The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.
tcpdump: SMB data printing mishandled (CVE-2018-10105)
The AH parser in tcpdump before 4.9.0 has a buffer overflow in print-ah.c:ah_print(). (CVE-2016-7922)
The ARP parser in tcpdump before 4.9.0 has a buffer overflow in print-arp.c:arp_print(). (CVE-2016-7923)
The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:oam_print(). (CVE-2016-7924)
The compressed SLIP parser in tcpdump before 4.9.0 has a buffer overflow in print-sl.c:sl_if_print().
(CVE-2016-7925)
The Ethernet parser in tcpdump before 4.9.0 has a buffer overflow in print-ether.c:ethertype_print().
(CVE-2016-7926)
The IEEE 802.11 parser in tcpdump before 4.9.0 has a buffer overflow in print-802_11.c:ieee802_11_radio_print(). (CVE-2016-7927)
The IPComp parser in tcpdump before 4.9.0 has a buffer overflow in print-ipcomp.c:ipcomp_print().
(CVE-2016-7928)
The Juniper PPPoE ATM parser in tcpdump before 4.9.0 has a buffer overflow in print- juniper.c:juniper_parse_header(). (CVE-2016-7929)
The LLC/SNAP parser in tcpdump before 4.9.0 has a buffer overflow in print-llc.c:llc_print().
(CVE-2016-7930)
The MPLS parser in tcpdump before 4.9.0 has a buffer overflow in print-mpls.c:mpls_print().
(CVE-2016-7931)
The PIM parser in tcpdump before 4.9.0 has a buffer overflow in print-pim.c:pimv2_check_checksum().
(CVE-2016-7932)
The PPP parser in tcpdump before 4.9.0 has a buffer overflow in print-ppp.c:ppp_hdlc_if_print().
(CVE-2016-7933)
The RTCP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:rtcp_print(). (CVE-2016-7934)
The RTP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:rtp_print(). (CVE-2016-7935)
The UDP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:udp_print(). (CVE-2016-7936)
The VAT parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:vat_print(). (CVE-2016-7937)
The ZeroMQ parser in tcpdump before 4.9.0 has an integer overflow in print-zeromq.c:zmtp1_print_frame().
(CVE-2016-7938)
The GRE parser in tcpdump before 4.9.0 has a buffer overflow in print-gre.c, multiple functions.
(CVE-2016-7939)
The STP parser in tcpdump before 4.9.0 has a buffer overflow in print-stp.c, multiple functions.
(CVE-2016-7940)
The AppleTalk parser in tcpdump before 4.9.0 has a buffer overflow in print-atalk.c, multiple functions.
(CVE-2016-7973)
The IP parser in tcpdump before 4.9.0 has a buffer overflow in print-ip.c, multiple functions.
(CVE-2016-7974)
The TCP parser in tcpdump before 4.9.0 has a buffer overflow in print-tcp.c:tcp_print(). (CVE-2016-7975)
The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print().
(CVE-2016-7983, CVE-2017-5203)
The TFTP parser in tcpdump before 4.9.0 has a buffer overflow in print-tftp.c:tftp_print().
(CVE-2016-7984)
The CALM FAST parser in tcpdump before 4.9.0 has a buffer overflow in print-calm-fast.c:calm_fast_print().
(CVE-2016-7985)
The GeoNetworking parser in tcpdump before 4.9.0 has a buffer overflow in print-geonet.c, multiple functions. (CVE-2016-7986)
The Classical IP over ATM parser in tcpdump before 4.9.0 has a buffer overflow in print- cip.c:cip_if_print(). (CVE-2016-7992)
A bug in util-print.c:relts_print() in tcpdump before 4.9.0 could cause a buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP, lightweight resolver protocol, PIM). (CVE-2016-7993)
The FRF.15 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:frf15_print().
(CVE-2016-8574)
The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print(), a different vulnerability than CVE-2017-5482. (CVE-2016-8575)
tcpdump 4.9.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packet data. The crash occurs in the EXTRACT_16BITS function, called from the stp_print function for the Spanning Tree Protocol. (CVE-2017-11108)
tcpdump 4.9.0 has a heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c. (CVE-2017-11541)
tcpdump 4.9.0 has a heap-based buffer over-read in the pimv1_print function in print-pim.c.
(CVE-2017-11542)
tcpdump 4.9.0 has a buffer overflow in the sliplink_print function in print-sl.c. (CVE-2017-11543)
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11543. Reason: This candidate is a duplicate of CVE-2017-11543. Notes: All CVE users should reference CVE-2017-11543 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage (CVE-2017-11544)
The SMB/CIFS parser in tcpdump before 4.9.2 has a buffer over-read in smbutil.c:name_len().
(CVE-2017-12893)
Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in addrtoname.c:lookup_bytestring(). (CVE-2017-12894)
The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp.c:icmp_print().
(CVE-2017-12895, CVE-2017-13012)
The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:isakmp_rfc3948_print().
(CVE-2017-12896)
The ISO CLNS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isoclns_print().
(CVE-2017-12897)
The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:interp_reply().
(CVE-2017-12898)
The DECnet parser in tcpdump before 4.9.2 has a buffer over-read in print-decnet.c:decnet_print().
(CVE-2017-12899)
Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in util- print.c:tok2strbuf(). (CVE-2017-12900)
The EIGRP parser in tcpdump before 4.9.2 has a buffer over-read in print-eigrp.c:eigrp_print().
(CVE-2017-12901)
The Zephyr parser in tcpdump before 4.9.2 has a buffer over-read in print-zephyr.c, several functions.
(CVE-2017-12902)
The IPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-ip6.c:ip6_print().
(CVE-2017-12985)
The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print().
(CVE-2017-12986, CVE-2017-13725)
The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements().
(CVE-2017-12987, CVE-2017-13008)
The telnet parser in tcpdump before 4.9.2 has a buffer over-read in print-telnet.c:telnet_parse().
(CVE-2017-12988)
The RESP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print- resp.c:resp_get_length(). (CVE-2017-12989)
The ISAKMP parser in tcpdump before 4.9.2 could enter an infinite loop due to bugs in print-isakmp.c, several functions. (CVE-2017-12990)
The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print().
(CVE-2017-12991, CVE-2017-12994, CVE-2017-13046)
The RIPng parser in tcpdump before 4.9.2 has a buffer over-read in print-ripng.c:ripng_print().
(CVE-2017-12992)
The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print-juniper.c, several functions. (CVE-2017-12993)
The DNS parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print- domain.c:ns_print(). (CVE-2017-12995)
The PIMv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c:pimv2_print().
(CVE-2017-12996)
The LLDP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print- lldp.c:lldp_private_8021_print(). (CVE-2017-12997)
The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print- isoclns.c:isis_print_extd_ip_reach(). (CVE-2017-12998)
The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print().
(CVE-2017-12999)
The IEEE 802.15.4 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_15_4.c:ieee802_15_4_if_print(). (CVE-2017-13000)
The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:nfs_printfh().
(CVE-2017-13001)
The AODV parser in tcpdump before 4.9.2 has a buffer over-read in print-aodv.c:aodv_extension().
(CVE-2017-13002)
The LMP parser in tcpdump before 4.9.2 has a buffer over-read in print-lmp.c:lmp_print(). (CVE-2017-13003)
The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print- juniper.c:juniper_parse_header(). (CVE-2017-13004)
The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:xid_map_enter().
(CVE-2017-13005)
The L2TP parser in tcpdump before 4.9.2 has a buffer over-read in print-l2tp.c, several functions.
(CVE-2017-13006)
The Apple PKTAP parser in tcpdump before 4.9.2 has a buffer over-read in print-pktap.c:pktap_if_print().
(CVE-2017-13007)
The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print- mobility.c:mobility_print(). (CVE-2017-13009)
The BEEP parser in tcpdump before 4.9.2 has a buffer over-read in print-beep.c:l_strnstart().
(CVE-2017-13010)
Several protocol parsers in tcpdump before 4.9.2 could cause a buffer overflow in util- print.c:bittok2str_internal(). (CVE-2017-13011)
The ARP parser in tcpdump before 4.9.2 has a buffer over-read in print-arp.c, several functions.
(CVE-2017-13013)
The White Board protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-wb.c:wb_prep(), several functions. (CVE-2017-13014)
The EAP parser in tcpdump before 4.9.2 has a buffer over-read in print-eap.c:eap_print(). (CVE-2017-13015)
The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esis_print().
(CVE-2017-13016, CVE-2017-13047)
The DHCPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-dhcp6.c:dhcp6opt_print().
(CVE-2017-13017)
The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print(). (CVE-2017-13018, CVE-2017-13019, CVE-2017-13034)
The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print(). (CVE-2017-13020, CVE-2017-13033)
The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_print().
(CVE-2017-13021)
The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printroute().
(CVE-2017-13022)
The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print- mobility.c:mobility_opt_print(). (CVE-2017-13023, CVE-2017-13024, CVE-2017-13025)
The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c, several functions.
(CVE-2017-13026)
The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_mgmt_addr_tlv_print().
(CVE-2017-13027)
The BOOTP parser in tcpdump before 4.9.2 has a buffer over-read in print-bootp.c:bootp_print().
(CVE-2017-13028)
The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:print_ccp_config_options().
(CVE-2017-13029)
The PIM parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c, several functions.
(CVE-2017-13030)
The IPv6 fragmentation header parser in tcpdump before 4.9.2 has a buffer over-read in print- frag6.c:frag6_print(). (CVE-2017-13031)
The RADIUS parser in tcpdump before 4.9.2 has a buffer over-read in print-radius.c:print_attr_string().
(CVE-2017-13032)
The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_id().
(CVE-2017-13035)
The OSPFv3 parser in tcpdump before 4.9.2 has a buffer over-read in print-ospf6.c:ospf6_decode_v3().
(CVE-2017-13036)
The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printts(). (CVE-2017-13037)
The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:handle_mlppp().
(CVE-2017-13038)
The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions.
(CVE-2017-13039)
The MPTCP parser in tcpdump before 4.9.2 has a buffer over-read in print-mptcp.c, several functions.
(CVE-2017-13040)
The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_nodeinfo_print().
(CVE-2017-13041)
The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in print-hncp.c:dhcpv6_print().
(CVE-2017-13042)
The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_multicast_vpn().
(CVE-2017-13043)
The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in print-hncp.c:dhcpv4_print().
(CVE-2017-13044)
The VQP parser in tcpdump before 4.9.2 has a buffer over-read in print-vqp.c:vqp_print(). (CVE-2017-13045)
The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvp_obj_print().
(CVE-2017-13048, CVE-2017-13051)
The Rx protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-rx.c:ubik_print().
(CVE-2017-13049)
The RPKI-Router parser in tcpdump before 4.9.2 has a buffer over-read in print-rpki- rtr.c:rpki_rtr_pdu_print(). (CVE-2017-13050)
The CFM parser in tcpdump before 4.9.2 has a buffer over-read in print-cfm.c:cfm_print(). (CVE-2017-13052)
The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_rt_routing_info().
(CVE-2017-13053)
The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_private_8023_print().
(CVE-2017-13054)
The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print- isoclns.c:isis_print_is_reach_subtlv(). (CVE-2017-13055)
The Cisco HDLC parser in tcpdump before 4.9.2 has a buffer over-read in print-chdlc.c:chdlc_print().
(CVE-2017-13687)
The OLSR parser in tcpdump before 4.9.2 has a buffer over-read in print-olsr.c:olsr_print().
(CVE-2017-13688)
The IKEv1 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:ikev1_id_print().
(CVE-2017-13689)
The IKEv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions.
(CVE-2017-13690)
tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c. (CVE-2017-16808)
The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print().
(CVE-2017-5202, CVE-2017-5486)
The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print-ip6.c:ip6_print(). (CVE-2017-5204)
The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print().
(CVE-2017-5205)
The OTV parser in tcpdump before 4.9.0 has a buffer overflow in print-otv.c:otv_print(). (CVE-2017-5341)
In tcpdump before 4.9.0, a bug in multiple protocol parsers (Geneve, GRE, NSH, OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in print-ether.c:ether_print(). (CVE-2017-5342)
The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print(), a different vulnerability than CVE-2016-8575. (CVE-2017-5482)
The SNMP parser in tcpdump before 4.9.0 has a buffer overflow in print-snmp.c:asn1_parse().
(CVE-2017-5483)
The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:sig_print(). (CVE-2017-5484)
The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in addrtoname.c:lookup_nsap().
(CVE-2017-5485)
tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2). (CVE-2018-10103)
The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print().
(CVE-2018-14461)
The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().
(CVE-2018-14462)
The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 2, a different vulnerability than CVE-2019-15167. (CVE-2018-14463)
The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print- lmp.c:lmp_print_data_link_subobjs(). (CVE-2018-14464)
The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().
(CVE-2018-14465)
The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert(). (CVE-2018-14466)
The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP). (CVE-2018-14467)
The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().
(CVE-2018-14468)
The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().
(CVE-2018-14469)
The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().
(CVE-2018-14470)
The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file(). (CVE-2018-14879)
The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().
(CVE-2018-14880)
The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART). (CVE-2018-14881)
The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c. (CVE-2018-14882)
The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield. (CVE-2018-16227)
The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().
(CVE-2018-16228)
The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().
(CVE-2018-16229)
The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI). (CVE-2018-16230)
The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion. (CVE-2018-16300)
The command-line argument parser in tcpdump before 4.99.0 has a buffer overflow in tcpdump.c:read_infile(). To trigger this vulnerability the attacker needs to create a 4GB file on the local filesystem and to specify the file name as the value of the -F command-line argument of tcpdump.
(CVE-2018-16301)
The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN. (CVE-2018-16451)
The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion.
(CVE-2018-16452)
lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.
(CVE-2019-15166)
The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 3, a different vulnerability than CVE-2018-14463. (CVE-2019-15167)
The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory.
(CVE-2020-8037)
The SMB protocol decoder in tcpdump version 4.99.3 can perform an out-of-bounds write when decoding a crafted network packet. (CVE-2023-1801)
Due to a bug in packet data buffers management, the PPP printer in tcpdump can enter an infinite loop when reading a crafted DLT_PPP_SERIAL .pcap savefile. This problem does not affect any tcpdump release, but it affected the git master branch from 2023-06-05 to 2024-03-21. (CVE-2024-2397)
Note that Nessus has not tested for these issues but has instead relied on the package manager’s report that the package is installed.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory tcpdump. The text
# itself is copyright (C) Red Hat, Inc.
##
include('compat.inc');
if (description)
{
script_id(195551);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/11");
script_cve_id(
"CVE-2016-7922",
"CVE-2016-7923",
"CVE-2016-7924",
"CVE-2016-7925",
"CVE-2016-7926",
"CVE-2016-7927",
"CVE-2016-7928",
"CVE-2016-7929",
"CVE-2016-7930",
"CVE-2016-7931",
"CVE-2016-7932",
"CVE-2016-7933",
"CVE-2016-7934",
"CVE-2016-7935",
"CVE-2016-7936",
"CVE-2016-7937",
"CVE-2016-7938",
"CVE-2016-7939",
"CVE-2016-7940",
"CVE-2016-7973",
"CVE-2016-7974",
"CVE-2016-7975",
"CVE-2016-7983",
"CVE-2016-7984",
"CVE-2016-7985",
"CVE-2016-7986",
"CVE-2016-7992",
"CVE-2016-7993",
"CVE-2016-8574",
"CVE-2016-8575",
"CVE-2017-5202",
"CVE-2017-5203",
"CVE-2017-5204",
"CVE-2017-5205",
"CVE-2017-5341",
"CVE-2017-5342",
"CVE-2017-5482",
"CVE-2017-5483",
"CVE-2017-5484",
"CVE-2017-5485",
"CVE-2017-5486",
"CVE-2017-11108",
"CVE-2017-11541",
"CVE-2017-11542",
"CVE-2017-11543",
"CVE-2017-11544",
"CVE-2017-12893",
"CVE-2017-12894",
"CVE-2017-12895",
"CVE-2017-12896",
"CVE-2017-12897",
"CVE-2017-12898",
"CVE-2017-12899",
"CVE-2017-12900",
"CVE-2017-12901",
"CVE-2017-12902",
"CVE-2017-12985",
"CVE-2017-12986",
"CVE-2017-12987",
"CVE-2017-12988",
"CVE-2017-12989",
"CVE-2017-12990",
"CVE-2017-12991",
"CVE-2017-12992",
"CVE-2017-12993",
"CVE-2017-12994",
"CVE-2017-12995",
"CVE-2017-12996",
"CVE-2017-12997",
"CVE-2017-12998",
"CVE-2017-12999",
"CVE-2017-13000",
"CVE-2017-13001",
"CVE-2017-13002",
"CVE-2017-13003",
"CVE-2017-13004",
"CVE-2017-13005",
"CVE-2017-13006",
"CVE-2017-13007",
"CVE-2017-13008",
"CVE-2017-13009",
"CVE-2017-13010",
"CVE-2017-13011",
"CVE-2017-13012",
"CVE-2017-13013",
"CVE-2017-13014",
"CVE-2017-13015",
"CVE-2017-13016",
"CVE-2017-13017",
"CVE-2017-13018",
"CVE-2017-13019",
"CVE-2017-13020",
"CVE-2017-13021",
"CVE-2017-13022",
"CVE-2017-13023",
"CVE-2017-13024",
"CVE-2017-13025",
"CVE-2017-13026",
"CVE-2017-13027",
"CVE-2017-13028",
"CVE-2017-13029",
"CVE-2017-13030",
"CVE-2017-13031",
"CVE-2017-13032",
"CVE-2017-13033",
"CVE-2017-13034",
"CVE-2017-13035",
"CVE-2017-13036",
"CVE-2017-13037",
"CVE-2017-13038",
"CVE-2017-13039",
"CVE-2017-13040",
"CVE-2017-13041",
"CVE-2017-13042",
"CVE-2017-13043",
"CVE-2017-13044",
"CVE-2017-13045",
"CVE-2017-13046",
"CVE-2017-13047",
"CVE-2017-13048",
"CVE-2017-13049",
"CVE-2017-13050",
"CVE-2017-13051",
"CVE-2017-13052",
"CVE-2017-13053",
"CVE-2017-13054",
"CVE-2017-13055",
"CVE-2017-13687",
"CVE-2017-13688",
"CVE-2017-13689",
"CVE-2017-13690",
"CVE-2017-13725",
"CVE-2017-16808",
"CVE-2018-10103",
"CVE-2018-10105",
"CVE-2018-14461",
"CVE-2018-14462",
"CVE-2018-14463",
"CVE-2018-14464",
"CVE-2018-14465",
"CVE-2018-14466",
"CVE-2018-14467",
"CVE-2018-14468",
"CVE-2018-14469",
"CVE-2018-14470",
"CVE-2018-14879",
"CVE-2018-14880",
"CVE-2018-14881",
"CVE-2018-14882",
"CVE-2018-16227",
"CVE-2018-16228",
"CVE-2018-16229",
"CVE-2018-16230",
"CVE-2018-16300",
"CVE-2018-16301",
"CVE-2018-16451",
"CVE-2018-16452",
"CVE-2019-15166",
"CVE-2019-15167",
"CVE-2020-8037",
"CVE-2023-1801",
"CVE-2024-2397"
);
script_name(english:"RHEL 6 : tcpdump (Unpatched Vulnerability)");
script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat 6 host is affected by multiple vulnerabilities that will not be patched.");
script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple
vulnerabilities that have been acknowledged by the vendor but will not be patched.
- tcpdump: SMB data printing mishandled (CVE-2018-10105)
- The AH parser in tcpdump before 4.9.0 has a buffer overflow in print-ah.c:ah_print(). (CVE-2016-7922)
- The ARP parser in tcpdump before 4.9.0 has a buffer overflow in print-arp.c:arp_print(). (CVE-2016-7923)
- The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:oam_print(). (CVE-2016-7924)
- The compressed SLIP parser in tcpdump before 4.9.0 has a buffer overflow in print-sl.c:sl_if_print().
(CVE-2016-7925)
- The Ethernet parser in tcpdump before 4.9.0 has a buffer overflow in print-ether.c:ethertype_print().
(CVE-2016-7926)
- The IEEE 802.11 parser in tcpdump before 4.9.0 has a buffer overflow in
print-802_11.c:ieee802_11_radio_print(). (CVE-2016-7927)
- The IPComp parser in tcpdump before 4.9.0 has a buffer overflow in print-ipcomp.c:ipcomp_print().
(CVE-2016-7928)
- The Juniper PPPoE ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-
juniper.c:juniper_parse_header(). (CVE-2016-7929)
- The LLC/SNAP parser in tcpdump before 4.9.0 has a buffer overflow in print-llc.c:llc_print().
(CVE-2016-7930)
- The MPLS parser in tcpdump before 4.9.0 has a buffer overflow in print-mpls.c:mpls_print().
(CVE-2016-7931)
- The PIM parser in tcpdump before 4.9.0 has a buffer overflow in print-pim.c:pimv2_check_checksum().
(CVE-2016-7932)
- The PPP parser in tcpdump before 4.9.0 has a buffer overflow in print-ppp.c:ppp_hdlc_if_print().
(CVE-2016-7933)
- The RTCP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:rtcp_print(). (CVE-2016-7934)
- The RTP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:rtp_print(). (CVE-2016-7935)
- The UDP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:udp_print(). (CVE-2016-7936)
- The VAT parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:vat_print(). (CVE-2016-7937)
- The ZeroMQ parser in tcpdump before 4.9.0 has an integer overflow in print-zeromq.c:zmtp1_print_frame().
(CVE-2016-7938)
- The GRE parser in tcpdump before 4.9.0 has a buffer overflow in print-gre.c, multiple functions.
(CVE-2016-7939)
- The STP parser in tcpdump before 4.9.0 has a buffer overflow in print-stp.c, multiple functions.
(CVE-2016-7940)
- The AppleTalk parser in tcpdump before 4.9.0 has a buffer overflow in print-atalk.c, multiple functions.
(CVE-2016-7973)
- The IP parser in tcpdump before 4.9.0 has a buffer overflow in print-ip.c, multiple functions.
(CVE-2016-7974)
- The TCP parser in tcpdump before 4.9.0 has a buffer overflow in print-tcp.c:tcp_print(). (CVE-2016-7975)
- The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print().
(CVE-2016-7983, CVE-2017-5203)
- The TFTP parser in tcpdump before 4.9.0 has a buffer overflow in print-tftp.c:tftp_print().
(CVE-2016-7984)
- The CALM FAST parser in tcpdump before 4.9.0 has a buffer overflow in print-calm-fast.c:calm_fast_print().
(CVE-2016-7985)
- The GeoNetworking parser in tcpdump before 4.9.0 has a buffer overflow in print-geonet.c, multiple
functions. (CVE-2016-7986)
- The Classical IP over ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-
cip.c:cip_if_print(). (CVE-2016-7992)
- A bug in util-print.c:relts_print() in tcpdump before 4.9.0 could cause a buffer overflow in multiple
protocol parsers (DNS, DVMRP, HSRP, IGMP, lightweight resolver protocol, PIM). (CVE-2016-7993)
- The FRF.15 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:frf15_print().
(CVE-2016-8574)
- The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print(), a different
vulnerability than CVE-2017-5482. (CVE-2016-8575)
- tcpdump 4.9.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and
application crash) via crafted packet data. The crash occurs in the EXTRACT_16BITS function, called from
the stp_print function for the Spanning Tree Protocol. (CVE-2017-11108)
- tcpdump 4.9.0 has a heap-based buffer over-read in the lldp_print function in print-lldp.c, related to
util-print.c. (CVE-2017-11541)
- tcpdump 4.9.0 has a heap-based buffer over-read in the pimv1_print function in print-pim.c.
(CVE-2017-11542)
- tcpdump 4.9.0 has a buffer overflow in the sliplink_print function in print-sl.c. (CVE-2017-11543)
- Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11543. Reason: This candidate is a
duplicate of CVE-2017-11543. Notes: All CVE users should reference CVE-2017-11543 instead of this
candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
(CVE-2017-11544)
- The SMB/CIFS parser in tcpdump before 4.9.2 has a buffer over-read in smbutil.c:name_len().
(CVE-2017-12893)
- Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in
addrtoname.c:lookup_bytestring(). (CVE-2017-12894)
- The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp.c:icmp_print().
(CVE-2017-12895, CVE-2017-13012)
- The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:isakmp_rfc3948_print().
(CVE-2017-12896)
- The ISO CLNS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isoclns_print().
(CVE-2017-12897)
- The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:interp_reply().
(CVE-2017-12898)
- The DECnet parser in tcpdump before 4.9.2 has a buffer over-read in print-decnet.c:decnet_print().
(CVE-2017-12899)
- Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in util-
print.c:tok2strbuf(). (CVE-2017-12900)
- The EIGRP parser in tcpdump before 4.9.2 has a buffer over-read in print-eigrp.c:eigrp_print().
(CVE-2017-12901)
- The Zephyr parser in tcpdump before 4.9.2 has a buffer over-read in print-zephyr.c, several functions.
(CVE-2017-12902)
- The IPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-ip6.c:ip6_print().
(CVE-2017-12985)
- The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print().
(CVE-2017-12986, CVE-2017-13725)
- The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements().
(CVE-2017-12987, CVE-2017-13008)
- The telnet parser in tcpdump before 4.9.2 has a buffer over-read in print-telnet.c:telnet_parse().
(CVE-2017-12988)
- The RESP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-
resp.c:resp_get_length(). (CVE-2017-12989)
- The ISAKMP parser in tcpdump before 4.9.2 could enter an infinite loop due to bugs in print-isakmp.c,
several functions. (CVE-2017-12990)
- The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print().
(CVE-2017-12991, CVE-2017-12994, CVE-2017-13046)
- The RIPng parser in tcpdump before 4.9.2 has a buffer over-read in print-ripng.c:ripng_print().
(CVE-2017-12992)
- The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print-juniper.c, several
functions. (CVE-2017-12993)
- The DNS parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-
domain.c:ns_print(). (CVE-2017-12995)
- The PIMv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c:pimv2_print().
(CVE-2017-12996)
- The LLDP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-
lldp.c:lldp_private_8021_print(). (CVE-2017-12997)
- The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-
isoclns.c:isis_print_extd_ip_reach(). (CVE-2017-12998)
- The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print().
(CVE-2017-12999)
- The IEEE 802.15.4 parser in tcpdump before 4.9.2 has a buffer over-read in
print-802_15_4.c:ieee802_15_4_if_print(). (CVE-2017-13000)
- The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:nfs_printfh().
(CVE-2017-13001)
- The AODV parser in tcpdump before 4.9.2 has a buffer over-read in print-aodv.c:aodv_extension().
(CVE-2017-13002)
- The LMP parser in tcpdump before 4.9.2 has a buffer over-read in print-lmp.c:lmp_print(). (CVE-2017-13003)
- The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print-
juniper.c:juniper_parse_header(). (CVE-2017-13004)
- The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:xid_map_enter().
(CVE-2017-13005)
- The L2TP parser in tcpdump before 4.9.2 has a buffer over-read in print-l2tp.c, several functions.
(CVE-2017-13006)
- The Apple PKTAP parser in tcpdump before 4.9.2 has a buffer over-read in print-pktap.c:pktap_if_print().
(CVE-2017-13007)
- The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-
mobility.c:mobility_print(). (CVE-2017-13009)
- The BEEP parser in tcpdump before 4.9.2 has a buffer over-read in print-beep.c:l_strnstart().
(CVE-2017-13010)
- Several protocol parsers in tcpdump before 4.9.2 could cause a buffer overflow in util-
print.c:bittok2str_internal(). (CVE-2017-13011)
- The ARP parser in tcpdump before 4.9.2 has a buffer over-read in print-arp.c, several functions.
(CVE-2017-13013)
- The White Board protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-wb.c:wb_prep(),
several functions. (CVE-2017-13014)
- The EAP parser in tcpdump before 4.9.2 has a buffer over-read in print-eap.c:eap_print(). (CVE-2017-13015)
- The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esis_print().
(CVE-2017-13016, CVE-2017-13047)
- The DHCPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-dhcp6.c:dhcp6opt_print().
(CVE-2017-13017)
- The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print(). (CVE-2017-13018,
CVE-2017-13019, CVE-2017-13034)
- The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print(). (CVE-2017-13020,
CVE-2017-13033)
- The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_print().
(CVE-2017-13021)
- The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printroute().
(CVE-2017-13022)
- The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-
mobility.c:mobility_opt_print(). (CVE-2017-13023, CVE-2017-13024, CVE-2017-13025)
- The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c, several functions.
(CVE-2017-13026)
- The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_mgmt_addr_tlv_print().
(CVE-2017-13027)
- The BOOTP parser in tcpdump before 4.9.2 has a buffer over-read in print-bootp.c:bootp_print().
(CVE-2017-13028)
- The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:print_ccp_config_options().
(CVE-2017-13029)
- The PIM parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c, several functions.
(CVE-2017-13030)
- The IPv6 fragmentation header parser in tcpdump before 4.9.2 has a buffer over-read in print-
frag6.c:frag6_print(). (CVE-2017-13031)
- The RADIUS parser in tcpdump before 4.9.2 has a buffer over-read in print-radius.c:print_attr_string().
(CVE-2017-13032)
- The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_id().
(CVE-2017-13035)
- The OSPFv3 parser in tcpdump before 4.9.2 has a buffer over-read in print-ospf6.c:ospf6_decode_v3().
(CVE-2017-13036)
- The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printts(). (CVE-2017-13037)
- The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:handle_mlppp().
(CVE-2017-13038)
- The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions.
(CVE-2017-13039)
- The MPTCP parser in tcpdump before 4.9.2 has a buffer over-read in print-mptcp.c, several functions.
(CVE-2017-13040)
- The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_nodeinfo_print().
(CVE-2017-13041)
- The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in print-hncp.c:dhcpv6_print().
(CVE-2017-13042)
- The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_multicast_vpn().
(CVE-2017-13043)
- The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in print-hncp.c:dhcpv4_print().
(CVE-2017-13044)
- The VQP parser in tcpdump before 4.9.2 has a buffer over-read in print-vqp.c:vqp_print(). (CVE-2017-13045)
- The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvp_obj_print().
(CVE-2017-13048, CVE-2017-13051)
- The Rx protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-rx.c:ubik_print().
(CVE-2017-13049)
- The RPKI-Router parser in tcpdump before 4.9.2 has a buffer over-read in print-rpki-
rtr.c:rpki_rtr_pdu_print(). (CVE-2017-13050)
- The CFM parser in tcpdump before 4.9.2 has a buffer over-read in print-cfm.c:cfm_print(). (CVE-2017-13052)
- The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_rt_routing_info().
(CVE-2017-13053)
- The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_private_8023_print().
(CVE-2017-13054)
- The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-
isoclns.c:isis_print_is_reach_subtlv(). (CVE-2017-13055)
- The Cisco HDLC parser in tcpdump before 4.9.2 has a buffer over-read in print-chdlc.c:chdlc_print().
(CVE-2017-13687)
- The OLSR parser in tcpdump before 4.9.2 has a buffer over-read in print-olsr.c:olsr_print().
(CVE-2017-13688)
- The IKEv1 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:ikev1_id_print().
(CVE-2017-13689)
- The IKEv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions.
(CVE-2017-13690)
- tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem
in addrtoname.c. (CVE-2017-16808)
- The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print().
(CVE-2017-5202, CVE-2017-5486)
- The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print-ip6.c:ip6_print(). (CVE-2017-5204)
- The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print().
(CVE-2017-5205)
- The OTV parser in tcpdump before 4.9.0 has a buffer overflow in print-otv.c:otv_print(). (CVE-2017-5341)
- In tcpdump before 4.9.0, a bug in multiple protocol parsers (Geneve, GRE, NSH, OTV, VXLAN and VXLAN GPE)
could cause a buffer overflow in print-ether.c:ether_print(). (CVE-2017-5342)
- The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print(), a different
vulnerability than CVE-2016-8575. (CVE-2017-5482)
- The SNMP parser in tcpdump before 4.9.0 has a buffer overflow in print-snmp.c:asn1_parse().
(CVE-2017-5483)
- The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:sig_print(). (CVE-2017-5484)
- The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in addrtoname.c:lookup_nsap().
(CVE-2017-5485)
- tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2). (CVE-2018-10103)
- The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print().
(CVE-2018-14461)
- The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().
(CVE-2018-14462)
- The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP
version 2, a different vulnerability than CVE-2019-15167. (CVE-2018-14463)
- The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-
lmp.c:lmp_print_data_link_subobjs(). (CVE-2018-14464)
- The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().
(CVE-2018-14465)
- The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and
rx_cache_insert(). (CVE-2018-14466)
- The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print()
(BGP_CAPCODE_MP). (CVE-2018-14467)
- The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().
(CVE-2018-14468)
- The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().
(CVE-2018-14469)
- The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().
(CVE-2018-14470)
- The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in
tcpdump.c:get_next_file(). (CVE-2018-14879)
- The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().
(CVE-2018-14880)
- The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print()
(BGP_CAPCODE_RESTART). (CVE-2018-14881)
- The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c. (CVE-2018-14882)
- The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags
subfield. (CVE-2018-16227)
- The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().
(CVE-2018-16228)
- The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().
(CVE-2018-16229)
- The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print()
(MP_REACH_NLRI). (CVE-2018-16230)
- The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of
unlimited recursion. (CVE-2018-16300)
- The command-line argument parser in tcpdump before 4.99.0 has a buffer overflow in
tcpdump.c:read_infile(). To trigger this vulnerability the attacker needs to create a 4GB file on the
local filesystem and to specify the file name as the value of the -F command-line argument of tcpdump.
(CVE-2018-16301)
- The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for
\MAILSLOT\BROWSE and \PIPE\LANMAN. (CVE-2018-16451)
- The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion.
(CVE-2018-16452)
- lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.
(CVE-2019-15166)
- The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP
version 3, a different vulnerability than CVE-2018-14463. (CVE-2019-15167)
- The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory.
(CVE-2020-8037)
- The SMB protocol decoder in tcpdump version 4.99.3 can perform an out-of-bounds write when decoding a
crafted network packet. (CVE-2023-1801)
- Due to a bug in packet data buffers management, the PPP printer in tcpdump can enter an infinite loop when
reading a crafted DLT_PPP_SERIAL .pcap savefile. This problem does not affect any tcpdump release, but it
affected the git master branch from 2023-06-05 to 2024-03-21. (CVE-2024-2397)
Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package
is installed.");
script_set_attribute(attribute:"solution", value:
"The vendor has acknowledged the vulnerabilities but no solution has been provided. Refer to the vendor for remediation
guidance.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-10105");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vendor_unpatched", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/01/27");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/05/11");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libpcap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tcpdump");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Red Hat Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
include('rhel.inc');
if (!get_kb_item("global_settings/vendor_unpatched"))
exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '6')) audit(AUDIT_OS_NOT, 'Red Hat 6.x', 'Red Hat ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
var constraints = [
{
'pkgs': [
{'reference':'libpcap', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'libpcap', 'cves':['CVE-2024-2397']},
{'reference':'tcpdump', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'tcpdump'}
]
}
];
var flag = 0;
foreach var constraint_array ( constraints ) {
var repo_relative_urls = NULL;
var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);
foreach var pkg ( constraint_array['pkgs'] ) {
var unpatched_pkg = NULL;
var _release = NULL;
var sp = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var exists_check = NULL;
var cves = NULL;
if (!empty_or_null(pkg['unpatched_pkg'])) unpatched_pkg = pkg['unpatched_pkg'];
if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (unpatched_pkg &&
_release &&
(!exists_check || rpm_exists(release:_release, rpm:exists_check)) &&
unpatched_package_exists(release:_release, package:unpatched_pkg, cves: cves)) flag++;
}
}
if (flag)
{
var extra = NULL;
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : unpatched_packages_report()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libpcap / tcpdump');
}
Vendor | Product | Version | CPE |
---|---|---|---|
redhat | enterprise_linux | 5 | cpe:/o:redhat:enterprise_linux:5 |
redhat | enterprise_linux | 6 | cpe:/o:redhat:enterprise_linux:6 |
redhat | enterprise_linux | 7 | cpe:/o:redhat:enterprise_linux:7 |
redhat | enterprise_linux | libpcap | p-cpe:/a:redhat:enterprise_linux:libpcap |
redhat | enterprise_linux | tcpdump | p-cpe:/a:redhat:enterprise_linux:tcpdump |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7922
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7923
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7924
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7925
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7926
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7927
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7928
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7929
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7930
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7931
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7932
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7933
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7934
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7935
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7936
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7937
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7938
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7939
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7940
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7973
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7974
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7975
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7983
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7984
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7985
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7986
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7992
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7993
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8574
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8575
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11108
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11541
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11542
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11543
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11544
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12893
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12894
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12895
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12896
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12897
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12898
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12899
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12900
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12901
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12902
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12985
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12986
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12987
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12988
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12989
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12990
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12991
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12992
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12993
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12994
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12995
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12996
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12997
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12998
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12999
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13000
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13001
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13002
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13003
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13004
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13005
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13006
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13007
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13008
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13009
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13010
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13011
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13012
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13013
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13014
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13015
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13016
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13017
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13018
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13019
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13020
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13021
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13022
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13023
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13024
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13025
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13026
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13027
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13028
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13029
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13030
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13031
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13032
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13033
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13034
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13035
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13036
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13037
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13038
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13039
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13040
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13041
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13042
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13043
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13044
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13045
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13046
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13047
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13048
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13049
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13050
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13051
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13052
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13053
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13054
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13055
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13687
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13688
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13689
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13690
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13725
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16808
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5202
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5203
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5204
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5205
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5341
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5342
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5482
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5483
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5484
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5485
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5486
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10103
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10105
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14461
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14462
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14463
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14464
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14465
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14466
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14467
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14468
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14469
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14470
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14879
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14880
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14881
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14882
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16227
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16228
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16229
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16230
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16300
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16301
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16451
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16452
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15166
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15167
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8037
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1801
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2397