This update for tcpdump and libpcap fixes critical security issues including multiple buffer overflows, and updates tcpdump to version 4.9.0 and libpcap to version 1.8.
Reporter | Title | Published | Views | Family All 199 |
---|---|---|---|---|
Oracle linux | tcpdump security, bug fix, and enhancement update | 7 Aug 201700:00 | – | oraclelinux |
Tenable Nessus | EulerOS 2.0 SP2 : tcpdump (EulerOS-SA-2017-1180) | 8 Sep 201700:00 | – | nessus |
Tenable Nessus | Oracle Linux 7 : tcpdump (ELSA-2017-1871) | 9 Aug 201700:00 | – | nessus |
Tenable Nessus | CentOS 7 : tcpdump (CESA-2017:1871) | 25 Aug 201700:00 | – | nessus |
Tenable Nessus | RHEL 7 : tcpdump (RHSA-2017:1871) | 3 Aug 201700:00 | – | nessus |
Tenable Nessus | Scientific Linux Security Update : tcpdump on SL7.x x86_64 (20170801) | 22 Aug 201700:00 | – | nessus |
Tenable Nessus | EulerOS 2.0 SP1 : tcpdump (EulerOS-SA-2017-1179) | 8 Sep 201700:00 | – | nessus |
Tenable Nessus | Ubuntu 14.04 LTS / 16.04 LTS : tcpdump vulnerabilities (USN-3205-1) | 22 Feb 201700:00 | – | nessus |
Tenable Nessus | Debian DLA-809-1 : tcpdump security update | 31 Jan 201700:00 | – | nessus |
Tenable Nessus | Debian DSA-3775-1 : tcpdump - security update | 30 Jan 201700:00 | – | nessus |
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2017-557.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(100040);
script_version("3.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2014-8767", "CVE-2014-8768", "CVE-2014-8769", "CVE-2015-0261", "CVE-2015-2153", "CVE-2015-2154", "CVE-2015-2155", "CVE-2015-3138", "CVE-2016-7922", "CVE-2016-7923", "CVE-2016-7924", "CVE-2016-7925", "CVE-2016-7926", "CVE-2016-7927", "CVE-2016-7928", "CVE-2016-7929", "CVE-2016-7930", "CVE-2016-7931", "CVE-2016-7932", "CVE-2016-7933", "CVE-2016-7934", "CVE-2016-7935", "CVE-2016-7936", "CVE-2016-7937", "CVE-2016-7938", "CVE-2016-7939", "CVE-2016-7940", "CVE-2016-7973", "CVE-2016-7974", "CVE-2016-7975", "CVE-2016-7983", "CVE-2016-7984", "CVE-2016-7985", "CVE-2016-7986", "CVE-2016-7992", "CVE-2016-7993", "CVE-2016-8574", "CVE-2016-8575", "CVE-2017-5202", "CVE-2017-5203", "CVE-2017-5204", "CVE-2017-5205", "CVE-2017-5341", "CVE-2017-5342", "CVE-2017-5482", "CVE-2017-5483", "CVE-2017-5484", "CVE-2017-5485", "CVE-2017-5486");
script_name(english:"openSUSE Security Update : tcpdump / libpcap (openSUSE-2017-557)");
script_summary(english:"Check for the openSUSE-2017-557 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"This update for tcpdump to version 4.9.0 and libpcap to version 1.8.1
fixes the several issues.
These security issues were fixed in tcpdump :
- CVE-2016-7922: The AH parser in tcpdump had a buffer
overflow in print-ah.c:ah_print() (bsc#1020940).
- CVE-2016-7923: The ARP parser in tcpdump had a buffer
overflow in print-arp.c:arp_print() (bsc#1020940).
- CVE-2016-7924: The ATM parser in tcpdump had a buffer
overflow in print-atm.c:oam_print() (bsc#1020940).
- CVE-2016-7925: The compressed SLIP parser in tcpdump had
a buffer overflow in print-sl.c:sl_if_print()
(bsc#1020940).
- CVE-2016-7926: The Ethernet parser in tcpdump had a
buffer overflow in print-ether.c:ethertype_print()
(bsc#1020940).
- CVE-2016-7927: The IEEE 802.11 parser in tcpdump had a
buffer overflow in
print-802_11.c:ieee802_11_radio_print() (bsc#1020940).
- CVE-2016-7928: The IPComp parser in tcpdump had a buffer
overflow in print-ipcomp.c:ipcomp_print() (bsc#1020940).
- CVE-2016-7929: The Juniper PPPoE ATM parser in tcpdump
had a buffer overflow in
print-juniper.c:juniper_parse_header() (bsc#1020940).
- CVE-2016-7930: The LLC/SNAP parser in tcpdump had a
buffer overflow in print-llc.c:llc_print()
(bsc#1020940).
- CVE-2016-7931: The MPLS parser in tcpdump had a buffer
overflow in print-mpls.c:mpls_print() (bsc#1020940).
- CVE-2016-7932: The PIM parser in tcpdump had a buffer
overflow in print-pim.c:pimv2_check_checksum()
(bsc#1020940).
- CVE-2016-7933: The PPP parser in tcpdump had a buffer
overflow in print-ppp.c:ppp_hdlc_if_print()
(bsc#1020940).
- CVE-2016-7934: The RTCP parser in tcpdump had a buffer
overflow in print-udp.c:rtcp_print() (bsc#1020940).
- CVE-2016-7935: The RTP parser in tcpdump had a buffer
overflow in print-udp.c:rtp_print() (bsc#1020940).
- CVE-2016-7936: The UDP parser in tcpdump had a buffer
overflow in print-udp.c:udp_print() (bsc#1020940).
- CVE-2016-7937: The VAT parser in tcpdump had a buffer
overflow in print-udp.c:vat_print() (bsc#1020940).
- CVE-2016-7938: The ZeroMQ parser in tcpdump had an
integer overflow in print-zeromq.c:zmtp1_print_frame()
(bsc#1020940).
- CVE-2016-7939: The GRE parser in tcpdump had a buffer
overflow in print-gre.c, multiple functions
(bsc#1020940).
- CVE-2016-7940: The STP parser in tcpdump had a buffer
overflow in print-stp.c, multiple functions
(bsc#1020940).
- CVE-2016-7973: The AppleTalk parser in tcpdump had a
buffer overflow in print-atalk.c, multiple functions
(bsc#1020940).
- CVE-2016-7974: The IP parser in tcpdump had a buffer
overflow in print-ip.c, multiple functions
(bsc#1020940).
- CVE-2016-7975: The TCP parser in tcpdump had a buffer
overflow in print-tcp.c:tcp_print() (bsc#1020940).
- CVE-2016-7983: The BOOTP parser in tcpdump had a buffer
overflow in print-bootp.c:bootp_print() (bsc#1020940).
- CVE-2016-7984: The TFTP parser in tcpdump had a buffer
overflow in print-tftp.c:tftp_print() (bsc#1020940).
- CVE-2016-7985: The CALM FAST parser in tcpdump had a
buffer overflow in print-calm-fast.c:calm_fast_print()
(bsc#1020940).
- CVE-2016-7986: The GeoNetworking parser in tcpdump had a
buffer overflow in print-geonet.c, multiple functions
(bsc#1020940).
- CVE-2016-7992: The Classical IP over ATM parser in
tcpdump had a buffer overflow in
print-cip.c:cip_if_print() (bsc#1020940).
- CVE-2016-7993: A bug in util-print.c:relts_print() in
tcpdump could cause a buffer overflow in multiple
protocol parsers (DNS, DVMRP, HSRP, IGMP, lightweight
resolver protocol, PIM) (bsc#1020940).
- CVE-2016-8574: The FRF.15 parser in tcpdump had a buffer
overflow in print-fr.c:frf15_print() (bsc#1020940).
- CVE-2016-8575: The Q.933 parser in tcpdump had a buffer
overflow in print-fr.c:q933_print(), a different
vulnerability than CVE-2017-5482 (bsc#1020940).
- CVE-2017-5202: The ISO CLNS parser in tcpdump had a
buffer overflow in print-isoclns.c:clnp_print()
(bsc#1020940).
- CVE-2017-5203: The BOOTP parser in tcpdump had a buffer
overflow in print-bootp.c:bootp_print() (bsc#1020940).
- CVE-2017-5204: The IPv6 parser in tcpdump had a buffer
overflow in print-ip6.c:ip6_print() (bsc#1020940).
- CVE-2017-5205: The ISAKMP parser in tcpdump had a buffer
overflow in print-isakmp.c:ikev2_e_print()
(bsc#1020940).
- CVE-2017-5341: The OTV parser in tcpdump had a buffer
overflow in print-otv.c:otv_print() (bsc#1020940).
- CVE-2017-5342: In tcpdump a bug in multiple protocol
parsers (Geneve, GRE, NSH, OTV, VXLAN and VXLAN GPE)
could cause a buffer overflow in
print-ether.c:ether_print() (bsc#1020940).
- CVE-2017-5482: The Q.933 parser in tcpdump had a buffer
overflow in print-fr.c:q933_print(), a different
vulnerability than CVE-2016-8575 (bsc#1020940).
- CVE-2017-5483: The SNMP parser in tcpdump had a buffer
overflow in print-snmp.c:asn1_parse() (bsc#1020940).
- CVE-2017-5484: The ATM parser in tcpdump had a buffer
overflow in print-atm.c:sig_print() (bsc#1020940).
- CVE-2017-5485: The ISO CLNS parser in tcpdump had a
buffer overflow in addrtoname.c:lookup_nsap()
(bsc#1020940).
- CVE-2017-5486: The ISO CLNS parser in tcpdump had a
buffer overflow in print-isoclns.c:clnp_print()
(bsc#1020940).
- CVE-2015-3138: Fixed potential denial of service in
print-wb.c (bsc#927637).
- CVE-2015-0261: Integer signedness error in the
mobility_opt_print function in the IPv6 mobility printer
in tcpdump allowed remote attackers to cause a denial of
service (out-of-bounds read and crash) or possibly
execute arbitrary code via a negative length value
(bsc#922220).
- CVE-2015-2153: The rpki_rtr_pdu_print function in
print-rpki-rtr.c in the TCP printer in tcpdump allowed
remote attackers to cause a denial of service
(out-of-bounds read or write and crash) via a crafted
header length in an RPKI-RTR Protocol Data Unit (PDU)
(bsc#922221).
- CVE-2015-2154: The osi_print_cksum function in
print-isoclns.c in the ethernet printer in tcpdump
allowed remote attackers to cause a denial of service
(out-of-bounds read and crash) via a crafted (1) length,
(2) offset, or (3) base pointer checksum value
(bsc#922222).
- CVE-2015-2155: The force printer in tcpdump allowed
remote attackers to cause a denial of service (crash)
and possibly execute arbitrary code via unspecified
vectors (bsc#922223).
- CVE-2014-8767: Integer underflow in the olsr_print
function in tcpdump 3.9.6 when in verbose mode, allowed
remote attackers to cause a denial of service (crash)
via a crafted length value in an OLSR frame
(bsc#905870).
- CVE-2014-8768: Multiple Integer underflows in the
geonet_print function in tcpdump when run in verbose
mode, allowed remote attackers to cause a denial of
service (segmentation fault and crash) via a crafted
length value in a Geonet frame (bsc#905871).
- CVE-2014-8769: tcpdump might have allowed remote
attackers to obtain sensitive information from memory or
cause a denial of service (packet loss or segmentation
fault) via a crafted Ad hoc On-Demand Distance Vector
(AODV) packet, which triggers an out-of-bounds memory
access (bsc#905872).
These non-security issues were fixed in tcpdump :
- PPKI to Router Protocol: Fix Segmentation Faults and
other problems
- RPKI to Router Protocol: print strings with fn_printn()
- Added a short option '#', same as long option '--number'
- nflog, mobile, forces, pptp, AODV, AHCP, IPv6, OSPFv4,
RPL, DHCPv6 enhancements/fixes
- M3UA decode added.
- Added bittok2str().
- A number of unaligned access faults fixed
- The -A flag does not consider CR to be printable anymore
- fx.lebail took over coverity baby sitting
- Default snapshot size increased to 256K for accomodate
USB captures
These non-security issues were fixed in libpcap :
- Provide a -devel-static subpackage that contains the
static libraries and all the extra dependencies which
are not needed for dynamic linking.
- Fix handling of packet count in the TPACKET_V3 inner
loop
- Filter out duplicate looped back CAN frames.
- Fix the handling of loopback filters for IPv6 packets.
- Add a link-layer header type for RDS (IEC 62106) groups.
- Handle all CAN captures with pcap-linux.c, in cooked
mode.
- Removes the need for the 'host-endian' link-layer header
type.
- Have separate DLTs for big-endian and host-endian
SocketCAN headers.
- Properly check for sock_recv() errors.
- Re-impose some of Winsock's limitations on sock_recv().
- Replace sprintf() with pcap_snprintf().
- Fix signature of pcap_stats_ex_remote().
- Have rpcap_remoteact_getsock() return a SOCKET and
supply an 'is active' flag.
- Clean up (DAG, Septel, Myricom SNF)-only builds.
- pcap_create_interface() needs the interface name on
Linux.
- Clean up hardware time stamp support: the 'any' device
does not support any time stamp types.
- Recognize 802.1ad nested VLAN tag in vlan filter.
- Support for filtering Geneve encapsulated packets.
- Fix handling of zones for BPF on Solaris
- Added bpf_filter1() with extensions
- EBUSY can now be returned by SNFv3 code.
- Don't crash on filters testing a non-existent link-layer
type field.
- Fix sending in non-blocking mode on Linux with
memory-mapped capture.
- Fix timestamps when reading pcap-ng files on big-endian
machines.
- Fixes for byte order issues with NFLOG captures
- Handle using cooked mode for DLT_NETLINK in
activate_new().
This update was imported from the SUSE:SLE-12:Update update project."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1020940"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1035686"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=905870"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=905871"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=905872"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=922220"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=922221"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=922222"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=922223"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=927637"
);
# https://features.opensuse.org/322955
script_set_attribute(
attribute:"see_also",
value:"https://features.opensuse.org/"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected tcpdump / libpcap packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpcap-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpcap-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpcap-devel-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpcap-devel-static");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpcap1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpcap1-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpcap1-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpcap1-debuginfo-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tcpdump");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tcpdump-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tcpdump-debugsource");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.1");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2");
script_set_attribute(attribute:"vuln_publication_date", value:"2014/11/20");
script_set_attribute(attribute:"patch_publication_date", value:"2017/05/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/05/09");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE42\.1|SUSE42\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.1 / 42.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE42.1", reference:"libpcap-debugsource-1.8.1-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libpcap-devel-1.8.1-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libpcap-devel-static-1.8.1-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libpcap1-1.8.1-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libpcap1-debuginfo-1.8.1-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"tcpdump-4.9.0-7.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"tcpdump-debuginfo-4.9.0-7.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"tcpdump-debugsource-4.9.0-7.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libpcap-devel-32bit-1.8.1-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libpcap1-32bit-1.8.1-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libpcap1-debuginfo-32bit-1.8.1-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"libpcap-debugsource-1.8.1-7.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"libpcap-devel-1.8.1-7.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"libpcap-devel-static-1.8.1-7.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"libpcap1-1.8.1-7.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"libpcap1-debuginfo-1.8.1-7.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libpcap-devel-32bit-1.8.1-7.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libpcap1-32bit-1.8.1-7.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libpcap1-debuginfo-32bit-1.8.1-7.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"tcpdump-4.9.0-6.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"tcpdump-debuginfo-4.9.0-6.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"tcpdump-debugsource-4.9.0-6.3.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libpcap-debugsource / libpcap-devel / libpcap-devel-32bit / etc");
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo