CVE-2018-16228: Fixed a buffer over-read in the HNCP parser\n (bsc#1153098).\n\n - CVE-2018-16229: Fixed a buffer over-read in the DCCP parser\n (bsc#1153098).\n\n - CVE-2018-16230: Fixed a buffer over-read in the BGP parser in\n print-bgp.c:bgp_attr_print (bsc#1153098).\n\n - CVE-2018-16300: Fixed an unlimited recursion in the BGP parser that\n allowed denial-of-service by stack consumption (bsc#1153098).\n\n - CVE-2018-16301: Fixed a buffer overflow (bsc#1153332 bsc#1153098).\n\n - CVE-2018-16451: Fixed several buffer over-reads in\n print-smb.c:print_trans() for \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN\n (bsc#1153098).\n\n - CVE-2018-16452: Fixed a stack exhaustion in smbutil.c:smb_fdata\n (bsc#1153098).\n\n - CVE-2019-15166: Fixed a bounds check in lmp_print_data_link_subobjs\n (bsc#1153098).\n\n - CVE-2019-15167: Fixed a vulnerability in VRRP (bsc#1153098).\n\n This update was importe ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'tcpdump' package(s) on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"tcpdump\", rpm:\"tcpdump~4.9.2~lp150.10.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tcpdump-debuginfo\", rpm:\"tcpdump-debuginfo~4.9.2~lp150.10.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tcpdump-debugsource\", rpm:\"tcpdump-debugsource~4.9.2~lp150.10.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T16:30:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16300", "CVE-2018-14463", "CVE-2018-14469", "CVE-2018-10103", "CVE-2018-14467", "CVE-2018-10105", "CVE-2018-16229", "CVE-2018-16452", "CVE-2018-14466", "CVE-2018-14470", "CVE-2018-14880", "CVE-2018-16301", "CVE-2018-14882", "CVE-2017-16808", "CVE-2018-14879", "CVE-2018-16451", "CVE-2018-16227", "CVE-2019-1010220", "CVE-2018-14468", "CVE-2018-16228", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-16230", "CVE-2018-14465", "CVE-2019-15166", "CVE-2018-14464", "CVE-2019-15167", "CVE-2018-14881"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2020-01-09T00:00:00", "id": "OPENVAS:1361412562310852829", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852829", "type": "openvas", "title": "openSUSE: Security Advisory for tcpdump (openSUSE-SU-2019:2348-1)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852829\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2017-16808\", \"CVE-2018-10103\", \"CVE-2018-10105\", \"CVE-2018-14461\",\n \"CVE-2018-14462\", \"CVE-2018-14463\", \"CVE-2018-14464\", \"CVE-2018-14465\",\n \"CVE-2018-14466\", \"CVE-2018-14467\", \"CVE-2018-14468\", \"CVE-2018-14469\",\n \"CVE-2018-14470\", \"CVE-2018-14879\", \"CVE-2018-14880\", \"CVE-2018-14881\",\n \"CVE-2018-14882\", \"CVE-2018-16227\", \"CVE-2018-16228\", \"CVE-2018-16229\",\n \"CVE-2018-16230\", \"CVE-2018-16300\", \"CVE-2018-16301\", \"CVE-2018-16451\",\n \"CVE-2018-16452\", \"CVE-2019-1010220\", \"CVE-2019-15166\", \"CVE-2019-15167\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-09 09:33:43 +0000 (Thu, 09 Jan 2020)\");\n script_name(\"openSUSE: Security Advisory for tcpdump (openSUSE-SU-2019:2348-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.1\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:2348-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tcpdump'\n package(s) announced via the openSUSE-SU-2019:2348-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for tcpdump fixes the following issues:\n\n - CVE-2017-16808: Fixed a heap-based buffer over-read related to aoe_print\n and lookup_emem (bsc#1068716 bsc#1153098).\n\n - CVE-2018-10103: Fixed a mishandling of the printing of SMB data\n (bsc#1153098).\n\n - CVE-2018-10105: Fixed a mishandling of the printing of SMB data\n (bsc#1153098).\n\n - CVE-2018-14461: Fixed a buffer over-read in print-ldp.c:ldp_tlv_print\n (bsc#1153098).\n\n - CVE-2018-14462: Fixed a buffer over-read in print-icmp.c:icmp_print\n (bsc#1153098).\n\n - CVE-2018-14463: Fixed a buffer over-read in print-vrrp.c:vrrp_print\n (bsc#1153098).\n\n - CVE-2018-14464: Fixed a buffer over-read in\n print-lmp.c:lmp_print_data_link_subobjs (bsc#1153098).\n\n - CVE-2018-14465: Fixed a buffer over-read in print-rsvp.c:rsvp_obj_print\n (bsc#1153098).\n\n - CVE-2018-14466: Fixed a buffer over-read in print-rx.c:rx_cache_find\n (bsc#1153098).\n\n - CVE-2018-14467: Fixed a buffer over-read in\n print-bgp.c:bgp_capabilities_print (bsc#1153098).\n\n - CVE-2018-14468: Fixed a buffer over-read in print-fr.c:mfr_print\n (bsc#1153098).\n\n - CVE-2018-14469: Fixed a buffer over-read in print-isakmp.c:ikev1_n_print\n (bsc#1153098).\n\n - CVE-2018-14470: Fixed a buffer over-read in print-babel.c:babel_print_v2\n (bsc#1153098).\n\n - CVE-2018-14879: Fixed a buffer overflow in the command-line argument\n parser (bsc#1153098).\n\n - CVE-2018-14880: Fixed a buffer over-read in the OSPFv3 parser\n (bsc#1153098).\n\n - CVE-2018-14881: Fixed a buffer over-read in the BGP parser (bsc#1153098).\n\n - CVE-2018-14882: Fixed a buffer over-read in the ICMPv6 parser\n (bsc#1153098).\n\n - CVE-2018-16227: Fixed a buffer over-read in the IEEE 802.11 parser in\n print-802_11.c for the Mesh Flags subfield (bsc#1153098).\n\n - CVE-2018-16228: Fixed a buffer over-read in the HNCP parser\n (bsc#1153098).\n\n - CVE-2018-16229: Fixed a buffer over-read in the DCCP parser\n (bsc#1153098).\n\n - CVE-2018-16230: Fixed a buffer over-read in the BGP parser in\n print-bgp.c:bgp_attr_print (bsc#1153098).\n\n - CVE-2018-16300: Fixed an unlimited recursion in the BGP parser that\n allowed denial-of-service by stack consumption (bsc#1153098).\n\n - CVE-2018-16301: Fixed a buffer overflow (bsc#1153332 bsc#1153098).\n\n - CVE-2018-16451: Fixed several buffer over-reads in\n print-smb.c:print_trans() for \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN\n (bsc#1153098).\n\n - CVE-2018-16452: Fixed a stack exhaustion in smbutil.c:smb_fdata\n (bsc#1153098).\n\n - CVE-2019-15166: Fixed a bounds check in lmp_print_data_link_subobjs\n (bsc#1153098).\n\n - CVE-2019-15167: Fixed a vulnerability in VRRP (bsc#1153098).\n\n This update was importe ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'tcpdump' package(s) on openSUSE Leap 15.1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"tcpdump\", rpm:\"tcpdump~4.9.2~lp151.4.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tcpdump-debuginfo\", rpm:\"tcpdump-debuginfo~4.9.2~lp151.4.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tcpdump-debugsource\", rpm:\"tcpdump-debugsource~4.9.2~lp151.4.6.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-14T14:48:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19519", "CVE-2018-16300", "CVE-2018-14463", "CVE-2018-14469", "CVE-2018-10103", "CVE-2018-14467", "CVE-2018-10105", "CVE-2018-16229", "CVE-2018-16452", "CVE-2018-14466", "CVE-2018-14470", "CVE-2018-14880", "CVE-2018-16301", "CVE-2018-14882", "CVE-2017-16808", "CVE-2018-14879", "CVE-2018-16451", "CVE-2018-16227", "CVE-2019-1010220", "CVE-2018-14468", "CVE-2018-16228", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-16230", "CVE-2018-14465", "CVE-2019-15166", "CVE-2018-14464", "CVE-2019-15167", "CVE-2018-14881"], "description": "The remote host is missing an update for the ", "modified": "2020-01-13T00:00:00", "published": "2020-01-09T00:00:00", "id": "OPENVAS:1361412562310877172", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877172", "type": "openvas", "title": "Fedora Update for tcpdump FEDORA-2019-6db0d5b9d9", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877172\");\n script_version(\"2020-01-13T11:49:13+0000\");\n script_cve_id(\"CVE-2017-16808\", \"CVE-2018-14468\", \"CVE-2018-14469\", \"CVE-2018-14470\", \"CVE-2018-14466\", \"CVE-2018-14461\", \"CVE-2018-14462\", \"CVE-2018-14465\", \"CVE-2018-14881\", \"CVE-2018-14464\", \"CVE-2018-14463\", \"CVE-2018-14467\", \"CVE-2018-10103\", \"CVE-2018-10105\", \"CVE-2018-14880\", \"CVE-2018-16451\", \"CVE-2018-14882\", \"CVE-2018-16227\", \"CVE-2018-16229\", \"CVE-2018-16301\", \"CVE-2018-16230\", \"CVE-2018-16452\", \"CVE-2018-16300\", \"CVE-2018-16228\", \"CVE-2019-15166\", \"CVE-2019-15167\", \"CVE-2018-19519\", \"CVE-2018-14879\", \"CVE-2019-1010220\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-13 11:49:13 +0000 (Mon, 13 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-09 07:30:10 +0000 (Thu, 09 Jan 2020)\");\n script_name(\"Fedora Update for tcpdump FEDORA-2019-6db0d5b9d9\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC31\");\n\n script_xref(name:\"FEDORA\", value:\"2019-6db0d5b9d9\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tcpdump'\n package(s) announced via the FEDORA-2019-6db0d5b9d9 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Tcpdump is a command-line tool for monitoring network traffic.\nTcpdump can capture and display the packet headers on a particular\nnetwork interface or on all interfaces. Tcpdump can display all of\nthe packet headers, or just the ones that match particular criteria.\n\nInstall tcpdump if you need a program to monitor network traffic.\");\n\n script_tag(name:\"affected\", value:\"'tcpdump' package(s) on Fedora 31.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC31\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"tcpdump\", rpm:\"tcpdump~4.9.3~1.fc31\", rls:\"FC31\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-06T12:10:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19519", "CVE-2018-16300", "CVE-2018-14463", "CVE-2018-14469", "CVE-2018-10103", "CVE-2018-14467", "CVE-2018-10105", "CVE-2018-16229", "CVE-2018-16452", "CVE-2018-14466", "CVE-2018-14470", "CVE-2018-14880", "CVE-2018-16301", "CVE-2018-14882", "CVE-2017-16808", "CVE-2018-14879", "CVE-2018-16451", "CVE-2018-16227", "CVE-2019-1010220", "CVE-2018-14468", "CVE-2018-16228", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-16230", "CVE-2018-14465", "CVE-2019-15166", "CVE-2018-14464", "CVE-2019-15167", "CVE-2018-14881"], "description": "The remote host is missing an update for the ", "modified": "2019-10-30T00:00:00", "published": "2019-10-30T00:00:00", "id": "OPENVAS:1361412562310876949", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876949", "type": "openvas", "title": "Fedora Update for tcpdump FEDORA-2019-d06bc63433", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876949\");\n script_version(\"2019-10-30T10:03:24+0000\");\n script_cve_id(\"CVE-2017-16808\", \"CVE-2018-14468\", \"CVE-2018-14469\", \"CVE-2018-14470\", \"CVE-2018-14466\", \"CVE-2018-14461\", \"CVE-2018-14462\", \"CVE-2018-14465\", \"CVE-2018-14881\", \"CVE-2018-14464\", \"CVE-2018-14463\", \"CVE-2018-14467\", \"CVE-2018-10103\", \"CVE-2018-10105\", \"CVE-2018-14880\", \"CVE-2018-16451\", \"CVE-2018-14882\", \"CVE-2018-16227\", \"CVE-2018-16229\", \"CVE-2018-16301\", \"CVE-2018-16230\", \"CVE-2018-16452\", \"CVE-2018-16300\", \"CVE-2018-16228\", \"CVE-2019-15166\", \"CVE-2019-15167\", \"CVE-2018-19519\", \"CVE-2018-14879\", \"CVE-2019-1010220\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-10-30 10:03:24 +0000 (Wed, 30 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-10-30 03:35:05 +0000 (Wed, 30 Oct 2019)\");\n script_name(\"Fedora Update for tcpdump FEDORA-2019-d06bc63433\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-d06bc63433\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tcpdump'\n package(s) announced via the FEDORA-2019-d06bc63433 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Tcpdump is a command-line tool for monitoring network traffic.\nTcpdump can capture and display the packet headers on a particular\nnetwork interface or on all interfaces. Tcpdump can display all of\nthe packet headers, or just the ones that match particular criteria.\n\nInstall tcpdump if you need a program to monitor network traffic.\");\n\n script_tag(name:\"affected\", value:\"'tcpdump' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"tcpdump\", rpm:\"tcpdump~4.9.3~1.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-06T12:10:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19519", "CVE-2018-16300", "CVE-2018-14463", "CVE-2018-14469", "CVE-2018-10103", "CVE-2018-14467", "CVE-2018-10105", "CVE-2018-16229", "CVE-2018-16452", "CVE-2018-14466", "CVE-2018-14470", "CVE-2018-14880", "CVE-2018-16301", "CVE-2018-14882", "CVE-2017-16808", "CVE-2018-14879", "CVE-2018-16451", "CVE-2018-16227", "CVE-2019-1010220", "CVE-2018-14468", "CVE-2018-16228", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-16230", "CVE-2018-14465", "CVE-2019-15166", "CVE-2018-14464", "CVE-2019-15167", "CVE-2018-14881"], "description": "The remote host is missing an update for the ", "modified": "2019-10-30T00:00:00", "published": "2019-10-26T00:00:00", "id": "OPENVAS:1361412562310876932", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876932", "type": "openvas", "title": "Fedora Update for tcpdump FEDORA-2019-85d92df70f", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876932\");\n script_version(\"2019-10-30T10:03:24+0000\");\n script_cve_id(\"CVE-2017-16808\", \"CVE-2018-14468\", \"CVE-2018-14469\", \"CVE-2018-14470\", \"CVE-2018-14466\", \"CVE-2018-14461\", \"CVE-2018-14462\", \"CVE-2018-14465\", \"CVE-2018-14881\", \"CVE-2018-14464\", \"CVE-2018-14463\", \"CVE-2018-14467\", \"CVE-2018-10103\", \"CVE-2018-10105\", \"CVE-2018-14880\", \"CVE-2018-16451\", \"CVE-2018-14882\", \"CVE-2018-16227\", \"CVE-2018-16229\", \"CVE-2018-16301\", \"CVE-2018-16230\", \"CVE-2018-16452\", \"CVE-2018-16300\", \"CVE-2018-16228\", \"CVE-2019-15166\", \"CVE-2019-15167\", \"CVE-2018-19519\", \"CVE-2018-14879\", \"CVE-2019-1010220\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-10-30 10:03:24 +0000 (Wed, 30 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-10-26 02:27:03 +0000 (Sat, 26 Oct 2019)\");\n script_name(\"Fedora Update for tcpdump FEDORA-2019-85d92df70f\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-85d92df70f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tcpdump'\n package(s) announced via the FEDORA-2019-85d92df70f advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Tcpdump is a command-line tool for monitoring network traffic.\nTcpdump can capture and display the packet headers on a particular\nnetwork interface or on all interfaces. Tcpdump can display all of\nthe packet headers, or just the ones that match particular criteria.\n\nInstall tcpdump if you need a program to monitor network traffic.\");\n\n script_tag(name:\"affected\", value:\"'tcpdump' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"tcpdump\", rpm:\"tcpdump~4.9.3~1.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-29T18:43:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-19519", "CVE-2018-16300", "CVE-2018-14463", "CVE-2018-14469", "CVE-2018-10103", "CVE-2018-14467", "CVE-2018-10105", "CVE-2018-16229", "CVE-2018-16452", "CVE-2018-14466", "CVE-2018-14470", "CVE-2018-14880", "CVE-2018-14882", "CVE-2017-16808", "CVE-2018-14879", "CVE-2018-16451", "CVE-2018-16227", "CVE-2019-1010220", "CVE-2018-14468", "CVE-2018-16228", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-16230", "CVE-2018-14465", "CVE-2019-15166", "CVE-2018-14464", "CVE-2019-15167", "CVE-2018-14881"], "description": "The remote host is missing an update for the ", "modified": "2020-01-28T00:00:00", "published": "2020-01-28T00:00:00", "id": "OPENVAS:1361412562310844311", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844311", "type": "openvas", "title": "Ubuntu: Security Advisory for tcpdump (USN-4252-1)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844311\");\n script_version(\"2020-01-28T10:45:23+0000\");\n script_cve_id(\"CVE-2017-16808\", \"CVE-2018-10103\", \"CVE-2018-10105\", \"CVE-2018-14461\", \"CVE-2018-14462\", \"CVE-2018-14463\", \"CVE-2018-14464\", \"CVE-2018-14465\", \"CVE-2018-14466\", \"CVE-2018-14467\", \"CVE-2018-14468\", \"CVE-2018-14469\", \"CVE-2018-14470\", \"CVE-2018-14879\", \"CVE-2018-14880\", \"CVE-2018-14881\", \"CVE-2018-14882\", \"CVE-2018-16227\", \"CVE-2018-16228\", \"CVE-2018-16229\", \"CVE-2018-16230\", \"CVE-2018-16300\", \"CVE-2018-16451\", \"CVE-2018-16452\", \"CVE-2018-19519\", \"CVE-2019-1010220\", \"CVE-2019-15166\", \"CVE-2019-15167\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-28 10:45:23 +0000 (Tue, 28 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-28 04:00:26 +0000 (Tue, 28 Jan 2020)\");\n script_name(\"Ubuntu: Security Advisory for tcpdump (USN-4252-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=(UBUNTU18\\.04 LTS|UBUNTU16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"4252-1\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2020-January/005292.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tcpdump'\n package(s) announced via the USN-4252-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple security issues were discovered in tcpdump. A remote attacker\ncould use these issues to cause tcpdump to crash, resulting in a denial of\nservice, or possibly execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"'tcpdump' package(s) on Ubuntu 18.04 LTS, Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"tcpdump\", ver:\"4.9.3-0ubuntu0.18.04.1\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"tcpdump\", ver:\"4.9.3-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2019-10-12T10:41:33", "bulletinFamily": "unix", "cvelist": ["CVE-2018-16300", "CVE-2018-14463", "CVE-2018-14469", "CVE-2018-10103", "CVE-2018-14467", "CVE-2018-10105", "CVE-2018-16229", "CVE-2018-16452", "CVE-2018-14466", "CVE-2018-14470", "CVE-2018-14880", "CVE-2018-14882", "CVE-2018-14879", "CVE-2018-16451", "CVE-2018-16227", "CVE-2018-14468", "CVE-2018-16228", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-16230", "CVE-2018-14465", "CVE-2019-15166", "CVE-2018-14464", "CVE-2018-14881"], "description": "Package : tcpdump\nVersion : 4.9.3-1~deb8u1\nCVE ID : CVE-2018-10103 CVE-2018-10105 CVE-2018-14461\n CVE-2018-14462 CVE-2018-14463 CVE-2018-14464\n CVE-2018-14465 CVE-2018-14466 CVE-2018-14467\n CVE-2018-14468 CVE-2018-14469 CVE-2018-14470\n CVE-2018-14879 CVE-2018-14880 CVE-2018-14881\n CVE-2018-14882 CVE-2018-16227 CVE-2018-16228\n CVE-2018-16229 CVE-2018-16230 CVE-2018-16300\n CVE-2018-16451 CVE-2018-16452 CVE-2019-15166\nDebian Bug : 941698\n\nSeveral vulnerabilities have been discovered in tcpdump, a\ncommand-line network traffic analyzer. These security vulnerabilities\nmight result in denial of service or, potentially, execution of\narbitrary code.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n4.9.3-1~deb8u1.\n\nWe recommend that you upgrade your tcpdump packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 1, "modified": "2019-10-11T20:27:53", "published": "2019-10-11T20:27:53", "id": "DEBIAN:DLA-1955-1:22EE5", "href": "https://lists.debian.org/debian-lts-announce/2019/debian-lts-announce-201910/msg00015.html", "title": "[SECURITY] [DLA 1955-1] tcpdump security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-10-22T10:35:53", "bulletinFamily": "unix", "cvelist": ["CVE-2018-16300", "CVE-2018-14463", "CVE-2018-14469", "CVE-2018-10103", "CVE-2018-14467", "CVE-2018-10105", "CVE-2018-16229", "CVE-2018-16452", "CVE-2018-14466", "CVE-2018-14470", "CVE-2018-14880", "CVE-2018-14882", "CVE-2018-14879", "CVE-2018-16451", "CVE-2018-16227", "CVE-2018-14468", "CVE-2018-16228", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-16230", "CVE-2018-14465", "CVE-2019-15166", "CVE-2018-14464", "CVE-2018-14881"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4547-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nOctober 21, 2019 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : tcpdump\nCVE ID : CVE-2018-10103 CVE-2018-10105 CVE-2018-14461 CVE-2018-14462 \n CVE-2018-14463 CVE-2018-14464 CVE-2018-14465 CVE-2018-14466 \n CVE-2018-14467 CVE-2018-14468 CVE-2018-14469 CVE-2018-14470 \n CVE-2018-14879 CVE-2018-14880 CVE-2018-14881 CVE-2018-14882 \n CVE-2018-16227 CVE-2018-16228 CVE-2018-16229 CVE-2018-16230 \n CVE-2018-16300 CVE-2018-16451 CVE-2018-16452 CVE-2019-15166\n\nSeveral vulnerabilities have been discovered in tcpdump, a command-line\nnetwork traffic analyzer. These vulnerabilities might result in denial of\nservice or, potentially, execution of arbitrary code.\n\nFor the oldstable distribution (stretch), these problems have been fixed\nin version 4.9.3-1~deb9u1.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 4.9.3-1~deb10u1.\n\nWe recommend that you upgrade your tcpdump packages.\n\nFor the detailed security status of tcpdump please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/tcpdump\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 1, "modified": "2019-10-21T21:26:38", "published": "2019-10-21T21:26:38", "id": "DEBIAN:DSA-4547-1:D6E02", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2019/msg00199.html", "title": "[SECURITY] [DSA 4547-1] tcpdump security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2020-11-12T03:29:52", "bulletinFamily": "unix", "cvelist": ["CVE-2018-16300", "CVE-2018-14463", "CVE-2018-14469", "CVE-2018-10103", "CVE-2018-14467", "CVE-2018-10105", "CVE-2018-16229", "CVE-2018-16452", "CVE-2018-14466", "CVE-2018-14470", "CVE-2018-14880", "CVE-2018-14882", "CVE-2018-14879", "CVE-2018-16451", "CVE-2018-16227", "CVE-2018-14468", "CVE-2018-16228", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-16230", "CVE-2018-14465", "CVE-2019-15166", "CVE-2018-14464", "CVE-2018-14881"], "description": "[14:4.9.3-1]\n- Resolves: #1804063 - Rebase tcpdump to 4.9.3 to fix multiple CVEs", "edition": 1, "modified": "2020-11-10T00:00:00", "published": "2020-11-10T00:00:00", "id": "ELSA-2020-4760", "href": "http://linux.oracle.com/errata/ELSA-2020-4760.html", "title": "tcpdump security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-24T20:58:35", "bulletinFamily": "unix", "cvelist": ["CVE-2018-14468"], "description": "[4.9.2-4.0.1.el7_7.1]\n- Fix [CVE-2018-14468] [Orabug: 30480183]", "edition": 1, "modified": "2020-04-06T00:00:00", "published": "2020-04-06T00:00:00", "id": "ELSA-2020-5662", "href": "http://linux.oracle.com/errata/ELSA-2020-5662.html", "title": "tcpdump security update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "redhat": [{"lastseen": "2020-11-04T02:32:11", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16451", "CVE-2018-16452", "CVE-2019-15166"], "description": "The tcpdump packages contain the tcpdump utility for monitoring network traffic. The tcpdump utility can capture and display the packet headers on a particular network interface or on all interfaces.\n\nThe following packages have been upgraded to a later upstream version: tcpdump (4.9.3). (BZ#1804063)\n\nSecurity Fix(es):\n\n* tcpdump: SMB data printing mishandled (CVE-2018-10103)\n\n* tcpdump: SMB data printing mishandled (CVE-2018-10105)\n\n* tcpdump: Out of bounds read/write in get_next_file() in tcpdump.c (CVE-2018-14879)\n\n* tcpdump: Buffer over-read in ldp_tlv_print() function in print-ldp.c (CVE-2018-14461)\n\n* tcpdump: Buffer over-read in icmp_print() function in print-icmp.c (CVE-2018-14462)\n\n* tcpdump: Buffer over-read in vrrp_print() function in print-vrrp.c (CVE-2018-14463)\n\n* tcpdump: Buffer over-read in lmp_print_data_link_subobjs() function in print-lmp.c (CVE-2018-14464)\n\n* tcpdump: Buffer over-read in rsvp_obj_print() function in print-rsvp.c (CVE-2018-14465)\n\n* tcpdump: Buffer over-read in print-icmp6.c (CVE-2018-14466)\n\n* tcpdump: Buffer over-read in bgp_capabilities_print() in print-bgp.c (CVE-2018-14467)\n\n* tcpdump: Buffer over-read in mfr_print() function in print-fr.c (CVE-2018-14468)\n\n* tcpdump: Buffer over-read in ikev1_n_print() function in print-isakmp.c (CVE-2018-14469)\n\n* tcpdump: Buffer over-read in babel_print_v2() in print-babel.c (CVE-2018-14470)\n\n* tcpdump: Buffer over-read in ospf6_print_lshdr() function in print-ospf6.c (CVE-2018-14880)\n\n* tcpdump: Buffer over-read in bgp_capabilities_print() function in print-bgp.c (CVE-2018-14881)\n\n* tcpdump: Buffer over-read in function rpl_dio_printopt in print-icmp6.c (CVE-2018-14882)\n\n* tcpdump: Buffer over-read in print-802_11.c (CVE-2018-16227)\n\n* tcpdump: Access to uninitialized buffer in print_prefix() function in print-hncp.c (CVE-2018-16228)\n\n* tcpdump: Buffer over-read in dccp_print_option() function in print-dccp.c (CVE-2018-16229)\n\n* tcpdump: Buffer over-read in bgp_attr_print() function in print-bgp.c (CVE-2018-16230)\n\n* tcpdump: Resource exhaustion in bgp_attr_print() function in print-bgp.c (CVE-2018-16300)\n\n* tcpdump: Buffer over-read in print_trans() function in print-smb.c (CVE-2018-16451)\n\n* tcpdump: Resource exhaustion in smb_fdata() funtion in smbutil.c (CVE-2018-16452)\n\n* tcpdump: Buffer overflow in lmp_print_data_link_subobjs() in print-lmp.c (CVE-2019-15166)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.", "modified": "2020-11-04T05:05:56", "published": "2020-11-03T17:33:49", "id": "RHSA-2020:4760", "href": "https://access.redhat.com/errata/RHSA-2020:4760", "type": "redhat", "title": "(RHSA-2020:4760) Moderate: tcpdump security, bug fix, and enhancement update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-17T07:29:46", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16451", "CVE-2018-16452", "CVE-2018-20843", "CVE-2019-11068", "CVE-2019-13050", "CVE-2019-13627", "CVE-2019-14889", "CVE-2019-15165", "CVE-2019-15166", "CVE-2019-1551", "CVE-2019-15903", "CVE-2019-16168", "CVE-2019-16935", "CVE-2019-18197", "CVE-2019-18609", "CVE-2019-19221", "CVE-2019-19906", "CVE-2019-19956", "CVE-2019-20218", "CVE-2019-20387", "CVE-2019-20388", "CVE-2019-20454", "CVE-2019-20807", "CVE-2019-20907", "CVE-2019-20916", "CVE-2019-5018", "CVE-2019-8625", "CVE-2019-8710", "CVE-2019-8720", "CVE-2019-8743", "CVE-2019-8764", "CVE-2019-8766", "CVE-2019-8769", "CVE-2019-8771", "CVE-2019-8782", "CVE-2019-8783", "CVE-2019-8808", "CVE-2019-8811", "CVE-2019-8812", "CVE-2019-8813", "CVE-2019-8814", "CVE-2019-8815", "CVE-2019-8816", "CVE-2019-8819", "CVE-2019-8820", "CVE-2019-8823", "CVE-2019-8835", "CVE-2019-8844", "CVE-2019-8846", "CVE-2020-10018", "CVE-2020-10029", "CVE-2020-11793", "CVE-2020-13630", "CVE-2020-13631", "CVE-2020-13632", "CVE-2020-14019", "CVE-2020-14040", "CVE-2020-14382", "CVE-2020-14391", "CVE-2020-14422", "CVE-2020-15503", "CVE-2020-15586", "CVE-2020-16845", "CVE-2020-1730", "CVE-2020-1751", "CVE-2020-1752", "CVE-2020-25660", "CVE-2020-3862", "CVE-2020-3864", "CVE-2020-3865", "CVE-2020-3867", "CVE-2020-3868", "CVE-2020-3885", "CVE-2020-3894", "CVE-2020-3895", "CVE-2020-3897", "CVE-2020-3899", "CVE-2020-3900", "CVE-2020-3901", "CVE-2020-3902", "CVE-2020-6405", "CVE-2020-7595", "CVE-2020-7720", "CVE-2020-8177", "CVE-2020-8237", "CVE-2020-8492", "CVE-2020-9327", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850", "CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925"], "description": "Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Container Storage provisions a multicloud data management service with an S3 compatible API.\n\nThese updated images include numerous security fixes, bug fixes, and enhancements. \n\nSecurity Fix(es):\n\n* nodejs-node-forge: prototype pollution via the util.setPath function (CVE-2020-7720)\n\n* nodejs-json-bigint: Prototype pollution via `__proto__` assignment could result in DoS (CVE-2020-8237)\n\n* golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)\n\n* golang: data race in certain net/http servers including ReverseProxy can lead to DoS (CVE-2020-15586)\n\n* golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (CVE-2020-16845)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nUsers are directed to the Red Hat OpenShift Container Storage Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_container_storage/4.6/html/4.6_release_notes/index\n\nAll Red Hat OpenShift Container Storage users are advised to upgrade to\nthese updated images.", "modified": "2020-12-17T10:36:03", "published": "2020-12-17T10:33:21", "id": "RHSA-2020:5605", "href": "https://access.redhat.com/errata/RHSA-2020:5605", "type": "redhat", "title": "(RHSA-2020:5605) Moderate: Red Hat OpenShift Container Storage 4.6.0 security, bug fix, enhancement update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "slackware": [{"lastseen": "2020-10-25T16:36:01", "bulletinFamily": "unix", "cvelist": ["CVE-2017-16808", "CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16301", "CVE-2018-16451", "CVE-2018-16452", "CVE-2019-15166", "CVE-2019-15167"], "description": "New libpcap and tcpdump packages are available for Slackware 14.0, 14.1, 14.2,\nand -current to fix security issues.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/libpcap-1.9.1-i586-1_slack14.2.txz: Upgraded.\n This update is required for the new version of tcpdump.\npatches/packages/tcpdump-4.9.3-i586-1_slack14.2.txz: Upgraded.\n Fix buffer overflow/overread vulnerabilities and command line\n argument/local issues.\n For more information, see:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16808\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14468\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14469\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14470\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14466\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14461\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14462\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14465\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14881\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14464\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14463\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14467\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10103\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10105\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14880\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16451\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14882\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16227\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16229\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16301\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16230\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16452\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16300\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16228\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15166\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15167\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14879\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/libpcap-1.9.1-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/tcpdump-4.9.3-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/libpcap-1.9.1-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/tcpdump-4.9.3-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/libpcap-1.9.1-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/tcpdump-4.9.3-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/libpcap-1.9.1-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/tcpdump-4.9.3-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/libpcap-1.9.1-i586-1_slack14.2.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/tcpdump-4.9.3-i586-1_slack14.2.txz\n\nUpdated packages for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/libpcap-1.9.1-x86_64-1_slack14.2.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/tcpdump-4.9.3-x86_64-1_slack14.2.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libpcap-1.9.0-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/tcpdump-4.9.2-i586-3.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libpcap-1.9.1-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/tcpdump-4.9.3-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.0 packages:\n0855bcc24c0d39f6ec3c6fa7d956ebf4 libpcap-1.9.1-i486-1_slack14.0.txz\n1c53d8ea7923c5947dbbf0eb2dfca2aa tcpdump-4.9.3-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n080435560c6498ba82e3131d9d7f36e4 libpcap-1.9.1-x86_64-1_slack14.0.txz\n3740823881e104943cb15be6870a0e7d tcpdump-4.9.3-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n7f1dffd77993897a3729c1fb3ea5e395 libpcap-1.9.1-i486-1_slack14.1.txz\nb267563e154bbddab251e8e2c7a11f69 tcpdump-4.9.3-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\n1177a6f007a4924c2116d15f8cb92900 libpcap-1.9.1-x86_64-1_slack14.1.txz\nde9844ab61993927903a91fc05450c8c tcpdump-4.9.3-x86_64-1_slack14.1.txz\n\nSlackware 14.2 packages:\n2672c9a84590170ff8f7f2b233af9a38 libpcap-1.9.1-i586-1_slack14.2.txz\n578dbf94aa192915243e2d200c557cc5 tcpdump-4.9.3-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 packages:\n16f70962eebe606d3d9668202752bc51 libpcap-1.9.1-x86_64-1_slack14.2.txz\n0a4b8400d30a84bc1df774b3537cb4b5 tcpdump-4.9.3-x86_64-1_slack14.2.txz\n\nSlackware -current packages:\n8765839c82fc67a8075b9e1c5211776b l/libpcap-1.9.0-i586-1.txz\n9de3c38d7c061534d28b5b599ab5d563 n/tcpdump-4.9.2-i586-3.txz\n\nSlackware x86_64 -current packages:\ncb278799afec0d6e99ce9a126b9e65f3 l/libpcap-1.9.1-x86_64-1.txz\n2d14083ccadb447e5af06e0f940fefa5 n/tcpdump-4.9.3-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the packages as root:\n > upgradepkg libpcap-1.9.1-i586-1_slack14.2.txz tcpdump-4.9.3-i586-1_slack14.2.txz", "modified": "2019-10-02T06:51:41", "published": "2019-10-02T06:51:41", "id": "SSA-2019-274-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2019&m=slackware-security.682249", "type": "slackware", "title": "[slackware-security] tcpdump", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-02T11:33:42", "bulletinFamily": "unix", "cvelist": ["CVE-2018-19519", "CVE-2018-16300", "CVE-2018-14463", "CVE-2018-14469", "CVE-2018-10103", "CVE-2018-14467", "CVE-2018-10105", "CVE-2018-16229", "CVE-2018-16452", "CVE-2018-14466", "CVE-2018-14470", "CVE-2018-14880", "CVE-2018-14882", "CVE-2017-16808", "CVE-2018-14879", "CVE-2018-16451", "CVE-2018-16227", "CVE-2019-1010220", "CVE-2018-14468", "CVE-2018-16228", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-16230", "CVE-2018-14465", "CVE-2019-15166", "CVE-2018-14464", "CVE-2019-15167", "CVE-2018-14881"], "description": "Multiple security issues were discovered in tcpdump. A remote attacker \ncould use these issues to cause tcpdump to crash, resulting in a denial of \nservice, or possibly execute arbitrary code.", "edition": 2, "modified": "2020-01-27T00:00:00", "published": "2020-01-27T00:00:00", "id": "USN-4252-1", "href": "https://ubuntu.com/security/notices/USN-4252-1", "title": "tcpdump vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-02T11:41:48", "bulletinFamily": "unix", "cvelist": ["CVE-2018-19519", "CVE-2018-16300", "CVE-2018-14463", "CVE-2018-14469", "CVE-2018-10103", "CVE-2018-14467", "CVE-2018-10105", "CVE-2018-16229", "CVE-2018-16452", "CVE-2018-14466", "CVE-2018-14470", "CVE-2018-14880", "CVE-2018-14882", "CVE-2017-16808", "CVE-2018-14879", "CVE-2018-16451", "CVE-2018-16227", "CVE-2019-1010220", "CVE-2018-14468", "CVE-2018-16228", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-16230", "CVE-2018-14465", "CVE-2019-15166", "CVE-2018-14464", "CVE-2019-15167", "CVE-2018-14881"], "description": "USN-4252-1 fixed several vulnerabilities in tcpdump. This update provides \nthe corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.\n\nOriginal advisory details:\n\nMultiple security issues were discovered in tcpdump. A remote attacker \ncould use these issues to cause tcpdump to crash, resulting in a denial of \nservice, or possibly execute arbitrary code.", "edition": 2, "modified": "2020-01-27T00:00:00", "published": "2020-01-27T00:00:00", "id": "USN-4252-2", "href": "https://ubuntu.com/security/notices/USN-4252-2", "title": "tcpdump vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2019-10-21T02:33:06", "bulletinFamily": "unix", "cvelist": ["CVE-2018-16300", "CVE-2018-14463", "CVE-2018-14469", "CVE-2018-10103", "CVE-2018-14467", "CVE-2018-10105", "CVE-2018-16229", "CVE-2018-16452", "CVE-2018-14466", "CVE-2018-14470", "CVE-2018-14880", "CVE-2018-16301", "CVE-2018-14882", "CVE-2017-16808", "CVE-2018-14879", "CVE-2018-16451", "CVE-2018-16227", "CVE-2019-1010220", "CVE-2018-14468", "CVE-2018-16228", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-16230", "CVE-2018-14465", "CVE-2019-15166", "CVE-2018-14464", "CVE-2019-15167", "CVE-2018-14881"], "description": "This update for tcpdump fixes the following issues:\n\n - CVE-2017-16808: Fixed a heap-based buffer over-read related to aoe_print\n and lookup_emem (bsc#1068716 bsc#1153098).\n - CVE-2018-10103: Fixed a mishandling of the printing of SMB data\n (bsc#1153098).\n - CVE-2018-10105: Fixed a mishandling of the printing of SMB data\n (bsc#1153098).\n - CVE-2018-14461: Fixed a buffer over-read in print-ldp.c:ldp_tlv_print\n (bsc#1153098).\n - CVE-2018-14462: Fixed a buffer over-read in print-icmp.c:icmp_print\n (bsc#1153098).\n - CVE-2018-14463: Fixed a buffer over-read in print-vrrp.c:vrrp_print\n (bsc#1153098).\n - CVE-2018-14464: Fixed a buffer over-read in\n print-lmp.c:lmp_print_data_link_subobjs (bsc#1153098).\n - CVE-2018-14465: Fixed a buffer over-read in print-rsvp.c:rsvp_obj_print\n (bsc#1153098).\n - CVE-2018-14466: Fixed a buffer over-read in print-rx.c:rx_cache_find\n (bsc#1153098).\n - CVE-2018-14467: Fixed a buffer over-read in\n print-bgp.c:bgp_capabilities_print (bsc#1153098).\n - CVE-2018-14468: Fixed a buffer over-read in print-fr.c:mfr_print\n (bsc#1153098).\n - CVE-2018-14469: Fixed a buffer over-read in print-isakmp.c:ikev1_n_print\n (bsc#1153098).\n - CVE-2018-14470: Fixed a buffer over-read in print-babel.c:babel_print_v2\n (bsc#1153098).\n - CVE-2018-14879: Fixed a buffer overflow in the command-line argument\n parser (bsc#1153098).\n - CVE-2018-14880: Fixed a buffer over-read in the OSPFv3 parser\n (bsc#1153098).\n - CVE-2018-14881: Fixed a buffer over-read in the BGP parser (bsc#1153098).\n - CVE-2018-14882: Fixed a buffer over-read in the ICMPv6 parser\n (bsc#1153098).\n - CVE-2018-16227: Fixed a buffer over-read in the IEEE 802.11 parser in\n print-802_11.c for the Mesh Flags subfield (bsc#1153098).\n - CVE-2018-16228: Fixed a buffer over-read in the HNCP parser\n (bsc#1153098).\n - CVE-2018-16229: Fixed a buffer over-read in the DCCP parser\n (bsc#1153098).\n - CVE-2018-16230: Fixed a buffer over-read in the BGP parser in\n print-bgp.c:bgp_attr_print (bsc#1153098).\n - CVE-2018-16300: Fixed an unlimited recursion in the BGP parser that\n allowed denial-of-service by stack consumption (bsc#1153098).\n - CVE-2018-16301: Fixed a buffer overflow (bsc#1153332 bsc#1153098).\n - CVE-2018-16451: Fixed several buffer over-reads in\n print-smb.c:print_trans() for \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN\n (bsc#1153098).\n - CVE-2018-16452: Fixed a stack exhaustion in smbutil.c:smb_fdata\n (bsc#1153098).\n - CVE-2019-15166: Fixed a bounds check in lmp_print_data_link_subobjs\n (bsc#1153098).\n - CVE-2019-15167: Fixed a vulnerability in VRRP (bsc#1153098).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2019-10-21T00:11:15", "published": "2019-10-21T00:11:15", "id": "OPENSUSE-SU-2019:2344-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html", "title": "Security update for tcpdump (important)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-10-21T02:33:06", "bulletinFamily": "unix", "cvelist": ["CVE-2018-16300", "CVE-2018-14463", "CVE-2018-14469", "CVE-2018-10103", "CVE-2018-14467", "CVE-2018-10105", "CVE-2018-16229", "CVE-2018-16452", "CVE-2018-14466", "CVE-2018-14470", "CVE-2018-14880", "CVE-2018-16301", "CVE-2018-14882", "CVE-2017-16808", "CVE-2018-14879", "CVE-2018-16451", "CVE-2018-16227", "CVE-2019-1010220", "CVE-2018-14468", "CVE-2018-16228", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-16230", "CVE-2018-14465", "CVE-2019-15166", "CVE-2018-14464", "CVE-2019-15167", "CVE-2018-14881"], "description": "This update for tcpdump fixes the following issues:\n\n - CVE-2017-16808: Fixed a heap-based buffer over-read related to aoe_print\n and lookup_emem (bsc#1068716 bsc#1153098).\n - CVE-2018-10103: Fixed a mishandling of the printing of SMB data\n (bsc#1153098).\n - CVE-2018-10105: Fixed a mishandling of the printing of SMB data\n (bsc#1153098).\n - CVE-2018-14461: Fixed a buffer over-read in print-ldp.c:ldp_tlv_print\n (bsc#1153098).\n - CVE-2018-14462: Fixed a buffer over-read in print-icmp.c:icmp_print\n (bsc#1153098).\n - CVE-2018-14463: Fixed a buffer over-read in print-vrrp.c:vrrp_print\n (bsc#1153098).\n - CVE-2018-14464: Fixed a buffer over-read in\n print-lmp.c:lmp_print_data_link_subobjs (bsc#1153098).\n - CVE-2018-14465: Fixed a buffer over-read in print-rsvp.c:rsvp_obj_print\n (bsc#1153098).\n - CVE-2018-14466: Fixed a buffer over-read in print-rx.c:rx_cache_find\n (bsc#1153098).\n - CVE-2018-14467: Fixed a buffer over-read in\n print-bgp.c:bgp_capabilities_print (bsc#1153098).\n - CVE-2018-14468: Fixed a buffer over-read in print-fr.c:mfr_print\n (bsc#1153098).\n - CVE-2018-14469: Fixed a buffer over-read in print-isakmp.c:ikev1_n_print\n (bsc#1153098).\n - CVE-2018-14470: Fixed a buffer over-read in print-babel.c:babel_print_v2\n (bsc#1153098).\n - CVE-2018-14879: Fixed a buffer overflow in the command-line argument\n parser (bsc#1153098).\n - CVE-2018-14880: Fixed a buffer over-read in the OSPFv3 parser\n (bsc#1153098).\n - CVE-2018-14881: Fixed a buffer over-read in the BGP parser (bsc#1153098).\n - CVE-2018-14882: Fixed a buffer over-read in the ICMPv6 parser\n (bsc#1153098).\n - CVE-2018-16227: Fixed a buffer over-read in the IEEE 802.11 parser in\n print-802_11.c for the Mesh Flags subfield (bsc#1153098).\n - CVE-2018-16228: Fixed a buffer over-read in the HNCP parser\n (bsc#1153098).\n - CVE-2018-16229: Fixed a buffer over-read in the DCCP parser\n (bsc#1153098).\n - CVE-2018-16230: Fixed a buffer over-read in the BGP parser in\n print-bgp.c:bgp_attr_print (bsc#1153098).\n - CVE-2018-16300: Fixed an unlimited recursion in the BGP parser that\n allowed denial-of-service by stack consumption (bsc#1153098).\n - CVE-2018-16301: Fixed a buffer overflow (bsc#1153332 bsc#1153098).\n - CVE-2018-16451: Fixed several buffer over-reads in\n print-smb.c:print_trans() for \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN\n (bsc#1153098).\n - CVE-2018-16452: Fixed a stack exhaustion in smbutil.c:smb_fdata\n (bsc#1153098).\n - CVE-2019-15166: Fixed a bounds check in lmp_print_data_link_subobjs\n (bsc#1153098).\n - CVE-2019-15167: Fixed a vulnerability in VRRP (bsc#1153098).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2019-10-21T00:13:43", "published": "2019-10-21T00:13:43", "id": "OPENSUSE-SU-2019:2348-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html", "title": "Security update for tcpdump (important)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cloudfoundry": [{"lastseen": "2020-02-13T04:33:45", "bulletinFamily": "software", "cvelist": ["CVE-2018-19519", "CVE-2018-16300", "CVE-2018-14463", "CVE-2018-14469", "CVE-2018-10103", "CVE-2018-14467", "CVE-2018-10105", "CVE-2018-16229", "CVE-2018-16452", "CVE-2018-14466", "CVE-2018-14470", "CVE-2018-14880", "CVE-2018-14882", "CVE-2017-16808", "CVE-2018-14879", "CVE-2018-16451", "CVE-2018-16227", "CVE-2019-1010220", "CVE-2018-14468", "CVE-2018-16228", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-16230", "CVE-2018-14465", "CVE-2019-15166", "CVE-2018-14464", "CVE-2019-15167", "CVE-2018-14881"], "description": "# \n\n## Severity\n\nMedium\n\n## Vendor\n\nCanonical Ubuntu\n\n## Versions Affected\n\n * Canonical Ubuntu 16.04\n * Canonical Ubuntu 18.04\n\n## Description\n\nMultiple security issues were discovered in tcpdump. A remote attacker could use these issues to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code.\n\nCVEs contained in this USN include: CVE-2017-16808, CVE-2018-19519, CVE-2018-10103, CVE-2018-10105, CVE-2018-14461, CVE-2018-14462, CVE-2018-14463, CVE-2018-14464, CVE-2018-14465, CVE-2018-14466, CVE-2018-14467, CVE-2018-14468, CVE-2018-14469, CVE-2018-14470, CVE-2018-14879, CVE-2018-14880, CVE-2018-14881, CVE-2018-14882, CVE-2018-16227, CVE-2018-16228, CVE-2018-16229, CVE-2018-16230, CVE-2018-16300, CVE-2018-16451, CVE-2018-16452, CVE-2019-1010220, CVE-2019-15166, CVE-2019-15167.\n\n## Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * Xenial Stemcells \n * 621.x versions prior to 621.55\n * 456.x versions prior to 456.96\n * 315.x versions prior to 315.167\n * 250.x versions prior to 250.181\n * 170.x versions prior to 170.201\n * 97.x versions prior to 97.230\n * All other stemcells not listed.\n * cflinuxfs3 \n * All versions prior to 0.158.0\n * CF Deployment \n * All versions prior to v12.29.0\n\n## Mitigation\n\nUsers of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:\n\n * Xenial Stemcells \n * Upgrade 621.x versions to 621.55 or greater\n * Upgrade 456.x versions to 456.96 or greater\n * Upgrade 315.x versions to 315.167 or greater\n * Upgrade 250.x versions to 250.181 or greater\n * Upgrade 170.x versions to 170.201 or greater\n * Upgrade 97.x versions to 97.230 or greater\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells>).\n * cflinuxfs3 \n * Upgrade all versions to 0.158.0 or greater\n * CF Deployment \n * Upgrade all versions to v12.29.0 or greater\n\n## References\n\n * [USN Notice](<https://usn.ubuntu.com/4252-1/>)\n * [CVE-2017-16808](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16808>)\n * [CVE-2018-19519](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19519>)\n * [CVE-2018-10103](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-10103>)\n * [CVE-2018-10105](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-10105>)\n * [CVE-2018-14461](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14461>)\n * [CVE-2018-14462](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14462>)\n * [CVE-2018-14463](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14463>)\n * [CVE-2018-14464](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14464>)\n * [CVE-2018-14465](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14465>)\n * [CVE-2018-14466](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14466>)\n * [CVE-2018-14467](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14467>)\n * [CVE-2018-14468](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14468>)\n * [CVE-2018-14469](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14469>)\n * [CVE-2018-14470](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14470>)\n * [CVE-2018-14879](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14879>)\n * [CVE-2018-14880](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14880>)\n * [CVE-2018-14881](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14881>)\n * [CVE-2018-14882](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14882>)\n * [CVE-2018-16227](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16227>)\n * [CVE-2018-16228](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16228>)\n * [CVE-2018-16229](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16229>)\n * [CVE-2018-16230](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16230>)\n * [CVE-2018-16300](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16300>)\n * [CVE-2018-16451](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16451>)\n * [CVE-2018-16452](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16452>)\n * [CVE-2019-1010220](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-1010220>)\n * [CVE-2019-15166](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15166>)\n * [CVE-2019-15167](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15167>)\n\n## History\n\n2020-01-27: Initial vulnerability report published.\n", "edition": 1, "modified": "2020-02-12T00:00:00", "published": "2020-02-12T00:00:00", "id": "CFOUNDRY:40DA9EC9652A3858F9F7AF08C709173D", "href": "https://www.cloudfoundry.org/blog/usn-4252-1/", "title": "USN-4252-1: tcpdump vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2017-16808", "CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16301", "CVE-2018-16451", "CVE-2018-16452", "CVE-2018-19519", "CVE-2019-1010220", "CVE-2019-15166", "CVE-2019-15167"], "description": "Tcpdump is a command-line tool for monitoring network traffic. Tcpdump can capture and display the packet headers on a particular network interface or on all interfaces. Tcpdump can display all of the packet headers, or just the ones that match particular criteria. Install tcpdump if you need a program to monitor network traffic. ", "modified": "2019-10-25T18:09:47", "published": "2019-10-25T18:09:47", "id": "FEDORA:2D179607011A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: tcpdump-4.9.3-1.fc29", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2017-16808", "CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16301", "CVE-2018-16451", "CVE-2018-16452", "CVE-2018-19519", "CVE-2019-1010220", "CVE-2019-15166", "CVE-2019-15167"], "description": "Tcpdump is a command-line tool for monitoring network traffic. Tcpdump can capture and display the packet headers on a particular network interface or on all interfaces. Tcpdump can display all of the packet headers, or just the ones that match particular criteria. Install tcpdump if you need a program to monitor network traffic. ", "modified": "2019-10-28T01:03:58", "published": "2019-10-28T01:03:58", "id": "FEDORA:24BBA6076F61", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: tcpdump-4.9.3-1.fc30", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2017-16808", "CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14470", "CVE-2018-14879", "CVE-2018-14880", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16301", "CVE-2018-16451", "CVE-2018-16452", "CVE-2018-19519", "CVE-2019-1010220", "CVE-2019-15166", "CVE-2019-15167"], "description": "Tcpdump is a command-line tool for monitoring network traffic. Tcpdump can capture and display the packet headers on a particular network interface or on all interfaces. Tcpdump can display all of the packet headers, or just the ones that match particular criteria. Install tcpdump if you need a program to monitor network traffic. ", "modified": "2019-10-30T00:58:06", "published": "2019-10-30T00:58:06", "id": "FEDORA:30E0D6049C87", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 31 Update: tcpdump-4.9.3-1.fc31", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "f5": [{"lastseen": "2020-04-06T22:40:22", "bulletinFamily": "software", "cvelist": ["CVE-2018-16300", "CVE-2018-10103", "CVE-2018-10105", "CVE-2018-16229", "CVE-2018-16452", "CVE-2018-14882", "CVE-2018-16451", "CVE-2018-16227", "CVE-2018-16228", "CVE-2018-16230", "CVE-2019-15166", "CVE-2018-14881"], "description": "\nF5 Product Development has assigned ID 842829 (BIG-IP, BIG-IQ, Enterprise Manager, and F5 iWorkflow) and ID CPF-25158 (Traffix SDC) to this vulnerability.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases, point releases, or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) | 15.x | 15.0.0 - 15.0.1 | None | Medium | [6.5](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L>) | **tcpdump** \n14.x | 14.0.0 - 14.1.2 | None \n13.x | 13.1.0 - 13.1.3 | None \n12.x | 12.1.0 - 12.1.5 | None \n11.x | 11.5.2 - 11.6.5 | None \nEnterprise Manager | 3.x | 3.1.1 | None | Medium | [6.5](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L>) | **tcpdump** \nBIG-IQ Centralized Management | 7.x | 7.0.0 | None | Medium | [6.5](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L>) | **tcpdump** \n6.x | 6.0.0 - 6.1.0 | None \n5.x | 5.2.0 - 5.4.0 | None \nF5 iWorkflow | 2.x | 2.3.0 | None | Medium | [6.5](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L>) | **tcpdump** \nTraffix SDC | 5.x | 5.0.0 - 5.1.0 | None | Medium | [5.4](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L>) | **tcpdump** \n \n1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nTo avoid this vulnerability, F5 recommends that you perform **tcpdump** during troubleshooting sessions and avoid running it unattended for a long duration of time.\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K9502: BIG-IP hotfix and point release matrix](<https://support.f5.com/csp/article/K9502>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 15.x)](<https://support.f5.com/csp/article/K13123>)\n * [K15106: Managing BIG-IQ product hotfixes](<https://support.f5.com/csp/article/K15106>)\n * [K15113: BIG-IQ hotfix and point release matrix](<https://support.f5.com/csp/article/K15113>)\n * [K48955220: Installing an OPSWAT Endpoint Security update on BIG-IP APM systems (11.4.x and later)](<https://support.f5.com/csp/article/K48955220>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems](<https://support.f5.com/csp/article/K21232150>)\n", "edition": 1, "modified": "2019-11-11T19:50:00", "published": "2019-11-11T19:50:00", "id": "F5:K44551633", "href": "https://support.f5.com/csp/article/K44551633", "title": "Multiple tcpdump vulnerabilities", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-06T22:40:26", "bulletinFamily": "software", "cvelist": ["CVE-2018-14879"], "description": "\nF5 Product Development has assigned CPF-25153 (Traffix SDC) to this vulnerability.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases, point releases, or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) | 15.x | None | Not applicable | Not vulnerable2 | None | None \n14.x | None | Not applicable \n13.x | None | Not applicable \n12.x | None | Not applicable \n11.x | None | Not applicable \nEnterprise Manager | 3.x | None | Not applicable | Not vulnerable2 | None | None \nBIG-IQ Centralized Management | 7.x | None | Not applicable | Not vulnerable2 | None | None \n6.x | None | Not applicable \n5.x | None | Not applicable \nF5 iWorkflow | 2.x | None | Not applicable | Not vulnerable2 | None | None \nTraffix SDC | 5.x | 5.0.0 - 5.1.0 | None | Medium | [5.3](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L>) | tcpdump \n \n1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\n2The specified products contain the affected code. However, F5 identifies the vulnerability status as not vulnerable because the attacker cannot exploit the code in default, standard, or recommended configurations.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2019-11-08T18:25:00", "published": "2019-11-08T18:25:00", "id": "F5:K51512510", "href": "https://support.f5.com/csp/article/K51512510", "title": "tcpdump vulnerability CVE-2018-14879", "type": "f5", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-06T22:40:49", "bulletinFamily": "software", "cvelist": ["CVE-2018-14880"], "description": "\nF5 Product Development has assigned ID 835537 (BIG-IP), ID 838361 (BIG-IQ), ID 838693 (Enterprise Manager), and ID 838681 (F5 iWorkflow) to this vulnerability.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases, point releases, or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) | 15.x | 15.0.0 - 15.0.1 | None | Low | [1.8](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N>) | tcpdump \n14.x | 14.0.0 - 14.1.2 | None \n13.x | 13.1.0 - 13.1.3 | None \n12.x | 12.1.0 - 12.1.5 | None \n11.x | 11.5.2 - 11.6.5 | None \nEnterprise Manager | 3.x | 3.1.1 | None | Low | [1.8](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N>) | tcpdump \nBIG-IQ Centralized Management | 7.x | 7.0.0 | None | Low | [1.8](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N>) | tcpdump \n6.x | 6.0.0 - 6.1.0 | None \n5.x | 5.2.0 - 5.4.0 | None \nF5 iWorkflow | 2.x | 2.3.0 | None | Low | [1.8](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N>) | tcpdump \nTraffix SDC | 5.x | 5.0.0 - 5.1.0 | None | Low | [1.8](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N>) | tcpdump \n \n1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nTo mitigate this vulnerability, you can avoid running the tcpdump command on untrusted OSPFv3 traffic and traffic captures.\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K9502: BIG-IP hotfix and point release matrix](<https://support.f5.com/csp/article/K9502>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 15.x)](<https://support.f5.com/csp/article/K13123>)\n * [K15106: Managing BIG-IQ product hotfixes](<https://support.f5.com/csp/article/K15106>)\n * [K15113: BIG-IQ hotfix and point release matrix](<https://support.f5.com/csp/article/K15113>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems](<https://support.f5.com/csp/article/K21232150>)\n", "edition": 1, "modified": "2019-10-28T20:19:00", "published": "2019-10-28T20:19:00", "id": "F5:K56551263", "href": "https://support.f5.com/csp/article/K56551263", "title": "tcpdump vulnerability CVE-2018-14880", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-04-06T22:40:09", "bulletinFamily": "software", "cvelist": ["CVE-2018-14468"], "description": "\nF5 Product Development has assigned ID 842829 (BIG-IP), ID 845381, 845421 (BIG-IQ), and ID 843873 (Enterprise Manager) to this vulnerability.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases, point releases, or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) | 15.x | 15.0.0 - 15.0.1 | Not applicable | Medium | [5.4](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L>) | tcpdump \n14.x | 14.0.0 - 14.1.2 | Not applicable \n13.x | 13.1.0 - 13.1.3 | Not applicable \n12.x | 12.1.0 - 12.1.5 | Not applicable \n11.x | 11.6.0 - 11.6.5 | Not applicable \nEnterprise Manager | 3.x | 3.1.1 | Not applicable | Medium | [5.4](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L>) | tcpdump \nBIG-IQ Centralized Management | 7.x | 7.0.0 | Not applicable | Medium | [5.4](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L>) | tcpdump \n6.x | 6.0.0 - 6.1.0 | Not applicable \n5.x | 5.2.0 - 5.4.0 | Not applicable \nF5 iWorkflow | 2.x | 2.3.0 | Not applicable | Medium | [5.4](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L>) | tcpdump \nTraffix SDC | 5.x | 5.0.0 - 5.1.0 | Not applicable | Medium2 | [5.4](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L>) | tcpdump \n \n1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\n2The specified products contain the affected code. However, F5 identifies the vulnerability status as Not vulnerable because the **tcpdump **utility is not installed in default, standard, or recommended configurations.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nFor the Traffix SDC product, to mitigate this vulnerability, you can update the **tcpdump **package to the latest version (4.9.3 or later).\n\n**Impact of action**: Performing the recommended action should not have a negative impact on your system.\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K9502: BIG-IP hotfix and point release matrix](<https://support.f5.com/csp/article/K9502>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 15.x)](<https://support.f5.com/csp/article/K13123>)\n * [K15106: Managing BIG-IQ product hotfixes](<https://support.f5.com/csp/article/K15106>)\n * [K15113: BIG-IQ hotfix and point release matrix](<https://support.f5.com/csp/article/K15113>)\n * [K48955220: Installing an OPSWAT Endpoint Security update on BIG-IP APM systems (11.4.x and later)](<https://support.f5.com/csp/article/K48955220>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems](<https://support.f5.com/csp/article/K21232150>)\n", "edition": 1, "modified": "2019-11-05T00:11:00", "published": "2019-11-05T00:11:00", "id": "F5:K04367730", "href": "https://support.f5.com/csp/article/K04367730", "title": "FRF.16 parser vulnerability CVE-2018-14468", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2020-10-03T13:07:38", "description": "tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c.", "edition": 14, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-11-13T21:29:00", "title": "CVE-2017-16808", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16808"], "modified": "2019-10-02T16:15:00", "cpe": ["cpe:/a:tcpdump:tcpdump:4.9.2"], "id": "CVE-2017-16808", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16808", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:tcpdump:tcpdump:4.9.2:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:25:37", "description": "The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion.", "edition": 17, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-10-03T16:15:00", "title": "CVE-2018-16300", "type": "cve", "cwe": ["CWE-674"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16300"], "modified": "2019-10-11T23:15:00", "cpe": [], "id": "CVE-2018-16300", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16300", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": []}, {"lastseen": "2020-12-09T20:25:35", "description": "The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert().", "edition": 18, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-10-03T16:15:00", "title": "CVE-2018-14466", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14466"], "modified": "2020-01-20T13:15:00", "cpe": ["cpe:/o:opensuse:leap:15.0", "cpe:/o:debian:debian_linux:10.0", "cpe:/o:fedoraproject:fedora:29", "cpe:/o:fedoraproject:fedora:30", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:opensuse:leap:15.1", "cpe:/o:redhat:enterprise_linux:7.0", "cpe:/o:redhat:enterprise_linux:8.0", "cpe:/o:fedoraproject:fedora:31", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-14466", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14466", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:25:35", "description": "The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().", "edition": 18, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-10-03T16:15:00", "title": "CVE-2018-14469", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14469"], "modified": "2020-01-20T13:15:00", "cpe": ["cpe:/o:opensuse:leap:15.0", "cpe:/a:f5:traffix_sdc:5.1.0", "cpe:/o:debian:debian_linux:10.0", "cpe:/o:fedoraproject:fedora:29", "cpe:/o:fedoraproject:fedora:30", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:opensuse:leap:15.1", "cpe:/o:redhat:enterprise_linux:7.0", "cpe:/o:redhat:enterprise_linux:8.0", "cpe:/o:fedoraproject:fedora:31", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-14469", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14469", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:traffix_sdc:5.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:25:35", "description": "The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().", "edition": 18, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-10-03T16:15:00", "title": "CVE-2018-14465", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14465"], "modified": "2020-01-20T13:15:00", "cpe": ["cpe:/o:opensuse:leap:15.0", "cpe:/a:f5:traffix_sdc:5.1.0", "cpe:/o:debian:debian_linux:10.0", "cpe:/o:fedoraproject:fedora:29", "cpe:/o:fedoraproject:fedora:30", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:opensuse:leap:15.1", "cpe:/o:redhat:enterprise_linux:7.0", "cpe:/o:redhat:enterprise_linux:8.0", "cpe:/o:fedoraproject:fedora:31", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-14465", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14465", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:traffix_sdc:5.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:25:35", "description": "The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP).", "edition": 18, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-10-03T16:15:00", "title": "CVE-2018-14467", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14467"], "modified": "2020-01-20T13:15:00", "cpe": ["cpe:/o:opensuse:leap:15.0", "cpe:/o:debian:debian_linux:10.0", "cpe:/o:fedoraproject:fedora:29", "cpe:/o:fedoraproject:fedora:30", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:opensuse:leap:15.1", "cpe:/o:redhat:enterprise_linux:7.0", "cpe:/o:redhat:enterprise_linux:8.0", "cpe:/o:fedoraproject:fedora:31", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-14467", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14467", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:25:35", "description": "The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs().", "edition": 18, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-10-03T16:15:00", "title": "CVE-2018-14464", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14464"], "modified": "2020-01-20T13:15:00", "cpe": ["cpe:/o:opensuse:leap:15.0", "cpe:/o:debian:debian_linux:10.0", "cpe:/o:fedoraproject:fedora:29", "cpe:/o:fedoraproject:fedora:30", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:opensuse:leap:15.1", "cpe:/o:redhat:enterprise_linux:7.0", "cpe:/o:redhat:enterprise_linux:8.0", "cpe:/o:fedoraproject:fedora:31", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-14464", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14464", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:25:37", "description": "The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().", "edition": 18, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-10-03T16:15:00", "title": "CVE-2018-16228", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16228"], "modified": "2020-01-20T13:15:00", "cpe": ["cpe:/o:opensuse:leap:15.0", "cpe:/o:debian:debian_linux:10.0", "cpe:/o:fedoraproject:fedora:29", "cpe:/o:fedoraproject:fedora:30", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:opensuse:leap:15.1", "cpe:/o:redhat:enterprise_linux:7.0", "cpe:/o:redhat:enterprise_linux:8.0", "cpe:/o:fedoraproject:fedora:31", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-16228", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16228", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:25:35", "description": "The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print().", "edition": 18, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-10-03T16:15:00", "title": "CVE-2018-14461", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14461"], "modified": "2020-01-20T13:15:00", "cpe": ["cpe:/o:opensuse:leap:15.0", "cpe:/o:debian:debian_linux:10.0", "cpe:/o:fedoraproject:fedora:29", "cpe:/o:fedoraproject:fedora:30", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:opensuse:leap:15.1", "cpe:/o:redhat:enterprise_linux:7.0", "cpe:/o:redhat:enterprise_linux:8.0", "cpe:/o:fedoraproject:fedora:31", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-14461", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14461", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:25:35", "description": "The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().", "edition": 18, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-10-03T16:15:00", "title": "CVE-2018-14470", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14470"], "modified": "2020-01-20T13:15:00", "cpe": ["cpe:/o:opensuse:leap:15.0", "cpe:/o:debian:debian_linux:10.0", "cpe:/o:fedoraproject:fedora:29", "cpe:/o:fedoraproject:fedora:30", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:opensuse:leap:15.1", "cpe:/o:redhat:enterprise_linux:7.0", "cpe:/o:redhat:enterprise_linux:8.0", "cpe:/o:fedoraproject:fedora:31", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-14470", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14470", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*"]}], "apple": [{"lastseen": "2020-12-24T20:42:08", "bulletinFamily": "software", "cvelist": ["CVE-2012-2668", "CVE-2019-8852", "CVE-2019-8842", "CVE-2019-8851", "CVE-2018-16300", "CVE-2019-13057", "CVE-2018-14463", "CVE-2018-14469", "CVE-2018-10103", "CVE-2019-8834", "CVE-2018-14467", "CVE-2019-8830", "CVE-2018-10105", "CVE-2018-16229", "CVE-2019-8848", "CVE-2019-8847", "CVE-2018-16452", "CVE-2018-14466", "CVE-2019-15126", "CVE-2019-8828", "CVE-2019-8832", "CVE-2018-14470", "CVE-2018-14880", "CVE-2018-16301", "CVE-2020-9782", "CVE-2015-1545", "CVE-2012-1164", "CVE-2018-14882", "CVE-2019-8833", "CVE-2013-4449", "CVE-2017-16808", "CVE-2018-14879", "CVE-2018-16451", "CVE-2019-8853", "CVE-2018-16227", "CVE-2019-8837", "CVE-2018-14468", "CVE-2018-16228", "CVE-2019-8856", "CVE-2019-13565", "CVE-2018-14461", "CVE-2019-15903", "CVE-2018-14462", "CVE-2018-16230", "CVE-2018-14465", "CVE-2019-8839", "CVE-2019-15166", "CVE-2018-14464", "CVE-2019-15167", "CVE-2018-14881", "CVE-2019-8838"], "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra\n\nReleased December 10, 2019\n\n**ATS**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15\n\nImpact: A malicious application may be able to access restricted files\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2019-8837: Csaba Fitzl (@theevilbit)\n\nEntry updated December 18, 2019\n\n**Bluetooth**\n\nAvailable for: macOS Catalina 10.15\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2019-8853: Jianjun Dai of Qihoo 360 Alpha Lab\n\n**CallKit**\n\nAvailable for: macOS Catalina 10.15\n\nImpact: Calls made using Siri may be initiated using the wrong cellular plan on devices with two active plans\n\nDescription: An API issue existed in the handling of outgoing phone calls initiated with Siri. This issue was addressed with improved state handling.\n\nCVE-2019-8856: Fabrice TERRANCLE of TERRANCLE SARL\n\n**CFNetwork Proxies**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2019-8848: Zhuo Liang of Qihoo 360 Vulcan Team\n\nEntry updated December 18, 2019\n\n**CFNetwork**\n\nAvailable for: macOS Catalina 10.15\n\nImpact: An attacker in a privileged network position may be able to bypass HSTS for a limited number of specific top-level domains previously not in the HSTS preload list\n\nDescription: A configuration issue was addressed with additional restrictions.\n\nCVE-2019-8834: Rob Sayre (@sayrer)\n\nEntry added February 3, 2020\n\n**CUPS**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15\n\nImpact: In certain configurations, a remote attacker may be able to submit arbitrary print jobs\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2019-8842: Niky1235 of China Mobile\n\nEntry updated December 18, 2019\n\n**CUPS**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15\n\nImpact: An attacker in a privileged position may be able to perform a denial of service attack\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2019-8839: Stephan Zeisberg of Security Research Labs\n\nEntry updated December 18, 2019\n\n**FaceTime**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15\n\nImpact: Processing malicious video via FaceTime may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2019-8830: Natalie Silvanovich of Google Project Zero\n\nEntry updated December 18, 2019\n\n**IOGraphics**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15\n\nImpact: A Mac may not lock immediately upon wake\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2019-8851: Vladik Khononov of DoiT International\n\nEntry added February 3, 2020\n\n**Kernel**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed by removing the vulnerable code.\n\nCVE-2019-8833: Ian Beer of Google Project Zero\n\nEntry updated December 18, 2019\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2019-8828: Cim Stordal of Cognite\n\nCVE-2019-8838: Dr Silvio Cesare of InfoSect\n\nCVE-2019-8847: Apple\n\nCVE-2019-8852: pattern-f (@pattern_F_) of WaCai\n\n**libexpat**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15\n\nImpact: Parsing a maliciously crafted XML file may lead to disclosure of user information\n\nDescription: This issue was addressed by updating to expat version 2.2.8.\n\nCVE-2019-15903: Joonun Jang\n\nEntry updated December 18, 2019\n\n**Notes**\n\nAvailable for: macOS Catalina 10.15\n\nImpact: A remote attacker may be able to overwrite existing files\n\nDescription: A parsing issue in the handling of directory paths was addressed with improved path validation.\n\nCVE-2020-9782: Allison Husain of UC Berkeley\n\nEntry added April 4, 2020\n\n**OpenLDAP**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15\n\nImpact: Multiple issues in OpenLDAP\n\nDescription: Multiple issues were addressed by updating to OpenLDAP version 2.4.28.\n\nCVE-2012-1164\n\nCVE-2012-2668\n\nCVE-2013-4449\n\nCVE-2015-1545\n\nCVE-2019-13057\n\nCVE-2019-13565\n\nEntry updated February 3, 2020\n\n**Security**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2019-8832: Insu Yun of SSLab at Georgia Tech\n\n**tcpdump**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15\n\nImpact: Multiple issues in tcpdump\n\nDescription: Multiple issues were addressed by updating to tcpdump version 4.9.3 and libpcap version 1.9.1\n\nCVE-2017-16808\n\nCVE-2018-10103\n\nCVE-2018-10105\n\nCVE-2018-14461\n\nCVE-2018-14462\n\nCVE-2018-14463\n\nCVE-2018-14464\n\nCVE-2018-14465\n\nCVE-2018-14466\n\nCVE-2018-14467\n\nCVE-2018-14468\n\nCVE-2018-14469\n\nCVE-2018-14470\n\nCVE-2018-14879\n\nCVE-2018-14880\n\nCVE-2018-14881\n\nCVE-2018-14882\n\nCVE-2018-16227\n\nCVE-2018-16228\n\nCVE-2018-16229\n\nCVE-2018-16230\n\nCVE-2018-16300\n\nCVE-2018-16301\n\nCVE-2018-16451\n\nCVE-2018-16452\n\nCVE-2019-15166\n\nCVE-2019-15167\n\nEntry updated February 11, 2020\n\n**Wi-Fi**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6\n\nImpact: An attacker in Wi-Fi range may be able to view a small amount of network traffic\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2019-15126: Milos Cermak at ESET\n\nEntry added February 27, 2020\n\n![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png)\n\n## Additional recognition\n\n**Accounts**\n\nWe would like to acknowledge Allison Husain of UC Berkeley, Kishan Bagaria (KishanBagaria.com), Tom Snelling of Loughborough University for their assistance.\n\nEntry updated April 4, 2020\n\n**Core Data**\n\nWe would like to acknowledge Natalie Silvanovich of Google Project Zero for their assistance.\n\n**Finder**\n\nWe would like to acknowledge Csaba Fitzl (@theevilbit) for their assistance.\n\nEntry added December 18, 2019\n\n**Kernel**\n\nWe would like to acknowledge Daniel Roethlisberger of Swisscom CSIRT for their assistance.\n\nEntry added December 18, 2019\n", "edition": 4, "modified": "2020-11-12T07:38:35", "published": "2020-11-12T07:38:35", "id": "APPLE:HT210788", "href": "https://support.apple.com/kb/HT210788", "title": "About the security content of macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra - Apple Support", "type": "apple", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "hackerone": [{"lastseen": "2020-02-13T21:59:20", "bulletinFamily": "bugbounty", "bounty": 500.0, "cvelist": ["CVE-2018-14879"], "description": "The release of tcpdump 4.9.3 brought many bug fixes, including one I submitted, CVE-2018-14879.\n\n`The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file().`\n\n```\n==2288==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffe363769bf at pc 0x56336d544e69 bp 0x7ffe36376260 sp 0x7ffe36376258\nREAD of size 1 at 0x7ffe363769bf thread T0\n #0 0x56336d544e68 in get_next_file tcpdump.c:853\n #1 0x56336d53ab63 in main tcpdump.c:1956\n #2 0x7f83cae7c2e0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202e0)\n #3 0x56336d543169 in _start (/root/tcpdump/tcpdump+0x16d169)\n\nAddress 0x7ffe363769bf is located in stack of thread T0 at offset 1727 in frame\n #0 0x56336d53828f in main tcpdump.c:1411\n\n This frame has 15 object(s):\n [32, 36) 'localnet'\n [96, 100) 'netmask'\n [160, 168) 'endp'\n [224, 232) 'end'\n [288, 296) 'devlist'\n [352, 360) 'end'\n [416, 424) 'dlts'\n [480, 496) 'fcode'\n [544, 576) 'timer'\n [608, 648) 'dumpinfo'\n [704, 848) 'buf'\n [896, 1096) 'Ndo'\n [1152, 1408) 'ebuf'\n [1440, 1696) 'ebuf'\n [1728, 5825) 'VFileLine' <== Memory access at offset 1727 underflows this variable\nHINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext\n (longjmp and C++ exceptions *are* supported)\nSUMMARY: AddressSanitizer: stack-buffer-overflow tcpdump.c:853 in get_next_file\n```\n\nReported: 2018 May 14 (via email to security@tcpdump.org)\nFix Released: 2018 September 30\nCVE: https://nvd.nist.gov/vuln/detail/CVE-2018-14879\nCredit: https://www.tcpdump.org/public-cve-list.txt\n\n```\nCVSS v3.1 Severity and Metrics:\nBase Score: 9.8 CRITICAL\nVector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (V3.1 legend)\nImpact Score: 5.9\nExploitability Score: 3.9 \n```\n\n## Impact\n\nStack buffer overflow can be caused deliberately as part of an attack known as stack smashing. If the affected program is running with special privileges, or accepts data from untrusted network hosts (e.g. a webserver) then the bug is a potential security vulnerability. If the stack buffer is filled with data supplied from an untrusted user then that user can corrupt the stack in such a way as to inject executable code into the running program and take control of the process. This is one of the oldest and more reliable methods for attackers to gain unauthorized access to a computer.", "modified": "2020-02-13T21:26:24", "published": "2019-10-28T21:38:23", "id": "H1:724217", "href": "https://hackerone.com/reports/724217", "type": "hackerone", "title": "Data Processing (IBB): tcpdump: CVE-2018-14879 - buffer overflow in tcpdump.c:get_next_file()", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-13T21:59:20", "bulletinFamily": "bugbounty", "bounty": 500.0, "cvelist": ["CVE-2018-16229"], "description": "Tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option(). This vulnerability was disclosed to the tpcdump maintainers and was fixed in version 4.9.3 and disclosed as CVE-2018-16229.\n\nI was credited with finding and disclosing this vulnerability: https://www.tcpdump.org/public-cve-list.txt\n\n```\nCVE-2018-16229,tcpdump,dccp_options-oobr.pcap,\"Ryan Ackroyd\",2018/05/26,Y,211124b972e74f0da66bc8b16f181f78793e2f66,4.9.3,,\n```\n\nThis vulnerability was discovered in version 4.9.2 after compiling tcpdump with Address Sanitizer (ASAN) and fuzzing tcpdump with mutated packets. This vulnerability can be remotely exploited over the network by an attacker with no interaction needed from the victim.\n\nI have attached test-case \"fuzzer06:id:000018,sig:11,src:007353,op:havoc,rep:16\" as a Proof of Concept to this report.\n\nThis vulnerability can be triggered using the following command:\n\n```\ntcpdump -e -vvvv -H -u -nn -r fuzzer06:id:000018,sig:11,src:007353,op:havoc,rep:16\n```\n \nThe above command shows the following output from ASAN which notes this vulnerability as being a \"heap-buffer-overflow\":\n\n```\nreading from file fuzzer06:id:000018,sig:11,src:007353,op:havoc,rep:16, link-type EN10MB (Ethernet)\n17:59:25.816632 00:07:e9:bd:5d:1f > 00:14:22:59:55:51, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 65312, offset 0, flags [DF], proto DCCP (33), length 52)\n 139.133.209.176.39420 > 139.133.209.65.5001: DCCP (CCVal 0, CsCov 0, cksum 0xaaf3 (incorrect -> 0x8bf3)) DCCP-Request (service=-189888898) seq 8 <nop, nop, nop, nop, change_l ack_ratio 2, change_r ccid 2, change_l ccid 2>\n15:27:00.817006 00:14:22:59:55:51 > 00:07:e9:bd:5d:1f, ethertype IPv4 (0x0800), length 82: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto DCCP (33), length 68)\n 139.133.209.65.5001 > 139.133.209.176.39420: DCCP (CCVal 0, CsCov 0, ) DCCP-Response (service=0) (ack=38464816766) seq 1960341146 <nop, nop, change_l ack_ratio 2, [|dccp]>\n15:27:00.817125 00:07:e9:bd:00:1f > 00:14:22:59:55:51, ethertype IPv4 (0x0800), length 32582: (tos 0x0, ttl 64, id 65313, offset 0, flags [DF], proto DCCP (33), length 56)\n=================================================================\n==5790==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf4a01bf4 at pc 0x080fd4b6 bp 0xfff8c088 sp 0xfff8c078\nREAD of size 4 at 0xf4a01bf4 thread T0\n #0 0x80fd4b5 in EXTRACT_32BITS extract.h:190\n #1 0x80fd4b5 in dccp_print_option print-dccp.c:633\n #2 0x80fd4b5 in dccp_print print-dccp.c:496\n #3 0x816e21a in ip_print_demux print-ip.c:391\n #4 0x816e21a in ip_print print-ip.c:673\n #5 0x8124f70 in ethertype_print print-ether.c:333\n #6 0x8126065 in ether_print print-ether.c:236\n #7 0x80844b4 in pretty_print_packet print.c:332\n #8 0x8065ce8 in print_packet tcpdump.c:2497\n #9 0x83fcb6a in pcap_offline_read savefile.c:527\n #10 0x8346bfe in pcap_loop pcap.c:890\n #11 0x805afb8 in main tcpdump.c:2000\n #12 0xf6fda636 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x18636)\n #13 0x806226a (/home/user/targets/builds33/tcpdump-4.9.2/tcpdump+0x806226a)\n\n0xf4a01bf6 is located 0 bytes to the right of 70-byte region [0xf4a01bb0,0xf4a01bf6)\nallocated by thread T0 here:\n #0 0xf720edee in malloc (/usr/lib32/libasan.so.2+0x96dee)\n #1 0x8400752 in pcap_check_header sf-pcap.c:401\n\nSUMMARY: AddressSanitizer: heap-buffer-overflow extract.h:190 EXTRACT_32BITS\nShadow bytes around the buggy address:\n 0x3e940320: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x3e940330: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x3e940340: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x3e940350: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x3e940360: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n=>0x3e940370: fa fa fa fa fa fa 00 00 00 00 00 00 00 00[06]fa\n 0x3e940380: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x3e940390: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x3e9403a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x3e9403b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x3e9403c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\nShadow byte legend (one shadow byte represents 8 application bytes):\n Addressable: 00\n Partially addressable: 01 02 03 04 05 06 07 \n Heap left redzone: fa\n Heap right redzone: fb\n Freed heap region: fd\n Stack left redzone: f1\n Stack mid redzone: f2\n Stack right redzone: f3\n Stack partial redzone: f4\n Stack after return: f5\n Stack use after scope: f8\n Global redzone: f9\n Global init order: f6\n Poisoned by user: f7\n Container overflow: fc\n Array cookie: ac\n Intra object redzone: bb\n ASan internal: fe\n==5790==ABORTING\n```\n\nMore information about this vulnerability can be found in the following locations:\n\nNVD: https://nvd.nist.gov/vuln/detail/CVE-2018-16229\nCVE: https://www.cvedetails.com/cve/CVE-2018-16229/\nMITRE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16229\n\n## Impact\n\nThis vulnerability leads to significant information disclosure and allows an attacker to remotely modify system files. An attacker is easily able to exploit this vulnerability remotely across a network without interaction from the victim. \n\n CVSS v3.1 Severity and Metrics:\n\nBase Score: 9.8 CRITICAL\nVector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (V3.1 legend)\nImpact Score: 5.9\nExploitability Score: 3.9\n\nAttack Vector (AV): Network\nAttack Complexity (AC): Low\nPrivileges Required (PR): None\nUser Interaction (UI): None\nScope (S): Unchanged\nConfidentiality (C): High\nIntegrity (I): High\nAvailability (A): High", "modified": "2020-02-13T21:28:05", "published": "2019-10-28T23:36:59", "id": "H1:724253", "href": "https://hackerone.com/reports/724253", "type": "hackerone", "title": "Data Processing (IBB): Tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option() (CVE-2018-16229)", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-02-13T21:59:20", "bulletinFamily": "bugbounty", "bounty": 500.0, "cvelist": ["CVE-2018-16227"], "description": "Versions of tcpdump before 4.9.3 are vulnerable to a buffer over-read in print-802_11.c. This vulnerability was disclosed to the tcpdump maintainers and was recently patched in version 4.9.3 and disclosed as (CVE-2018-16227).\n\nI was credited with finding and disclosing this vulnerability: https://www.tcpdump.org/public-cve-list.txt\n```\nCVE-2018-16227,tcpdump,ieee802.11_meshhdr-oobr.pcap,\"Ryan Ackroyd\",2018/05/26,Y,4846b3c5d0a850e860baf4f07340495d29837d09,4.9.3,,\n```\nThis vulnerability was found and tested on tcpdump 4.9.2 after compiling tcpdump with Address Sanitizer (ASAN) support and fuzzing tcpdump with mutated packets, I have attached a working test-case as a Proof of Concept to this report named \"fuzzer06:id:000021,sig:11,src:008627,op:havoc,rep:2\". \n\nThis vulnerability can be triggered using the following command: \n\n```\ntcpdump -e -vvvv -H -u -nn -r fuzzer06:id:000021,sig:11,src:008627,op:havoc,rep:2\n```\n\nThe above command produces the following output, ASAN marks this as a \"heap-buffer-overflow \":\n\n```\nreading from file fuzzer06:id:000021,sig:11,src:008627,op:havoc,rep:2, link-type IEEE802_11_RADIO (802.11 plus radiotap header)\n12:05:07.276297 15738588889088us tsft 4096 MHz 11n 19dBm signal antenna 20 52.0 Mb/s MCS 25 20 MHz long GI LDPC FEC More Data 44us BSSID:20:7c:8f:50:3f:3a DA:68:a3:c4:03:46:da SA:20:7c:8f:50:3f:3a ReAssoc Request[|802.11]\n=================================================================\n==5793==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf4a01801 at pc 0x08090ae9 bp 0xffc10aa8 sp 0xffc10a98\nREAD of size 1 at 0xf4a01801 thread T0\n #0 0x8090ae8 in ctrl_body_print print-802_11.c:1676\n #1 0x8090ae8 in ieee802_11_print print-802_11.c:2092\n #2 0x809297b in ieee802_11_radio_print print-802_11.c:3257\n #3 0x809297b in ieee802_11_radio_if_print print-802_11.c:3352\n #4 0x80844b4 in pretty_print_packet print.c:332\n #5 0x8065ce8 in print_packet tcpdump.c:2497\n #6 0x83fcb6a in pcap_offline_read savefile.c:527\n #7 0x8346bfe in pcap_loop pcap.c:890\n #8 0x805afb8 in main tcpdump.c:2000\n #9 0xf700a636 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x18636)\n #10 0x806226a (/home/user/targets/builds33/tcpdump-4.9.2/tcpdump+0x806226a)\n\n0xf4a01801 is located 1 bytes to the right of 64-byte region [0xf4a017c0,0xf4a01800)\nallocated by thread T0 here:\n #0 0xf723edee in malloc (/usr/lib32/libasan.so.2+0x96dee)\n #1 0x8400752 in pcap_check_header sf-pcap.c:401\n\nSUMMARY: AddressSanitizer: heap-buffer-overflow print-802_11.c:1676 ctrl_body_print\nShadow bytes around the buggy address:\n 0x3e9402b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x3e9402c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x3e9402d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x3e9402e0: fa fa fa fa fa fa fa fa fa fa fa fa fd fd fd fd\n 0x3e9402f0: fd fd fd fd fa fa fa fa 00 00 00 00 00 00 00 00\n=>0x3e940300:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x3e940310: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x3e940320: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x3e940330: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x3e940340: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n 0x3e940350: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\nShadow byte legend (one shadow byte represents 8 application bytes):\n Addressable: 00\n Partially addressable: 01 02 03 04 05 06 07 \n Heap left redzone: fa\n Heap right redzone: fb\n Freed heap region: fd\n Stack left redzone: f1\n Stack mid redzone: f2\n Stack right redzone: f3\n Stack partial redzone: f4\n Stack after return: f5\n Stack use after scope: f8\n Global redzone: f9\n Global init order: f6\n Poisoned by user: f7\n Container overflow: fc\n Array cookie: ac\n Intra object redzone: bb\n ASan internal: fe\n==5793==ABORTING\n```\n\nMore information about this vulnerability can be found in the following locations: \n\nNVD: https://nvd.nist.gov/vuln/detail/CVE-2018-16227\nCVE details: https://www.cvedetails.com/cve/CVE-2018-16227/\n\n## Impact\n\nThis vulnerability can lead to significant information disclosure and allow an attacker to modify system files remotely, across a network with no interaction from the victim.\n\nCVSS v3.1 Severity and Metrics:\n\nBase Score: 9.8 CRITICAL\nVector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (V3.1 legend)\nImpact Score: 5.9\nExploitability Score: 3.9\n\nAttack Vector (AV): Network\nAttack Complexity (AC): Low\nPrivileges Required (PR): None\nUser Interaction (UI): None\nScope (S): Unchanged\nConfidentiality (C): High\nIntegrity (I): High\nAvailability (A): High", "modified": "2020-02-13T21:27:26", "published": "2019-10-28T23:03:20", "id": "H1:724243", "href": "https://hackerone.com/reports/724243", "type": "hackerone", "title": "Data Processing (IBB): Tcpdump before 4.9.3 has a buffer over-read in print-802_11.c (CVE-2018-16227)", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}]}