MiracleLinux 7 : tcpdump-4.9.0-5.el7 (AXSA:2017-1761:01)

🗓️ 16 Jan 2026 00:00:00Reported by TenableType

MiracleLinux 7 host with tcpdump 4.9.0-5.el7 is affected by AXSA-2017-1761:01 and multiple CVEs.

Reporter	Title	Published	Views	Family All 915
0day.today	TcpDump rpki_rtr_pdu_print Out-of-Bounds Denial of Service Exploit	21 Jul 201500:00	–	zdt
IBM Security Bulletins	Security Bulletin: Vulnerabilities in tcpdump affect PowerKVM	18 Jun 201801:38	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in tcpdump affect IBM Flex System Chassis Management Module (CMM)	31 Jan 201902:25	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple tcpdump vulnerabilities	18 Jun 201801:35	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar Network Security is affected by vulnerabilities in tcpdump	16 Jun 201822:02	–	ibm
GithubExploit	Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Tcpdump	27 Aug 201517:21	–	githubexploit
Amazon	Medium: tcpdump	7 Jul 201500:00	–	amazon
Tenable Nessus	Amazon Linux AMI : tcpdump (ALAS-2015-557)	8 Jul 201500:00	–	nessus
Tenable Nessus	CentOS 7 : tcpdump (CESA-2017:1871)	25 Aug 201700:00	–	nessus
Tenable Nessus	Debian DLA-174-1 : tcpdump security update	26 Mar 201500:00	–	nessus

Source	Link
tsn	www.tsn.miraclelinux.com/en/node/8194
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Miracle Linux Security Advisory AXSA:2017-1761:01.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(289256);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/16");

  script_cve_id(
    "CVE-2015-0261",
    "CVE-2015-2153",
    "CVE-2015-2154",
    "CVE-2015-2155",
    "CVE-2016-7922",
    "CVE-2016-7923",
    "CVE-2016-7924",
    "CVE-2016-7925",
    "CVE-2016-7926",
    "CVE-2016-7927",
    "CVE-2016-7928",
    "CVE-2016-7929",
    "CVE-2016-7930",
    "CVE-2016-7931",
    "CVE-2016-7932",
    "CVE-2016-7933",
    "CVE-2016-7934",
    "CVE-2016-7935",
    "CVE-2016-7936",
    "CVE-2016-7937",
    "CVE-2016-7938",
    "CVE-2016-7939",
    "CVE-2016-7940",
    "CVE-2016-7973",
    "CVE-2016-7974",
    "CVE-2016-7975",
    "CVE-2016-7983",
    "CVE-2016-7984",
    "CVE-2016-7985",
    "CVE-2016-7986",
    "CVE-2016-7992",
    "CVE-2016-7993",
    "CVE-2016-8574",
    "CVE-2016-8575",
    "CVE-2017-5202",
    "CVE-2017-5203",
    "CVE-2017-5204",
    "CVE-2017-5205",
    "CVE-2017-5341",
    "CVE-2017-5342",
    "CVE-2017-5482",
    "CVE-2017-5483",
    "CVE-2017-5484",
    "CVE-2017-5485",
    "CVE-2017-5486"
  );

  script_name(english:"MiracleLinux 7 : tcpdump-4.9.0-5.el7 (AXSA:2017-1761:01)");

  script_set_attribute(attribute:"synopsis", value:
"The remote MiracleLinux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the
AXSA:2017-1761:01 advisory.

    Tcpdump is a command-line tool for monitoring network traffic.
    Tcpdump can capture and display the packet headers on a particular
    network interface or on all interfaces.  Tcpdump can display all of
    the packet headers, or just the ones that match particular criteria.
    Install tcpdump if you need a program to monitor network traffic.
    CVE-2015-0261
    Integer signedness error in the mobility_opt_print function in the
    IPv6 mobility printer in tcpdump before 4.7.2 allows remote attackers
    to cause a denial of service (out-of-bounds read and crash) or
    possibly execute arbitrary code via a negative length value.
    CVE-2015-2153
    The rpki_rtr_pdu_print function in print-rpki-rtr.c in the TCP printer
    in tcpdump before 4.7.2 allows remote attackers to cause a denial of
    service (out-of-bounds read or write and crash) via a crafted header
    length in an RPKI-RTR Protocol Data Unit (PDU).
    CVE-2015-2154
    The osi_print_cksum function in print-isoclns.c in the ethernet
    printer in tcpdump before 4.7.2 allows remote attackers to cause a
    denial of service (out-of-bounds read and crash) via a crafted (1)
    length, (2) offset, or (3) base pointer checksum value.
    CVE-2015-2155
    The force printer in tcpdump before 4.7.2 allows remote attackers to
    cause a denial of service (crash) and possibly execute arbitrary code
    via unspecified vectors.
    CVE-2016-7922
    The AH parser in tcpdump before 4.9.0 has a buffer overflow in
    print-ah.c:ah_print().
    CVE-2016-7923
    The ARP parser in tcpdump before 4.9.0 has a buffer overflow in
    print-arp.c:arp_print().
    CVE-2016-7924
    The ATM parser in tcpdump before 4.9.0 has a buffer overflow in
    print-atm.c:oam_print().
    CVE-2016-7925
    The compressed SLIP parser in tcpdump before 4.9.0 has a buffer
    overflow in print-sl.c:sl_if_print().
    CVE-2016-7926
    The Ethernet parser in tcpdump before 4.9.0 has a buffer overflow in
    print-ether.c:ethertype_print().
    CVE-2016-7927
    The IEEE 802.11 parser in tcpdump before 4.9.0 has a buffer overflow in
    print-802_11.c:ieee802_11_radio_print().
    CVE-2016-7928
    The IPComp parser in tcpdump before 4.9.0 has a buffer overflow in
    print-ipcomp.c:ipcomp_print().
    CVE-2016-7929
    The Juniper PPPoE ATM parser in tcpdump before 4.9.0 has a buffer
    overflow in print-juniper.c:juniper_parse_header().
    CVE-2016-7930
    The LLC/SNAP parser in tcpdump before 4.9.0 has a buffer overflow in
    print-llc.c:llc_print().
    CVE-2016-7931
    The MPLS parser in tcpdump before 4.9.0 has a buffer overflow in
    print-mpls.c:mpls_print().
    CVE-2016-7932
    The PIM parser in tcpdump before 4.9.0 has a buffer overflow in
    print-pim.c:pimv2_check_checksum().
    CVE-2016-7933
    The PPP parser in tcpdump before 4.9.0 has a buffer overflow in
    print-ppp.c:ppp_hdlc_if_print().
    CVE-2016-7934
    The RTCP parser in tcpdump before 4.9.0 has a buffer overflow in
    print-udp.c:rtcp_print().
    CVE-2016-7935
    The RTP parser in tcpdump before 4.9.0 has a buffer overflow in
    print-udp.c:rtp_print().
    CVE-2016-7936
    The UDP parser in tcpdump before 4.9.0 has a buffer overflow in
    print-udp.c:udp_print().
    CVE-2016-7937
    The VAT parser in tcpdump before 4.9.0 has a buffer overflow in
    print-udp.c:vat_print().
    CVE-2016-7938
    The ZeroMQ parser in tcpdump before 4.9.0 has an integer overflow in
    print-zeromq.c:zmtp1_print_frame().
    CVE-2016-7939
    The GRE parser in tcpdump before 4.9.0 has a buffer overflow in
    print-gre.c, multiple functions.
    CVE-2016-7940
    The STP parser in tcpdump before 4.9.0 has a buffer overflow in
    print-stp.c, multiple functions.
    CVE-2016-7973
    The AppleTalk parser in tcpdump before 4.9.0 has a buffer overflow in
    print-atalk.c, multiple functions.
    CVE-2016-7974
    The IP parser in tcpdump before 4.9.0 has a buffer overflow in
    print-ip.c, multiple functions.
    CVE-2016-7975
    The TCP parser in tcpdump before 4.9.0 has a buffer overflow in
    print-tcp.c:tcp_print().
    CVE-2016-7983
    The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in
    print-bootp.c:bootp_print().
    CVE-2016-7984
    The TFTP parser in tcpdump before 4.9.0 has a buffer overflow in
    print-tftp.c:tftp_print().
    CVE-2016-7985
    The CALM FAST parser in tcpdump before 4.9.0 has a buffer overflow in
    print-calm-fast.c:calm_fast_print().
    CVE-2016-7986
    The GeoNetworking parser in tcpdump before 4.9.0 has a buffer overflow
    in print-geonet.c, multiple functions.
    CVE-2016-7992
    The Classical IP over ATM parser in tcpdump before 4.9.0 has a buffer
    overflow in print-cip.c:cip_if_print().
    CVE-2016-7993
    A bug in util-print.c:relts_print() in tcpdump before 4.9.0 could cause
    a buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP,
    lightweight resolver protocol, PIM).
    CVE-2016-8574
    The FRF.15 parser in tcpdump before 4.9.0 has a buffer overflow in
    print-fr.c:frf15_print().
    CVE-2016-8575
    The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in
    print-fr.c:q933_print(), a different vulnerability than CVE-2017-5482.
    CVE-2017-5202
    The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in
    print-isoclns.c:clnp_print().
    CVE-2017-5203
    The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in
    print-bootp.c:bootp_print().
    CVE-2017-5204
    The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in
    print-ip6.c:ip6_print().
    CVE-2017-5205
    The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in
    print-isakmp.c:ikev2_e_print().
    CVE-2017-5341
    The OTV parser in tcpdump before 4.9.0 has a buffer overflow in
    print-otv.c:otv_print().
    CVE-2017-5342
    In tcpdump before 4.9.0, a bug in multiple protocol parsers (Geneve,
    GRE, NSH, OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in
    print-ether.c:ether_print().
    CVE-2017-5482
    The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in
    print-fr.c:q933_print(), a different vulnerability than CVE-2016-8575.
    CVE-2017-5483
    The SNMP parser in tcpdump before 4.9.0 has a buffer overflow in
    print-snmp.c:asn1_parse().
    CVE-2017-5484
    The ATM parser in tcpdump before 4.9.0 has a buffer overflow in
    print-atm.c:sig_print().
    CVE-2017-5485
    The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in
    addrtoname.c:lookup_nsap().
    CVE-2017-5486
    The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in
    print-isoclns.c:clnp_print().

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://tsn.miraclelinux.com/en/node/8194");
  script_set_attribute(attribute:"solution", value:
"Update the affected tcpdump package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-5486");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"vendor_severity", value:"Moderate");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/03/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/08/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:tcpdump");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:miracle:linux:7");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Miracle Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/MiracleLinux/release", "Host/MiracleLinux/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'MIRACLE LINUX' >!< os_product) audit(AUDIT_OS_NOT, 'MIRACLE LINUX');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'MIRACLE LINUX');
if (! preg(pattern:"^7([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'MiracleLinux 7.x', 'MIRACLE LINUX ' + os_version);

if (!get_kb_item('Host/MiracleLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'MIRACLE LINUX', cpu);

var constraints = [
  {
    'release': '7',
    'pkgs': [
      {'reference':'tcpdump-4.9.0-5.el7', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}
if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'tcpdump');
}

16 Jan 2026 00:00Current

8.5High risk

Vulners AI Score8.5

CVSS 27.5

CVSS 39.8

EPSS0.11322