Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT_UNPATCHED-TCPDUMP-RHEL6.NASL
HistoryMay 11, 2024 - 12:00 a.m.

RHEL 6 : tcpdump (Unpatched Vulnerability)

2024-05-1100:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
3
redhat
enterprise
linux
6
tcpdump
vulnerability
smb
ah
buffer overflow
arp
atm
ethernet
ieee 802.11
ipcomp
juniper pppoe atm
llc
snap
mpls
pim
ppp
rtcp
rtp
udp
vat
zeromq
gre
stp
appletalk
ip
tcp
bootp
tftp
calm fast
geonetworking
classical ip
bug
frf.15
q.933

7.9 High

AI Score

Confidence

High

0.378 Low

EPSS

Percentile

97.2%

JSON

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  • tcpdump: SMB data printing mishandled (CVE-2018-10105)

  • The AH parser in tcpdump before 4.9.0 has a buffer overflow in print-ah.c:ah_print(). (CVE-2016-7922)

  • The ARP parser in tcpdump before 4.9.0 has a buffer overflow in print-arp.c:arp_print(). (CVE-2016-7923)

  • The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:oam_print(). (CVE-2016-7924)

  • The compressed SLIP parser in tcpdump before 4.9.0 has a buffer overflow in print-sl.c:sl_if_print().
    (CVE-2016-7925)

  • The Ethernet parser in tcpdump before 4.9.0 has a buffer overflow in print-ether.c:ethertype_print().
    (CVE-2016-7926)

  • The IEEE 802.11 parser in tcpdump before 4.9.0 has a buffer overflow in print-802_11.c:ieee802_11_radio_print(). (CVE-2016-7927)

  • The IPComp parser in tcpdump before 4.9.0 has a buffer overflow in print-ipcomp.c:ipcomp_print().
    (CVE-2016-7928)

  • The Juniper PPPoE ATM parser in tcpdump before 4.9.0 has a buffer overflow in print- juniper.c:juniper_parse_header(). (CVE-2016-7929)

  • The LLC/SNAP parser in tcpdump before 4.9.0 has a buffer overflow in print-llc.c:llc_print().
    (CVE-2016-7930)

  • The MPLS parser in tcpdump before 4.9.0 has a buffer overflow in print-mpls.c:mpls_print().
    (CVE-2016-7931)

  • The PIM parser in tcpdump before 4.9.0 has a buffer overflow in print-pim.c:pimv2_check_checksum().
    (CVE-2016-7932)

  • The PPP parser in tcpdump before 4.9.0 has a buffer overflow in print-ppp.c:ppp_hdlc_if_print().
    (CVE-2016-7933)

  • The RTCP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:rtcp_print(). (CVE-2016-7934)

  • The RTP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:rtp_print(). (CVE-2016-7935)

  • The UDP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:udp_print(). (CVE-2016-7936)

  • The VAT parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:vat_print(). (CVE-2016-7937)

  • The ZeroMQ parser in tcpdump before 4.9.0 has an integer overflow in print-zeromq.c:zmtp1_print_frame().
    (CVE-2016-7938)

  • The GRE parser in tcpdump before 4.9.0 has a buffer overflow in print-gre.c, multiple functions.
    (CVE-2016-7939)

  • The STP parser in tcpdump before 4.9.0 has a buffer overflow in print-stp.c, multiple functions.
    (CVE-2016-7940)

  • The AppleTalk parser in tcpdump before 4.9.0 has a buffer overflow in print-atalk.c, multiple functions.
    (CVE-2016-7973)

  • The IP parser in tcpdump before 4.9.0 has a buffer overflow in print-ip.c, multiple functions.
    (CVE-2016-7974)

  • The TCP parser in tcpdump before 4.9.0 has a buffer overflow in print-tcp.c:tcp_print(). (CVE-2016-7975)

  • The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print().
    (CVE-2016-7983, CVE-2017-5203)

  • The TFTP parser in tcpdump before 4.9.0 has a buffer overflow in print-tftp.c:tftp_print().
    (CVE-2016-7984)

  • The CALM FAST parser in tcpdump before 4.9.0 has a buffer overflow in print-calm-fast.c:calm_fast_print().
    (CVE-2016-7985)

  • The GeoNetworking parser in tcpdump before 4.9.0 has a buffer overflow in print-geonet.c, multiple functions. (CVE-2016-7986)

  • The Classical IP over ATM parser in tcpdump before 4.9.0 has a buffer overflow in print- cip.c:cip_if_print(). (CVE-2016-7992)

  • A bug in util-print.c:relts_print() in tcpdump before 4.9.0 could cause a buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP, lightweight resolver protocol, PIM). (CVE-2016-7993)

  • The FRF.15 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:frf15_print().
    (CVE-2016-8574)

  • The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print(), a different vulnerability than CVE-2017-5482. (CVE-2016-8575)

  • tcpdump 4.9.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packet data. The crash occurs in the EXTRACT_16BITS function, called from the stp_print function for the Spanning Tree Protocol. (CVE-2017-11108)

  • tcpdump 4.9.0 has a heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c. (CVE-2017-11541)

  • tcpdump 4.9.0 has a heap-based buffer over-read in the pimv1_print function in print-pim.c.
    (CVE-2017-11542)

  • tcpdump 4.9.0 has a buffer overflow in the sliplink_print function in print-sl.c. (CVE-2017-11543)

  • Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11543. Reason: This candidate is a duplicate of CVE-2017-11543. Notes: All CVE users should reference CVE-2017-11543 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage (CVE-2017-11544)

  • The SMB/CIFS parser in tcpdump before 4.9.2 has a buffer over-read in smbutil.c:name_len().
    (CVE-2017-12893)

  • Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in addrtoname.c:lookup_bytestring(). (CVE-2017-12894)

  • The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp.c:icmp_print().
    (CVE-2017-12895, CVE-2017-13012)

  • The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:isakmp_rfc3948_print().
    (CVE-2017-12896)

  • The ISO CLNS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isoclns_print().
    (CVE-2017-12897)

  • The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:interp_reply().
    (CVE-2017-12898)

  • The DECnet parser in tcpdump before 4.9.2 has a buffer over-read in print-decnet.c:decnet_print().
    (CVE-2017-12899)

  • Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in util- print.c:tok2strbuf(). (CVE-2017-12900)

  • The EIGRP parser in tcpdump before 4.9.2 has a buffer over-read in print-eigrp.c:eigrp_print().
    (CVE-2017-12901)

  • The Zephyr parser in tcpdump before 4.9.2 has a buffer over-read in print-zephyr.c, several functions.
    (CVE-2017-12902)

  • The IPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-ip6.c:ip6_print().
    (CVE-2017-12985)

  • The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print().
    (CVE-2017-12986, CVE-2017-13725)

  • The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements().
    (CVE-2017-12987, CVE-2017-13008)

  • The telnet parser in tcpdump before 4.9.2 has a buffer over-read in print-telnet.c:telnet_parse().
    (CVE-2017-12988)

  • The RESP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print- resp.c:resp_get_length(). (CVE-2017-12989)

  • The ISAKMP parser in tcpdump before 4.9.2 could enter an infinite loop due to bugs in print-isakmp.c, several functions. (CVE-2017-12990)

  • The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print().
    (CVE-2017-12991, CVE-2017-12994, CVE-2017-13046)

  • The RIPng parser in tcpdump before 4.9.2 has a buffer over-read in print-ripng.c:ripng_print().
    (CVE-2017-12992)

  • The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print-juniper.c, several functions. (CVE-2017-12993)

  • The DNS parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print- domain.c:ns_print(). (CVE-2017-12995)

  • The PIMv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c:pimv2_print().
    (CVE-2017-12996)

  • The LLDP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print- lldp.c:lldp_private_8021_print(). (CVE-2017-12997)

  • The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print- isoclns.c:isis_print_extd_ip_reach(). (CVE-2017-12998)

  • The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print().
    (CVE-2017-12999)

  • The IEEE 802.15.4 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_15_4.c:ieee802_15_4_if_print(). (CVE-2017-13000)

  • The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:nfs_printfh().
    (CVE-2017-13001)

  • The AODV parser in tcpdump before 4.9.2 has a buffer over-read in print-aodv.c:aodv_extension().
    (CVE-2017-13002)

  • The LMP parser in tcpdump before 4.9.2 has a buffer over-read in print-lmp.c:lmp_print(). (CVE-2017-13003)

  • The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print- juniper.c:juniper_parse_header(). (CVE-2017-13004)

  • The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:xid_map_enter().
    (CVE-2017-13005)

  • The L2TP parser in tcpdump before 4.9.2 has a buffer over-read in print-l2tp.c, several functions.
    (CVE-2017-13006)

  • The Apple PKTAP parser in tcpdump before 4.9.2 has a buffer over-read in print-pktap.c:pktap_if_print().
    (CVE-2017-13007)

  • The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print- mobility.c:mobility_print(). (CVE-2017-13009)

  • The BEEP parser in tcpdump before 4.9.2 has a buffer over-read in print-beep.c:l_strnstart().
    (CVE-2017-13010)

  • Several protocol parsers in tcpdump before 4.9.2 could cause a buffer overflow in util- print.c:bittok2str_internal(). (CVE-2017-13011)

  • The ARP parser in tcpdump before 4.9.2 has a buffer over-read in print-arp.c, several functions.
    (CVE-2017-13013)

  • The White Board protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-wb.c:wb_prep(), several functions. (CVE-2017-13014)

  • The EAP parser in tcpdump before 4.9.2 has a buffer over-read in print-eap.c:eap_print(). (CVE-2017-13015)

  • The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esis_print().
    (CVE-2017-13016, CVE-2017-13047)

  • The DHCPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-dhcp6.c:dhcp6opt_print().
    (CVE-2017-13017)

  • The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print(). (CVE-2017-13018, CVE-2017-13019, CVE-2017-13034)

  • The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print(). (CVE-2017-13020, CVE-2017-13033)

  • The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_print().
    (CVE-2017-13021)

  • The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printroute().
    (CVE-2017-13022)

  • The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print- mobility.c:mobility_opt_print(). (CVE-2017-13023, CVE-2017-13024, CVE-2017-13025)

  • The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c, several functions.
    (CVE-2017-13026)

  • The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_mgmt_addr_tlv_print().
    (CVE-2017-13027)

  • The BOOTP parser in tcpdump before 4.9.2 has a buffer over-read in print-bootp.c:bootp_print().
    (CVE-2017-13028)

  • The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:print_ccp_config_options().
    (CVE-2017-13029)

  • The PIM parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c, several functions.
    (CVE-2017-13030)

  • The IPv6 fragmentation header parser in tcpdump before 4.9.2 has a buffer over-read in print- frag6.c:frag6_print(). (CVE-2017-13031)

  • The RADIUS parser in tcpdump before 4.9.2 has a buffer over-read in print-radius.c:print_attr_string().
    (CVE-2017-13032)

  • The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_id().
    (CVE-2017-13035)

  • The OSPFv3 parser in tcpdump before 4.9.2 has a buffer over-read in print-ospf6.c:ospf6_decode_v3().
    (CVE-2017-13036)

  • The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printts(). (CVE-2017-13037)

  • The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:handle_mlppp().
    (CVE-2017-13038)

  • The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions.
    (CVE-2017-13039)

  • The MPTCP parser in tcpdump before 4.9.2 has a buffer over-read in print-mptcp.c, several functions.
    (CVE-2017-13040)

  • The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_nodeinfo_print().
    (CVE-2017-13041)

  • The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in print-hncp.c:dhcpv6_print().
    (CVE-2017-13042)

  • The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_multicast_vpn().
    (CVE-2017-13043)

  • The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in print-hncp.c:dhcpv4_print().
    (CVE-2017-13044)

  • The VQP parser in tcpdump before 4.9.2 has a buffer over-read in print-vqp.c:vqp_print(). (CVE-2017-13045)

  • The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvp_obj_print().
    (CVE-2017-13048, CVE-2017-13051)

  • The Rx protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-rx.c:ubik_print().
    (CVE-2017-13049)

  • The RPKI-Router parser in tcpdump before 4.9.2 has a buffer over-read in print-rpki- rtr.c:rpki_rtr_pdu_print(). (CVE-2017-13050)

  • The CFM parser in tcpdump before 4.9.2 has a buffer over-read in print-cfm.c:cfm_print(). (CVE-2017-13052)

  • The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_rt_routing_info().
    (CVE-2017-13053)

  • The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_private_8023_print().
    (CVE-2017-13054)

  • The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print- isoclns.c:isis_print_is_reach_subtlv(). (CVE-2017-13055)

  • The Cisco HDLC parser in tcpdump before 4.9.2 has a buffer over-read in print-chdlc.c:chdlc_print().
    (CVE-2017-13687)

  • The OLSR parser in tcpdump before 4.9.2 has a buffer over-read in print-olsr.c:olsr_print().
    (CVE-2017-13688)

  • The IKEv1 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:ikev1_id_print().
    (CVE-2017-13689)

  • The IKEv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions.
    (CVE-2017-13690)

  • tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c. (CVE-2017-16808)

  • The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print().
    (CVE-2017-5202, CVE-2017-5486)

  • The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print-ip6.c:ip6_print(). (CVE-2017-5204)

  • The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print().
    (CVE-2017-5205)

  • The OTV parser in tcpdump before 4.9.0 has a buffer overflow in print-otv.c:otv_print(). (CVE-2017-5341)

  • In tcpdump before 4.9.0, a bug in multiple protocol parsers (Geneve, GRE, NSH, OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in print-ether.c:ether_print(). (CVE-2017-5342)

  • The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print(), a different vulnerability than CVE-2016-8575. (CVE-2017-5482)

  • The SNMP parser in tcpdump before 4.9.0 has a buffer overflow in print-snmp.c:asn1_parse().
    (CVE-2017-5483)

  • The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:sig_print(). (CVE-2017-5484)

  • The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in addrtoname.c:lookup_nsap().
    (CVE-2017-5485)

  • tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2). (CVE-2018-10103)

  • The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print().
    (CVE-2018-14461)

  • The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().
    (CVE-2018-14462)

  • The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 2, a different vulnerability than CVE-2019-15167. (CVE-2018-14463)

  • The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print- lmp.c:lmp_print_data_link_subobjs(). (CVE-2018-14464)

  • The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().
    (CVE-2018-14465)

  • The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert(). (CVE-2018-14466)

  • The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP). (CVE-2018-14467)

  • The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().
    (CVE-2018-14468)

  • The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().
    (CVE-2018-14469)

  • The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().
    (CVE-2018-14470)

  • The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file(). (CVE-2018-14879)

  • The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().
    (CVE-2018-14880)

  • The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART). (CVE-2018-14881)

  • The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c. (CVE-2018-14882)

  • The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield. (CVE-2018-16227)

  • The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().
    (CVE-2018-16228)

  • The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().
    (CVE-2018-16229)

  • The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI). (CVE-2018-16230)

  • The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion. (CVE-2018-16300)

  • The command-line argument parser in tcpdump before 4.99.0 has a buffer overflow in tcpdump.c:read_infile(). To trigger this vulnerability the attacker needs to create a 4GB file on the local filesystem and to specify the file name as the value of the -F command-line argument of tcpdump.
    (CVE-2018-16301)

  • The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN. (CVE-2018-16451)

  • The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion.
    (CVE-2018-16452)

  • lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.
    (CVE-2019-15166)

  • The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 3, a different vulnerability than CVE-2018-14463. (CVE-2019-15167)

  • The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory.
    (CVE-2020-8037)

  • The SMB protocol decoder in tcpdump version 4.99.3 can perform an out-of-bounds write when decoding a crafted network packet. (CVE-2023-1801)

  • Due to a bug in packet data buffers management, the PPP printer in tcpdump can enter an infinite loop when reading a crafted DLT_PPP_SERIAL .pcap savefile. This problem does not affect any tcpdump release, but it affected the git master branch from 2023-06-05 to 2024-03-21. (CVE-2024-2397)

Note that Nessus has not tested for these issues but has instead relied on the package manager’s report that the package is installed.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory tcpdump. The text
# itself is copyright (C) Red Hat, Inc.
##

include('compat.inc');

if (description)
{
  script_id(195551);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/11");

  script_cve_id(
    "CVE-2016-7922",
    "CVE-2016-7923",
    "CVE-2016-7924",
    "CVE-2016-7925",
    "CVE-2016-7926",
    "CVE-2016-7927",
    "CVE-2016-7928",
    "CVE-2016-7929",
    "CVE-2016-7930",
    "CVE-2016-7931",
    "CVE-2016-7932",
    "CVE-2016-7933",
    "CVE-2016-7934",
    "CVE-2016-7935",
    "CVE-2016-7936",
    "CVE-2016-7937",
    "CVE-2016-7938",
    "CVE-2016-7939",
    "CVE-2016-7940",
    "CVE-2016-7973",
    "CVE-2016-7974",
    "CVE-2016-7975",
    "CVE-2016-7983",
    "CVE-2016-7984",
    "CVE-2016-7985",
    "CVE-2016-7986",
    "CVE-2016-7992",
    "CVE-2016-7993",
    "CVE-2016-8574",
    "CVE-2016-8575",
    "CVE-2017-5202",
    "CVE-2017-5203",
    "CVE-2017-5204",
    "CVE-2017-5205",
    "CVE-2017-5341",
    "CVE-2017-5342",
    "CVE-2017-5482",
    "CVE-2017-5483",
    "CVE-2017-5484",
    "CVE-2017-5485",
    "CVE-2017-5486",
    "CVE-2017-11108",
    "CVE-2017-11541",
    "CVE-2017-11542",
    "CVE-2017-11543",
    "CVE-2017-11544",
    "CVE-2017-12893",
    "CVE-2017-12894",
    "CVE-2017-12895",
    "CVE-2017-12896",
    "CVE-2017-12897",
    "CVE-2017-12898",
    "CVE-2017-12899",
    "CVE-2017-12900",
    "CVE-2017-12901",
    "CVE-2017-12902",
    "CVE-2017-12985",
    "CVE-2017-12986",
    "CVE-2017-12987",
    "CVE-2017-12988",
    "CVE-2017-12989",
    "CVE-2017-12990",
    "CVE-2017-12991",
    "CVE-2017-12992",
    "CVE-2017-12993",
    "CVE-2017-12994",
    "CVE-2017-12995",
    "CVE-2017-12996",
    "CVE-2017-12997",
    "CVE-2017-12998",
    "CVE-2017-12999",
    "CVE-2017-13000",
    "CVE-2017-13001",
    "CVE-2017-13002",
    "CVE-2017-13003",
    "CVE-2017-13004",
    "CVE-2017-13005",
    "CVE-2017-13006",
    "CVE-2017-13007",
    "CVE-2017-13008",
    "CVE-2017-13009",
    "CVE-2017-13010",
    "CVE-2017-13011",
    "CVE-2017-13012",
    "CVE-2017-13013",
    "CVE-2017-13014",
    "CVE-2017-13015",
    "CVE-2017-13016",
    "CVE-2017-13017",
    "CVE-2017-13018",
    "CVE-2017-13019",
    "CVE-2017-13020",
    "CVE-2017-13021",
    "CVE-2017-13022",
    "CVE-2017-13023",
    "CVE-2017-13024",
    "CVE-2017-13025",
    "CVE-2017-13026",
    "CVE-2017-13027",
    "CVE-2017-13028",
    "CVE-2017-13029",
    "CVE-2017-13030",
    "CVE-2017-13031",
    "CVE-2017-13032",
    "CVE-2017-13033",
    "CVE-2017-13034",
    "CVE-2017-13035",
    "CVE-2017-13036",
    "CVE-2017-13037",
    "CVE-2017-13038",
    "CVE-2017-13039",
    "CVE-2017-13040",
    "CVE-2017-13041",
    "CVE-2017-13042",
    "CVE-2017-13043",
    "CVE-2017-13044",
    "CVE-2017-13045",
    "CVE-2017-13046",
    "CVE-2017-13047",
    "CVE-2017-13048",
    "CVE-2017-13049",
    "CVE-2017-13050",
    "CVE-2017-13051",
    "CVE-2017-13052",
    "CVE-2017-13053",
    "CVE-2017-13054",
    "CVE-2017-13055",
    "CVE-2017-13687",
    "CVE-2017-13688",
    "CVE-2017-13689",
    "CVE-2017-13690",
    "CVE-2017-13725",
    "CVE-2017-16808",
    "CVE-2018-10103",
    "CVE-2018-10105",
    "CVE-2018-14461",
    "CVE-2018-14462",
    "CVE-2018-14463",
    "CVE-2018-14464",
    "CVE-2018-14465",
    "CVE-2018-14466",
    "CVE-2018-14467",
    "CVE-2018-14468",
    "CVE-2018-14469",
    "CVE-2018-14470",
    "CVE-2018-14879",
    "CVE-2018-14880",
    "CVE-2018-14881",
    "CVE-2018-14882",
    "CVE-2018-16227",
    "CVE-2018-16228",
    "CVE-2018-16229",
    "CVE-2018-16230",
    "CVE-2018-16300",
    "CVE-2018-16301",
    "CVE-2018-16451",
    "CVE-2018-16452",
    "CVE-2019-15166",
    "CVE-2019-15167",
    "CVE-2020-8037",
    "CVE-2023-1801",
    "CVE-2024-2397"
  );

  script_name(english:"RHEL 6 : tcpdump (Unpatched Vulnerability)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat 6 host is affected by multiple vulnerabilities that will not be patched.");
  script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple
vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - tcpdump: SMB data printing mishandled (CVE-2018-10105)

  - The AH parser in tcpdump before 4.9.0 has a buffer overflow in print-ah.c:ah_print(). (CVE-2016-7922)

  - The ARP parser in tcpdump before 4.9.0 has a buffer overflow in print-arp.c:arp_print(). (CVE-2016-7923)

  - The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:oam_print(). (CVE-2016-7924)

  - The compressed SLIP parser in tcpdump before 4.9.0 has a buffer overflow in print-sl.c:sl_if_print().
    (CVE-2016-7925)

  - The Ethernet parser in tcpdump before 4.9.0 has a buffer overflow in print-ether.c:ethertype_print().
    (CVE-2016-7926)

  - The IEEE 802.11 parser in tcpdump before 4.9.0 has a buffer overflow in
    print-802_11.c:ieee802_11_radio_print(). (CVE-2016-7927)

  - The IPComp parser in tcpdump before 4.9.0 has a buffer overflow in print-ipcomp.c:ipcomp_print().
    (CVE-2016-7928)

  - The Juniper PPPoE ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-
    juniper.c:juniper_parse_header(). (CVE-2016-7929)

  - The LLC/SNAP parser in tcpdump before 4.9.0 has a buffer overflow in print-llc.c:llc_print().
    (CVE-2016-7930)

  - The MPLS parser in tcpdump before 4.9.0 has a buffer overflow in print-mpls.c:mpls_print().
    (CVE-2016-7931)

  - The PIM parser in tcpdump before 4.9.0 has a buffer overflow in print-pim.c:pimv2_check_checksum().
    (CVE-2016-7932)

  - The PPP parser in tcpdump before 4.9.0 has a buffer overflow in print-ppp.c:ppp_hdlc_if_print().
    (CVE-2016-7933)

  - The RTCP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:rtcp_print(). (CVE-2016-7934)

  - The RTP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:rtp_print(). (CVE-2016-7935)

  - The UDP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:udp_print(). (CVE-2016-7936)

  - The VAT parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:vat_print(). (CVE-2016-7937)

  - The ZeroMQ parser in tcpdump before 4.9.0 has an integer overflow in print-zeromq.c:zmtp1_print_frame().
    (CVE-2016-7938)

  - The GRE parser in tcpdump before 4.9.0 has a buffer overflow in print-gre.c, multiple functions.
    (CVE-2016-7939)

  - The STP parser in tcpdump before 4.9.0 has a buffer overflow in print-stp.c, multiple functions.
    (CVE-2016-7940)

  - The AppleTalk parser in tcpdump before 4.9.0 has a buffer overflow in print-atalk.c, multiple functions.
    (CVE-2016-7973)

  - The IP parser in tcpdump before 4.9.0 has a buffer overflow in print-ip.c, multiple functions.
    (CVE-2016-7974)

  - The TCP parser in tcpdump before 4.9.0 has a buffer overflow in print-tcp.c:tcp_print(). (CVE-2016-7975)

  - The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print().
    (CVE-2016-7983, CVE-2017-5203)

  - The TFTP parser in tcpdump before 4.9.0 has a buffer overflow in print-tftp.c:tftp_print().
    (CVE-2016-7984)

  - The CALM FAST parser in tcpdump before 4.9.0 has a buffer overflow in print-calm-fast.c:calm_fast_print().
    (CVE-2016-7985)

  - The GeoNetworking parser in tcpdump before 4.9.0 has a buffer overflow in print-geonet.c, multiple
    functions. (CVE-2016-7986)

  - The Classical IP over ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-
    cip.c:cip_if_print(). (CVE-2016-7992)

  - A bug in util-print.c:relts_print() in tcpdump before 4.9.0 could cause a buffer overflow in multiple
    protocol parsers (DNS, DVMRP, HSRP, IGMP, lightweight resolver protocol, PIM). (CVE-2016-7993)

  - The FRF.15 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:frf15_print().
    (CVE-2016-8574)

  - The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print(), a different
    vulnerability than CVE-2017-5482. (CVE-2016-8575)

  - tcpdump 4.9.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and
    application crash) via crafted packet data. The crash occurs in the EXTRACT_16BITS function, called from
    the stp_print function for the Spanning Tree Protocol. (CVE-2017-11108)

  - tcpdump 4.9.0 has a heap-based buffer over-read in the lldp_print function in print-lldp.c, related to
    util-print.c. (CVE-2017-11541)

  - tcpdump 4.9.0 has a heap-based buffer over-read in the pimv1_print function in print-pim.c.
    (CVE-2017-11542)

  - tcpdump 4.9.0 has a buffer overflow in the sliplink_print function in print-sl.c. (CVE-2017-11543)

  - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11543. Reason: This candidate is a
    duplicate of CVE-2017-11543. Notes: All CVE users should reference CVE-2017-11543 instead of this
    candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
    (CVE-2017-11544)

  - The SMB/CIFS parser in tcpdump before 4.9.2 has a buffer over-read in smbutil.c:name_len().
    (CVE-2017-12893)

  - Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in
    addrtoname.c:lookup_bytestring(). (CVE-2017-12894)

  - The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp.c:icmp_print().
    (CVE-2017-12895, CVE-2017-13012)

  - The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:isakmp_rfc3948_print().
    (CVE-2017-12896)

  - The ISO CLNS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isoclns_print().
    (CVE-2017-12897)

  - The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:interp_reply().
    (CVE-2017-12898)

  - The DECnet parser in tcpdump before 4.9.2 has a buffer over-read in print-decnet.c:decnet_print().
    (CVE-2017-12899)

  - Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in util-
    print.c:tok2strbuf(). (CVE-2017-12900)

  - The EIGRP parser in tcpdump before 4.9.2 has a buffer over-read in print-eigrp.c:eigrp_print().
    (CVE-2017-12901)

  - The Zephyr parser in tcpdump before 4.9.2 has a buffer over-read in print-zephyr.c, several functions.
    (CVE-2017-12902)

  - The IPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-ip6.c:ip6_print().
    (CVE-2017-12985)

  - The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print().
    (CVE-2017-12986, CVE-2017-13725)

  - The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements().
    (CVE-2017-12987, CVE-2017-13008)

  - The telnet parser in tcpdump before 4.9.2 has a buffer over-read in print-telnet.c:telnet_parse().
    (CVE-2017-12988)

  - The RESP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-
    resp.c:resp_get_length(). (CVE-2017-12989)

  - The ISAKMP parser in tcpdump before 4.9.2 could enter an infinite loop due to bugs in print-isakmp.c,
    several functions. (CVE-2017-12990)

  - The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print().
    (CVE-2017-12991, CVE-2017-12994, CVE-2017-13046)

  - The RIPng parser in tcpdump before 4.9.2 has a buffer over-read in print-ripng.c:ripng_print().
    (CVE-2017-12992)

  - The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print-juniper.c, several
    functions. (CVE-2017-12993)

  - The DNS parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-
    domain.c:ns_print(). (CVE-2017-12995)

  - The PIMv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c:pimv2_print().
    (CVE-2017-12996)

  - The LLDP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-
    lldp.c:lldp_private_8021_print(). (CVE-2017-12997)

  - The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-
    isoclns.c:isis_print_extd_ip_reach(). (CVE-2017-12998)

  - The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print().
    (CVE-2017-12999)

  - The IEEE 802.15.4 parser in tcpdump before 4.9.2 has a buffer over-read in
    print-802_15_4.c:ieee802_15_4_if_print(). (CVE-2017-13000)

  - The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:nfs_printfh().
    (CVE-2017-13001)

  - The AODV parser in tcpdump before 4.9.2 has a buffer over-read in print-aodv.c:aodv_extension().
    (CVE-2017-13002)

  - The LMP parser in tcpdump before 4.9.2 has a buffer over-read in print-lmp.c:lmp_print(). (CVE-2017-13003)

  - The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print-
    juniper.c:juniper_parse_header(). (CVE-2017-13004)

  - The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:xid_map_enter().
    (CVE-2017-13005)

  - The L2TP parser in tcpdump before 4.9.2 has a buffer over-read in print-l2tp.c, several functions.
    (CVE-2017-13006)

  - The Apple PKTAP parser in tcpdump before 4.9.2 has a buffer over-read in print-pktap.c:pktap_if_print().
    (CVE-2017-13007)

  - The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-
    mobility.c:mobility_print(). (CVE-2017-13009)

  - The BEEP parser in tcpdump before 4.9.2 has a buffer over-read in print-beep.c:l_strnstart().
    (CVE-2017-13010)

  - Several protocol parsers in tcpdump before 4.9.2 could cause a buffer overflow in util-
    print.c:bittok2str_internal(). (CVE-2017-13011)

  - The ARP parser in tcpdump before 4.9.2 has a buffer over-read in print-arp.c, several functions.
    (CVE-2017-13013)

  - The White Board protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-wb.c:wb_prep(),
    several functions. (CVE-2017-13014)

  - The EAP parser in tcpdump before 4.9.2 has a buffer over-read in print-eap.c:eap_print(). (CVE-2017-13015)

  - The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esis_print().
    (CVE-2017-13016, CVE-2017-13047)

  - The DHCPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-dhcp6.c:dhcp6opt_print().
    (CVE-2017-13017)

  - The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print(). (CVE-2017-13018,
    CVE-2017-13019, CVE-2017-13034)

  - The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print(). (CVE-2017-13020,
    CVE-2017-13033)

  - The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_print().
    (CVE-2017-13021)

  - The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printroute().
    (CVE-2017-13022)

  - The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-
    mobility.c:mobility_opt_print(). (CVE-2017-13023, CVE-2017-13024, CVE-2017-13025)

  - The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c, several functions.
    (CVE-2017-13026)

  - The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_mgmt_addr_tlv_print().
    (CVE-2017-13027)

  - The BOOTP parser in tcpdump before 4.9.2 has a buffer over-read in print-bootp.c:bootp_print().
    (CVE-2017-13028)

  - The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:print_ccp_config_options().
    (CVE-2017-13029)

  - The PIM parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c, several functions.
    (CVE-2017-13030)

  - The IPv6 fragmentation header parser in tcpdump before 4.9.2 has a buffer over-read in print-
    frag6.c:frag6_print(). (CVE-2017-13031)

  - The RADIUS parser in tcpdump before 4.9.2 has a buffer over-read in print-radius.c:print_attr_string().
    (CVE-2017-13032)

  - The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_id().
    (CVE-2017-13035)

  - The OSPFv3 parser in tcpdump before 4.9.2 has a buffer over-read in print-ospf6.c:ospf6_decode_v3().
    (CVE-2017-13036)

  - The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printts(). (CVE-2017-13037)

  - The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:handle_mlppp().
    (CVE-2017-13038)

  - The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions.
    (CVE-2017-13039)

  - The MPTCP parser in tcpdump before 4.9.2 has a buffer over-read in print-mptcp.c, several functions.
    (CVE-2017-13040)

  - The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_nodeinfo_print().
    (CVE-2017-13041)

  - The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in print-hncp.c:dhcpv6_print().
    (CVE-2017-13042)

  - The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_multicast_vpn().
    (CVE-2017-13043)

  - The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in print-hncp.c:dhcpv4_print().
    (CVE-2017-13044)

  - The VQP parser in tcpdump before 4.9.2 has a buffer over-read in print-vqp.c:vqp_print(). (CVE-2017-13045)

  - The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvp_obj_print().
    (CVE-2017-13048, CVE-2017-13051)

  - The Rx protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-rx.c:ubik_print().
    (CVE-2017-13049)

  - The RPKI-Router parser in tcpdump before 4.9.2 has a buffer over-read in print-rpki-
    rtr.c:rpki_rtr_pdu_print(). (CVE-2017-13050)

  - The CFM parser in tcpdump before 4.9.2 has a buffer over-read in print-cfm.c:cfm_print(). (CVE-2017-13052)

  - The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_rt_routing_info().
    (CVE-2017-13053)

  - The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_private_8023_print().
    (CVE-2017-13054)

  - The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-
    isoclns.c:isis_print_is_reach_subtlv(). (CVE-2017-13055)

  - The Cisco HDLC parser in tcpdump before 4.9.2 has a buffer over-read in print-chdlc.c:chdlc_print().
    (CVE-2017-13687)

  - The OLSR parser in tcpdump before 4.9.2 has a buffer over-read in print-olsr.c:olsr_print().
    (CVE-2017-13688)

  - The IKEv1 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:ikev1_id_print().
    (CVE-2017-13689)

  - The IKEv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions.
    (CVE-2017-13690)

  - tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem
    in addrtoname.c. (CVE-2017-16808)

  - The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print().
    (CVE-2017-5202, CVE-2017-5486)

  - The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print-ip6.c:ip6_print(). (CVE-2017-5204)

  - The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print().
    (CVE-2017-5205)

  - The OTV parser in tcpdump before 4.9.0 has a buffer overflow in print-otv.c:otv_print(). (CVE-2017-5341)

  - In tcpdump before 4.9.0, a bug in multiple protocol parsers (Geneve, GRE, NSH, OTV, VXLAN and VXLAN GPE)
    could cause a buffer overflow in print-ether.c:ether_print(). (CVE-2017-5342)

  - The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print(), a different
    vulnerability than CVE-2016-8575. (CVE-2017-5482)

  - The SNMP parser in tcpdump before 4.9.0 has a buffer overflow in print-snmp.c:asn1_parse().
    (CVE-2017-5483)

  - The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:sig_print(). (CVE-2017-5484)

  - The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in addrtoname.c:lookup_nsap().
    (CVE-2017-5485)

  - tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2). (CVE-2018-10103)

  - The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print().
    (CVE-2018-14461)

  - The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().
    (CVE-2018-14462)

  - The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP
    version 2, a different vulnerability than CVE-2019-15167. (CVE-2018-14463)

  - The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-
    lmp.c:lmp_print_data_link_subobjs(). (CVE-2018-14464)

  - The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().
    (CVE-2018-14465)

  - The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and
    rx_cache_insert(). (CVE-2018-14466)

  - The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print()
    (BGP_CAPCODE_MP). (CVE-2018-14467)

  - The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().
    (CVE-2018-14468)

  - The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().
    (CVE-2018-14469)

  - The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().
    (CVE-2018-14470)

  - The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in
    tcpdump.c:get_next_file(). (CVE-2018-14879)

  - The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().
    (CVE-2018-14880)

  - The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print()
    (BGP_CAPCODE_RESTART). (CVE-2018-14881)

  - The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c. (CVE-2018-14882)

  - The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags
    subfield. (CVE-2018-16227)

  - The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().
    (CVE-2018-16228)

  - The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().
    (CVE-2018-16229)

  - The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print()
    (MP_REACH_NLRI). (CVE-2018-16230)

  - The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of
    unlimited recursion. (CVE-2018-16300)

  - The command-line argument parser in tcpdump before 4.99.0 has a buffer overflow in
    tcpdump.c:read_infile(). To trigger this vulnerability the attacker needs to create a 4GB file on the
    local filesystem and to specify the file name as the value of the -F command-line argument of tcpdump.
    (CVE-2018-16301)

  - The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for
    \MAILSLOT\BROWSE and \PIPE\LANMAN. (CVE-2018-16451)

  - The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion.
    (CVE-2018-16452)

  - lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.
    (CVE-2019-15166)

  - The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP
    version 3, a different vulnerability than CVE-2018-14463. (CVE-2019-15167)

  - The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory.
    (CVE-2020-8037)

  - The SMB protocol decoder in tcpdump version 4.99.3 can perform an out-of-bounds write when decoding a
    crafted network packet. (CVE-2023-1801)

  - Due to a bug in packet data buffers management, the PPP printer in tcpdump can enter an infinite loop when
    reading a crafted DLT_PPP_SERIAL .pcap savefile. This problem does not affect any tcpdump release, but it
    affected the git master branch from 2023-06-05 to 2024-03-21. (CVE-2024-2397)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package
is installed.");
  script_set_attribute(attribute:"solution", value:
"The vendor has acknowledged the vulnerabilities but no solution has been provided. Refer to the vendor for remediation
guidance.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-10105");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/01/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/05/11");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libpcap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tcpdump");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Red Hat Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm.inc');
include('rhel.inc');

if (!get_kb_item("global_settings/vendor_unpatched"))
exit(0, "Unpatched Vulnerabilities Detection not active.");

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '6')) audit(AUDIT_OS_NOT, 'Red Hat 6.x', 'Red Hat ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);

var constraints = [
  {
    'pkgs': [
      {'reference':'libpcap', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'libpcap', 'cves':['CVE-2024-2397']},
      {'reference':'tcpdump', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'tcpdump'}
    ]
  }
];


var flag = 0;
foreach var constraint_array ( constraints ) {
  var repo_relative_urls = NULL;
  var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);
  foreach var pkg ( constraint_array['pkgs'] ) {
    var unpatched_pkg = NULL;
    var _release = NULL;
    var sp = NULL;
    var el_string = NULL;
    var rpm_spec_vers_cmp = NULL;
    var exists_check = NULL;
    var cves = NULL;
    if (!empty_or_null(pkg['unpatched_pkg'])) unpatched_pkg = pkg['unpatched_pkg'];
    if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (unpatched_pkg &&
        _release &&
        (!exists_check || rpm_exists(release:_release, rpm:exists_check)) &&
        unpatched_package_exists(release:_release, package:unpatched_pkg, cves: cves)) flag++;
  }
}

if (flag)
{
  var extra = NULL;
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : unpatched_packages_report()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libpcap / tcpdump');
}
VendorProductVersionCPE
redhatenterprise_linux5cpe:/o:redhat:enterprise_linux:5
redhatenterprise_linux6cpe:/o:redhat:enterprise_linux:6
redhatenterprise_linux7cpe:/o:redhat:enterprise_linux:7
redhatenterprise_linuxlibpcapp-cpe:/a:redhat:enterprise_linux:libpcap
redhatenterprise_linuxtcpdumpp-cpe:/a:redhat:enterprise_linux:tcpdump

References

Related

openvas 46
nessus 82
osv 7
photon 6
debian 7
ubuntu 5
archlinux 2
mageia 3
aix 3
gentoo 2
cloudfoundry 3
freebsd 1
slackware 3
ibm 7
oraclelinux 2
fedora 4
suse 2
redhat 2
centos 1
almalinux 1
rocky 1
rosalinux 1
f5 7
apple 1
openvas
openvas
Huawei EulerOS: Security Advisory for tcpdump (EulerOS-SA-2017-1280)
2020-01-23 00:00:00
Debian: Security Advisory (DLA-1097-1)
2018-02-06 00:00:00
SUSE: Security Advisory (SUSE-SU-2017:2854-1)
2021-04-19 00:00:00
nessus
nessus
Debian DLA-1097-1 : tcpdump security update
2017-09-18 00:00:00
Ubuntu 14.04 LTS / 16.04 LTS : tcpdump vulnerabilities (USN-3415-1)
2017-09-14 00:00:00
EulerOS 2.0 SP2 : tcpdump (EulerOS-SA-2017-1281)
2017-11-02 00:00:00
osv
osv
tcpdump - security update
2017-09-15 00:00:00
tcpdump - security update
2017-09-13 00:00:00
tcpdump - security update
2017-01-30 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2017-0034
2017-09-19 00:00:00
Important Photon OS Security Update - PHSA-2017-0070
2017-09-19 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-2.0-0182
2019-10-15 00:00:00
debian
debian
[SECURITY] [DSA 3971-1] tcpdump security update
2017-09-13 05:04:17
[SECURITY] [DSA 3971-1] tcpdump security update
2017-09-13 05:04:17
[SECURITY] [DLA 1097-1] tcpdump security update
2017-09-15 10:18:46
ubuntu
ubuntu
tcpdump vulnerabilities
2017-09-14 00:00:00
tcpdump vulnerabilities
2017-09-14 00:00:00
tcpdump vulnerabilities
2017-02-21 00:00:00
archlinux
archlinux
[ASA-201709-5] tcpdump: multiple issues
2017-09-13 00:00:00
[ASA-201702-1] tcpdump: arbitrary code execution
2017-02-02 00:00:00
mageia
mageia
Updated tcpdump packages fix security vulnerabilities
2017-09-10 15:36:09
Updated libpcap/tcpdump packages fix security vulnerability
2017-02-23 17:58:52
Updated libpcap and tcpdump packages fix security vulnerabilities
2019-10-17 01:22:41
aix
aix
There are multiple vulnerabilities in tcpdump that impact AIX.
2017-11-08 09:27:01
There are multiple vulnerabilities in tcpdump that impact AIX.
2017-05-25 11:23:13
There is a vulnerability in tcpdump that affects AIX.,There is a vulnerability in tcpdump that affects VIOS.
2020-01-08 12:57:55
gentoo
gentoo
Tcpdump: Multiple vulnerabilities
2017-09-25 00:00:00
tcpdump: Multiple vulnerabilities
2017-02-21 00:00:00
cloudfoundry
cloudfoundry
USN-3415-1: tcpdump vulnerabilities | Cloud Foundry
2017-09-21 00:00:00
USN-3205-1: tcpdump vulnerabilities | Cloud Foundry
2017-03-14 00:00:00
USN-4252-1: tcpdump vulnerabilities | Cloud Foundry
2020-02-12 00:00:00
freebsd
freebsd
tcpdump -- multiple vulnerabilities
2017-07-22 00:00:00
slackware
slackware
[slackware-security] tcpdump
2017-09-08 18:06:49
[slackware-security] tcpdump
2017-02-10 21:09:44
[slackware-security] tcpdump
2019-10-02 06:51:41
ibm
ibm
Security Bulletin: Multiple Security Issues in IBM Tealeaf Customer Experience PCA
2018-06-23 03:45:19
Security Bulletin: Vulnerabilities in tcpdump affect IBM Flex System Chassis Management Module (CMM)
2019-01-31 02:25:02
Security Bulletin: Vulnerabilities in tcpdump affect AIX
2021-02-26 18:48:40
oraclelinux
oraclelinux
tcpdump security, bug fix, and enhancement update
2017-08-07 00:00:00
tcpdump security, bug fix, and enhancement update
2020-11-10 00:00:00
fedora
fedora
[SECURITY] Fedora 25 Update: tcpdump-4.9.0-1.fc25
2017-02-14 15:52:15
[SECURITY] Fedora 30 Update: tcpdump-4.9.3-1.fc30
2019-10-28 01:03:58
[SECURITY] Fedora 29 Update: tcpdump-4.9.3-1.fc29
2019-10-25 18:09:47
suse
suse
Security update for tcpdump (important)
2019-10-20 00:00:00
Security update for tcpdump (important)
2019-10-20 00:00:00
redhat
redhat
(RHSA-2017:1871) Moderate: tcpdump security, bug fix, and enhancement update
2017-08-01 03:03:57
(RHSA-2020:4760) Moderate: tcpdump security, bug fix, and enhancement update
2020-11-03 12:33:49
centos
centos
tcpdump security update
2017-08-24 01:41:48
almalinux
almalinux
Moderate: tcpdump security, bug fix, and enhancement update
2020-11-03 12:33:49
rocky
rocky
tcpdump security, bug fix, and enhancement update
2020-11-03 12:33:49
rosalinux
rosalinux
Advisory ROSA-SA-2021-1985
2021-07-02 18:15:22
f5
f5
K44551633 : Multiple tcpdump vulnerabilities
2019-11-11 00:00:00
K49144112 : tcpdump vulnerabilities CVE-2016-7934, CVE-2016-7935, CVE-2016-7936, CVE-2016-7937, and CVE-2016-7939
2017-03-07 00:00:00
K94778122 : tcpdump vulnerabilities CVE-2016-7985, CVE-2016-7992, CVE-2016-7993, CVE-2016-8574, and CVE-2016-8575
2017-03-07 00:00:00
apple
apple
About the security content of macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan - Apple Support
2019-04-03 09:42:09

7.9 High

AI Score

Confidence

High

0.378 Low

EPSS

Percentile

97.2%

JSON
Related for REDHAT_UNPATCHED-TCPDUMP-RHEL6.NASL
openvas46nessus82osv7photon6debian7ubuntu5archlinux2mageia3aix3gentoo2cloudfoundry3freebsd1slackware3ibm7oraclelinux2fedora4suse2redhat2centos1almalinux1rocky1rosalinux1f57apple1