tcpdump vulnerabilities

2017-09-14T00:00:00

Description

## Releases * Ubuntu 12.04 ## Packages * tcpdump \- command-line network traffic analyzer USN-3415-1 fixed vulnerabilities in tcpdump for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 17.04. This update provides the corresponding tcpdump update for Ubuntu 12.04 ESM. Original advisory details: Wilfried Kirsch discovered a buffer overflow in the SLIP decoder in tcpdump. A remote attacker could use this to cause a denial of service (application crash) or possibly execute arbitrary code. (CVE-2017-11543) Bhargava Shastry discovered a buffer overflow in the bitfield converter utility function bittok2str_internal() in tcpdump. A remote attacker could use this to cause a denial of service (application crash) or possibly execute arbitrary code. (CVE-2017-13011) Otto Airamo and Antti Levomäki discovered logic errors in different protocol parsers in tcpdump that could lead to an infinite loop. A remote attacker could use these to cause a denial of service (application hang). CVE-2017-12989, CVE-2017-12990, CVE-2017-12995, CVE-2017-12997) Otto Airamo, Brian Carpenter, Yannick Formaggio, Kamil Frankowicz, Katie Holly, Kim Gwan Yeong, Antti Levomäki, Henri Salo, and Bhargava Shastry discovered out-of-bounds reads in muliptle protocol parsers in tcpdump. A remote attacker could use these to cause a denial of service (application crash). (CVE-2017-11108, CVE-2017-11541, CVE-2017-11542, CVE-2017-12893, CVE-2017-12894, CVE-2017-12895, CVE-2017-12896, CVE-2017-12897, CVE-2017-12898, CVE-2017-12899, CVE-2017-12900, CVE-2017-12901, CVE-2017-12902, CVE-2017-12985, CVE-2017-12986, CVE-2017-12987, CVE-2017-12988, CVE-2017-12991, CVE-2017-12992, CVE-2017-12993, CVE-2017-12994, CVE-2017-12996, CVE-2017-12998, CVE-2017-12999, CVE-2017-13000, CVE-2017-13001, CVE-2017-13002, CVE-2017-13003, CVE-2017-13004, CVE-2017-13005, CVE-2017-13006, CVE-2017-13007, CVE-2017-13008, CVE-2017-13009, CVE-2017-13010, CVE-2017-13012, CVE-2017-13013, CVE-2017-13014, CVE-2017-13015, CVE-2017-13016, CVE-2017-13017, CVE-2017-13018, CVE-2017-13019, CVE-2017-13020, CVE-2017-13021, CVE-2017-13022, CVE-2017-13023, CVE-2017-13024, CVE-2017-13025, CVE-2017-13026, CVE-2017-13027, CVE-2017-13028, CVE-2017-13029, CVE-2017-13030, CVE-2017-13031, CVE-2017-13032, CVE-2017-13033, CVE-2017-13034, CVE-2017-13035, CVE-2017-13036, CVE-2017-13037, CVE-2017-13038, CVE-2017-13039, CVE-2017-13040, CVE-2017-13041, CVE-2017-13042, CVE-2017-13043, CVE-2017-13044, CVE-2017-13045, CVE-2017-13046, CVE-2017-13047, CVE-2017-13048, CVE-2017-13049, CVE-2017-13050, CVE-2017-13051, CVE-2017-13052, CVE-2017-13053, CVE-2017-13054, CVE-2017-13055, CVE-2017-13687, CVE-2017-13688, CVE-2017-13689, CVE-2017-13690, CVE-2017-13725)

Affected Package

OS	OS Version	Package Name	Package Version
Ubuntu	12.04	tcpdump	4.9.2-0ubuntu0.12.04.1

{"id": "USN-3415-2", "vendorId": null, "type": "ubuntu", "bulletinFamily": "unix", "title": "tcpdump vulnerabilities", "description": "## Releases\n\n * Ubuntu 12.04 \n\n## Packages\n\n * tcpdump \\- command-line network traffic analyzer\n\nUSN-3415-1 fixed vulnerabilities in tcpdump for Ubuntu 14.04 LTS, \nUbuntu 16.04 LTS, and Ubuntu 17.04. This update provides the \ncorresponding tcpdump update for Ubuntu 12.04 ESM.\n\nOriginal advisory details:\n\nWilfried Kirsch discovered a buffer overflow in the SLIP decoder \nin tcpdump. A remote attacker could use this to cause a denial \nof service (application crash) or possibly execute arbitrary \ncode. (CVE-2017-11543)\n\nBhargava Shastry discovered a buffer overflow in the bitfield converter \nutility function bittok2str_internal() in tcpdump. A remote attacker \ncould use this to cause a denial of service (application crash) \nor possibly execute arbitrary code. (CVE-2017-13011)\n\nOtto Airamo and Antti Levom\u00e4ki discovered logic errors in different \nprotocol parsers in tcpdump that could lead to an infinite loop. A \nremote attacker could use these to cause a denial of service \n(application hang). CVE-2017-12989, CVE-2017-12990, CVE-2017-12995, \nCVE-2017-12997)\n\nOtto Airamo, Brian Carpenter, Yannick Formaggio, Kamil Frankowicz, \nKatie Holly, Kim Gwan Yeong, Antti Levom\u00e4ki, Henri Salo, and Bhargava \nShastry discovered out-of-bounds reads in muliptle protocol parsers \nin tcpdump. A remote attacker could use these to cause a denial \nof service (application crash). (CVE-2017-11108, CVE-2017-11541, \nCVE-2017-11542, CVE-2017-12893, CVE-2017-12894, CVE-2017-12895, \nCVE-2017-12896, CVE-2017-12897, CVE-2017-12898, CVE-2017-12899, \nCVE-2017-12900, CVE-2017-12901, CVE-2017-12902, CVE-2017-12985, \nCVE-2017-12986, CVE-2017-12987, CVE-2017-12988, CVE-2017-12991, \nCVE-2017-12992, CVE-2017-12993, CVE-2017-12994, CVE-2017-12996, \nCVE-2017-12998, CVE-2017-12999, CVE-2017-13000, CVE-2017-13001, \nCVE-2017-13002, CVE-2017-13003, CVE-2017-13004, CVE-2017-13005, \nCVE-2017-13006, CVE-2017-13007, CVE-2017-13008, CVE-2017-13009, \nCVE-2017-13010, CVE-2017-13012, CVE-2017-13013, CVE-2017-13014, \nCVE-2017-13015, CVE-2017-13016, CVE-2017-13017, CVE-2017-13018, \nCVE-2017-13019, CVE-2017-13020, CVE-2017-13021, CVE-2017-13022, \nCVE-2017-13023, CVE-2017-13024, CVE-2017-13025, CVE-2017-13026, \nCVE-2017-13027, CVE-2017-13028, CVE-2017-13029, CVE-2017-13030, \nCVE-2017-13031, CVE-2017-13032, CVE-2017-13033, CVE-2017-13034, \nCVE-2017-13035, CVE-2017-13036, CVE-2017-13037, CVE-2017-13038, \nCVE-2017-13039, CVE-2017-13040, CVE-2017-13041, CVE-2017-13042, \nCVE-2017-13043, CVE-2017-13044, CVE-2017-13045, CVE-2017-13046, \nCVE-2017-13047, CVE-2017-13048, CVE-2017-13049, CVE-2017-13050, \nCVE-2017-13051, CVE-2017-13052, CVE-2017-13053, CVE-2017-13054, \nCVE-2017-13055, CVE-2017-13687, CVE-2017-13688, CVE-2017-13689, \nCVE-2017-13690, CVE-2017-13725)\n", "published": "2017-09-14T00:00:00", "modified": "2017-09-14T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 7.5}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": true, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://ubuntu.com/security/notices/USN-3415-2", "reporter": "Ubuntu", "references": ["/security/CVE-2017-12999", "/security/CVE-2017-12996", "/security/CVE-2017-13030", "/security/CVE-2017-12997", "/security/CVE-2017-12987", "/security/CVE-2017-12902", "/security/CVE-2017-13021", "/security/CVE-2017-13025", "/security/CVE-2017-13034", "/security/CVE-2017-13023", "/security/CVE-2017-12988", "/security/CVE-2017-13018", "/security/CVE-2017-12986", "/security/CVE-2017-11542", "/security/CVE-2017-12893", "/security/CVE-2017-13042", "/security/CVE-2017-13687", "/security/CVE-2017-12990", "/security/CVE-2017-13047", "/security/CVE-2017-12992", "/security/CVE-2017-13052", "/security/CVE-2017-13002", "/security/CVE-2017-13026", "/security/CVE-2017-13053", "/security/CVE-2017-12894", "/security/CVE-2017-13050", "/security/CVE-2017-12897", "/security/CVE-2017-13035", "/security/CVE-2017-12993", "/security/CVE-2017-13048", "/security/CVE-2017-11108", "/security/CVE-2017-11541", "/security/CVE-2017-13015", "/security/CVE-2017-13020", "/security/CVE-2017-13031", "/security/CVE-2017-12985", "/security/CVE-2017-13009", "/security/CVE-2017-13019", "/security/CVE-2017-12995", "/security/CVE-2017-13008", "/security/CVE-2017-12901", "/security/CVE-2017-12994", "/security/CVE-2017-12991", "/security/CVE-2017-13036", "/security/CVE-2017-13690", "/security/CVE-2017-13028", "/security/CVE-2017-13033", "/security/CVE-2017-13012", "/security/CVE-2017-13045", "/security/CVE-2017-13004", "/security/CVE-2017-12900", "/security/CVE-2017-13032", "/security/CVE-2017-12998", "/security/CVE-2017-13010", "/security/CVE-2017-13024", "/security/CVE-2017-13041", "/security/CVE-2017-13014", "/security/CVE-2017-12989", "/security/CVE-2017-13044", "/security/CVE-2017-13007", "/security/CVE-2017-13016", "/security/CVE-2017-13725", "/security/CVE-2017-13038", "/security/CVE-2017-13011", "/security/CVE-2017-12896", "/security/CVE-2017-13046", "/security/CVE-2017-13027", "/security/CVE-2017-13051", "/security/CVE-2017-13006", "/security/CVE-2017-12899", "/security/CVE-2017-13054", "/security/CVE-2017-12898", "/security/CVE-2017-12895", "/security/CVE-2017-13049", "/security/CVE-2017-13013", "/security/CVE-2017-13022", "/security/CVE-2017-13001", "/security/CVE-2017-13017", "/security/CVE-2017-13055", "/security/CVE-2017-13689", "/security/CVE-2017-13688", "/security/CVE-2017-13029", "/security/CVE-2017-13039", "/security/CVE-2017-13003", "/security/CVE-2017-13005", "/security/CVE-2017-13043", "/security/CVE-2017-11543", "/security/CVE-2017-13037", "/security/CVE-2017-13040", "/security/CVE-2017-13000"], "cvelist": ["CVE-2017-11108", "CVE-2017-11541", "CVE-2017-11542", "CVE-2017-11543", "CVE-2017-12893", "CVE-2017-12894", "CVE-2017-12895", "CVE-2017-12896", "CVE-2017-12897", "CVE-2017-12898", "CVE-2017-12899", "CVE-2017-12900", "CVE-2017-12901", "CVE-2017-12902", "CVE-2017-12985", "CVE-2017-12986", "CVE-2017-12987", "CVE-2017-12988", "CVE-2017-12989", "CVE-2017-12990", "CVE-2017-12991", "CVE-2017-12992", "CVE-2017-12993", "CVE-2017-12994", "CVE-2017-12995", "CVE-2017-12996", "CVE-2017-12997", "CVE-2017-12998", "CVE-2017-12999", "CVE-2017-13000", "CVE-2017-13001", "CVE-2017-13002", "CVE-2017-13003", "CVE-2017-13004", "CVE-2017-13005", "CVE-2017-13006", "CVE-2017-13007", "CVE-2017-13008", "CVE-2017-13009", "CVE-2017-13010", "CVE-2017-13011", "CVE-2017-13012", "CVE-2017-13013", "CVE-2017-13014", "CVE-2017-13015", "CVE-2017-13016", "CVE-2017-13017", "CVE-2017-13018", "CVE-2017-13019", "CVE-2017-13020", "CVE-2017-13021", "CVE-2017-13022", "CVE-2017-13023", "CVE-2017-13024", "CVE-2017-13025", "CVE-2017-13026", "CVE-2017-13027", "CVE-2017-13028", "CVE-2017-13029", "CVE-2017-13030", "CVE-2017-13031", "CVE-2017-13032", "CVE-2017-13033", "CVE-2017-13034", "CVE-2017-13035", "CVE-2017-13036", "CVE-2017-13037", "CVE-2017-13038", "CVE-2017-13039", "CVE-2017-13040", "CVE-2017-13041", "CVE-2017-13042", "CVE-2017-13043", "CVE-2017-13044", "CVE-2017-13045", "CVE-2017-13046", "CVE-2017-13047", "CVE-2017-13048", "CVE-2017-13049", "CVE-2017-13050", "CVE-2017-13051", "CVE-2017-13052", "CVE-2017-13053", "CVE-2017-13054", "CVE-2017-13055", "CVE-2017-13687", "CVE-2017-13688", "CVE-2017-13689", "CVE-2017-13690", "CVE-2017-13725"], "immutableFields": [], "lastseen": "2023-01-26T13:13:55", "viewCount": 40, "enchantments": {"dependencies": {"references": [{"type": "aix", "idList": ["TCPDUMP_ADVISORY3.ASC"]}, {"type": "apple", "idList": ["APPLE:0627AF17A33B956DE48ACE757A30BFB9", "APPLE:HT208221"]}, {"type": "archlinux", "idList": ["ASA-201709-5"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:CDEF392A40CEDCB7569EAF5293B5C0AA"]}, {"type": "cve", "idList": ["CVE-2017-11108", "CVE-2017-11541", "CVE-2017-11542", "CVE-2017-11543", "CVE-2017-11544", "CVE-2017-11545", "CVE-2017-12893", "CVE-2017-12894", "CVE-2017-12895", "CVE-2017-12896", "CVE-2017-12897", "CVE-2017-12898", "CVE-2017-12899", "CVE-2017-12900", "CVE-2017-12901", "CVE-2017-12902", "CVE-2017-12985", "CVE-2017-12986", "CVE-2017-12987", "CVE-2017-12988", "CVE-2017-12989", "CVE-2017-12990", "CVE-2017-12991", "CVE-2017-12992", "CVE-2017-12993", "CVE-2017-12994", "CVE-2017-12995", "CVE-2017-12996", "CVE-2017-12997", "CVE-2017-12998", "CVE-2017-12999", "CVE-2017-13000", "CVE-2017-13001", "CVE-2017-13002", "CVE-2017-13003", "CVE-2017-13004", "CVE-2017-13005", "CVE-2017-13006", "CVE-2017-13007", "CVE-2017-13008", "CVE-2017-13009", "CVE-2017-13010", "CVE-2017-13011", "CVE-2017-13012", "CVE-2017-13013", "CVE-2017-13014", "CVE-2017-13015", "CVE-2017-13016", "CVE-2017-13017", "CVE-2017-13018", "CVE-2017-13019", "CVE-2017-13020", "CVE-2017-13021", "CVE-2017-13022", "CVE-2017-13023", "CVE-2017-13024", "CVE-2017-13025", "CVE-2017-13026", "CVE-2017-13027", "CVE-2017-13028", "CVE-2017-13029", "CVE-2017-13030", "CVE-2017-13031", "CVE-2017-13032", "CVE-2017-13033", "CVE-2017-13034", "CVE-2017-13035", "CVE-2017-13036", "CVE-2017-13037", "CVE-2017-13038", "CVE-2017-13039", "CVE-2017-13040", "CVE-2017-13041", "CVE-2017-13042", "CVE-2017-13043", "CVE-2017-13044", "CVE-2017-13045", "CVE-2017-13046", "CVE-2017-13047", "CVE-2017-13048", "CVE-2017-13049", "CVE-2017-13050", "CVE-2017-13051", "CVE-2017-13052", "CVE-2017-13053", "CVE-2017-13054", "CVE-2017-13055", "CVE-2017-13687", "CVE-2017-13688", "CVE-2017-13689", "CVE-2017-13690", "CVE-2017-13725"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1090-1:65863", "DEBIAN:DLA-1097-1:0BD7E", "DEBIAN:DSA-3971-1:55E2D", "DEBIAN:DSA-3971-1:CDAA8"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-11108", "DEBIANCVE:CVE-2017-11541", "DEBIANCVE:CVE-2017-11542", "DEBIANCVE:CVE-2017-11543", "DEBIANCVE:CVE-2017-12893", "DEBIANCVE:CVE-2017-12894", "DEBIANCVE:CVE-2017-12895", "DEBIANCVE:CVE-2017-12896", "DEBIANCVE:CVE-2017-12897", "DEBIANCVE:CVE-2017-12898", "DEBIANCVE:CVE-2017-12899", "DEBIANCVE:CVE-2017-12900", "DEBIANCVE:CVE-2017-12901", "DEBIANCVE:CVE-2017-12902", "DEBIANCVE:CVE-2017-12985", "DEBIANCVE:CVE-2017-12986", "DEBIANCVE:CVE-2017-12987", "DEBIANCVE:CVE-2017-12988", "DEBIANCVE:CVE-2017-12989", "DEBIANCVE:CVE-2017-12990", "DEBIANCVE:CVE-2017-12991", "DEBIANCVE:CVE-2017-12992", "DEBIANCVE:CVE-2017-12993", "DEBIANCVE:CVE-2017-12994", "DEBIANCVE:CVE-2017-12995", "DEBIANCVE:CVE-2017-12996", "DEBIANCVE:CVE-2017-12997", "DEBIANCVE:CVE-2017-12998", "DEBIANCVE:CVE-2017-12999", "DEBIANCVE:CVE-2017-13000", "DEBIANCVE:CVE-2017-13001", "DEBIANCVE:CVE-2017-13002", "DEBIANCVE:CVE-2017-13003", "DEBIANCVE:CVE-2017-13004", "DEBIANCVE:CVE-2017-13005", "DEBIANCVE:CVE-2017-13006", "DEBIANCVE:CVE-2017-13007", "DEBIANCVE:CVE-2017-13008", "DEBIANCVE:CVE-2017-13009", "DEBIANCVE:CVE-2017-13010", "DEBIANCVE:CVE-2017-13011", "DEBIANCVE:CVE-2017-13012", "DEBIANCVE:CVE-2017-13013", "DEBIANCVE:CVE-2017-13014", "DEBIANCVE:CVE-2017-13015", "DEBIANCVE:CVE-2017-13016", "DEBIANCVE:CVE-2017-13017", "DEBIANCVE:CVE-2017-13018", "DEBIANCVE:CVE-2017-13019", "DEBIANCVE:CVE-2017-13020", "DEBIANCVE:CVE-2017-13021", "DEBIANCVE:CVE-2017-13022", "DEBIANCVE:CVE-2017-13023", "DEBIANCVE:CVE-2017-13024", "DEBIANCVE:CVE-2017-13025", "DEBIANCVE:CVE-2017-13026", "DEBIANCVE:CVE-2017-13027", "DEBIANCVE:CVE-2017-13028", "DEBIANCVE:CVE-2017-13029", "DEBIANCVE:CVE-2017-13030", "DEBIANCVE:CVE-2017-13031", "DEBIANCVE:CVE-2017-13032", "DEBIANCVE:CVE-2017-13033", "DEBIANCVE:CVE-2017-13034", "DEBIANCVE:CVE-2017-13035", "DEBIANCVE:CVE-2017-13036", "DEBIANCVE:CVE-2017-13037", "DEBIANCVE:CVE-2017-13038", "DEBIANCVE:CVE-2017-13039", "DEBIANCVE:CVE-2017-13040", "DEBIANCVE:CVE-2017-13041", "DEBIANCVE:CVE-2017-13042", "DEBIANCVE:CVE-2017-13043", "DEBIANCVE:CVE-2017-13044", "DEBIANCVE:CVE-2017-13045", "DEBIANCVE:CVE-2017-13046", "DEBIANCVE:CVE-2017-13047", "DEBIANCVE:CVE-2017-13048", "DEBIANCVE:CVE-2017-13049", "DEBIANCVE:CVE-2017-13050", "DEBIANCVE:CVE-2017-13051", "DEBIANCVE:CVE-2017-13052", "DEBIANCVE:CVE-2017-13053", "DEBIANCVE:CVE-2017-13054", "DEBIANCVE:CVE-2017-13055", "DEBIANCVE:CVE-2017-13687", "DEBIANCVE:CVE-2017-13688", "DEBIANCVE:CVE-2017-13689", "DEBIANCVE:CVE-2017-13690", "DEBIANCVE:CVE-2017-13725"]}, {"type": "f5", "idList": ["F5:K13237658"]}, {"type": "freebsd", "idList": ["EB03D642-6724-472D-B038-F2BF074E1FC8"]}, {"type": "gentoo", "idList": ["GLSA-201709-23"]}, {"type": "hackerone", "idList": ["H1:268803", "H1:268804", "H1:268805", "H1:268806", "H1:268807", "H1:268808", "H1:802846", "H1:802863", "H1:802896", "H1:964582", "H1:964583"]}, {"type": "mageia", "idList": ["MGASA-2017-0241", "MGASA-2017-0335"]}, {"type": "nessus", "idList": ["700512.PRM", "AIX_IV94723.NASL", "AIX_IV94724.NASL", "AIX_IV94726.NASL", "AIX_IV94727.NASL", "AIX_IV94728.NASL", "AIX_IV94729.NASL", "DEBIAN_DLA-1090.NASL", "DEBIAN_DLA-1097.NASL", "DEBIAN_DSA-3971.NASL", "EULEROS_SA-2017-1280.NASL", "EULEROS_SA-2017-1281.NASL", "EULEROS_SA-2019-2435.NASL", "EULEROS_SA-2019-2674.NASL", "FREEBSD_PKG_EB03D6426724472DB038F2BF074E1FC8.NASL", "GENTOO_GLSA-201709-23.NASL", "MACOSX_SECUPD2017-004.NASL", "MACOS_10_13_1.NASL", "NEWSTART_CGSL_NS-SA-2019-0071_TCPDUMP.NASL", "OPENSUSE-2017-1205.NASL", "PHOTONOS_PHSA-2017-0033.NASL", "PHOTONOS_PHSA-2017-0033_TCPDUMP.NASL", "PHOTONOS_PHSA-2017-0034.NASL", "PHOTONOS_PHSA-2017-0034_RUBY.NASL", "PHOTONOS_PHSA-2017-0034_TCPDUMP.NASL", "SLACKWARE_SSA_2017-205-01.NASL", "SLACKWARE_SSA_2017-251-03.NASL", "SUSE_SU-2017-2690-1.NASL", "SUSE_SU-2017-2854-1.NASL", "SUSE_SU-2019-14191-1.NASL", "UBUNTU_USN-3415-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310703971", "OPENVAS:1361412562310811961", "OPENVAS:1361412562310843302", "OPENVAS:1361412562310891090", "OPENVAS:1361412562310891097", "OPENVAS:1361412562311220171280", "OPENVAS:1361412562311220171281", "OPENVAS:1361412562311220192435", "OPENVAS:1361412562311220192674"]}, {"type": "osv", "idList": ["OSV:DLA-1090-1", "OSV:DLA-1097-1", "OSV:DSA-3971-1"]}, {"type": "photon", "idList": ["PHSA-2017-0033", "PHSA-2017-0034", "PHSA-2017-0067", "PHSA-2017-0070"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-11108", "RH:CVE-2017-11541", "RH:CVE-2017-11542", "RH:CVE-2017-11543", "RH:CVE-2017-12893", "RH:CVE-2017-12894", "RH:CVE-2017-12895", "RH:CVE-2017-12896", "RH:CVE-2017-12897", "RH:CVE-2017-12898", "RH:CVE-2017-12899", "RH:CVE-2017-12900", "RH:CVE-2017-12901", "RH:CVE-2017-12902", "RH:CVE-2017-12985", "RH:CVE-2017-12986", "RH:CVE-2017-12987", "RH:CVE-2017-12988", "RH:CVE-2017-12989", "RH:CVE-2017-12990", "RH:CVE-2017-12991", "RH:CVE-2017-12992", "RH:CVE-2017-12993", "RH:CVE-2017-12994", "RH:CVE-2017-12995", "RH:CVE-2017-12996", "RH:CVE-2017-12997", "RH:CVE-2017-12998", "RH:CVE-2017-12999", "RH:CVE-2017-13000", "RH:CVE-2017-13001", "RH:CVE-2017-13002", "RH:CVE-2017-13003", "RH:CVE-2017-13004", "RH:CVE-2017-13005", "RH:CVE-2017-13006", "RH:CVE-2017-13007", "RH:CVE-2017-13008", "RH:CVE-2017-13009", "RH:CVE-2017-13010", "RH:CVE-2017-13011", "RH:CVE-2017-13012", "RH:CVE-2017-13013", "RH:CVE-2017-13014", "RH:CVE-2017-13015", "RH:CVE-2017-13016", "RH:CVE-2017-13017", "RH:CVE-2017-13018", "RH:CVE-2017-13019", "RH:CVE-2017-13020", "RH:CVE-2017-13021", "RH:CVE-2017-13022", "RH:CVE-2017-13023", "RH:CVE-2017-13024", "RH:CVE-2017-13025", "RH:CVE-2017-13026", "RH:CVE-2017-13027", "RH:CVE-2017-13028", "RH:CVE-2017-13029", "RH:CVE-2017-13030", "RH:CVE-2017-13031", "RH:CVE-2017-13032", "RH:CVE-2017-13033", "RH:CVE-2017-13034", "RH:CVE-2017-13035", "RH:CVE-2017-13036", "RH:CVE-2017-13037", "RH:CVE-2017-13038", "RH:CVE-2017-13039", "RH:CVE-2017-13040", "RH:CVE-2017-13041", "RH:CVE-2017-13042", "RH:CVE-2017-13043", "RH:CVE-2017-13044", "RH:CVE-2017-13045", "RH:CVE-2017-13046", "RH:CVE-2017-13047", "RH:CVE-2017-13048", "RH:CVE-2017-13049", "RH:CVE-2017-13050", "RH:CVE-2017-13051", "RH:CVE-2017-13052", "RH:CVE-2017-13053", "RH:CVE-2017-13054", "RH:CVE-2017-13055", "RH:CVE-2017-13687", "RH:CVE-2017-13688", "RH:CVE-2017-13689", "RH:CVE-2017-13690", "RH:CVE-2017-13725"]}, {"type": "slackware", "idList": ["SSA-2017-205-01", "SSA-2017-251-03"]}, {"type": "ubuntu", "idList": ["USN-3415-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-11108", "UB:CVE-2017-11541", "UB:CVE-2017-11542", "UB:CVE-2017-11543", "UB:CVE-2017-12893", "UB:CVE-2017-12894", "UB:CVE-2017-12895", "UB:CVE-2017-12896", "UB:CVE-2017-12897", "UB:CVE-2017-12898", "UB:CVE-2017-12899", "UB:CVE-2017-12900", "UB:CVE-2017-12901", "UB:CVE-2017-12902", "UB:CVE-2017-12985", "UB:CVE-2017-12986", "UB:CVE-2017-12987", "UB:CVE-2017-12988", "UB:CVE-2017-12989", "UB:CVE-2017-12990", "UB:CVE-2017-12991", "UB:CVE-2017-12992", "UB:CVE-2017-12993", "UB:CVE-2017-12994", "UB:CVE-2017-12995", "UB:CVE-2017-12996", "UB:CVE-2017-12997", "UB:CVE-2017-12998", "UB:CVE-2017-12999", "UB:CVE-2017-13000", "UB:CVE-2017-13001", "UB:CVE-2017-13002", "UB:CVE-2017-13003", "UB:CVE-2017-13004", "UB:CVE-2017-13005", "UB:CVE-2017-13006", "UB:CVE-2017-13007", "UB:CVE-2017-13008", "UB:CVE-2017-13009", "UB:CVE-2017-13010", "UB:CVE-2017-13011", "UB:CVE-2017-13012", "UB:CVE-2017-13013", "UB:CVE-2017-13014", "UB:CVE-2017-13015", "UB:CVE-2017-13016", "UB:CVE-2017-13017", "UB:CVE-2017-13018", "UB:CVE-2017-13019", "UB:CVE-2017-13020", "UB:CVE-2017-13021", "UB:CVE-2017-13022", "UB:CVE-2017-13023", "UB:CVE-2017-13024", "UB:CVE-2017-13025", "UB:CVE-2017-13026", "UB:CVE-2017-13027", "UB:CVE-2017-13028", "UB:CVE-2017-13029", "UB:CVE-2017-13030", "UB:CVE-2017-13031", "UB:CVE-2017-13032", "UB:CVE-2017-13033", "UB:CVE-2017-13034", "UB:CVE-2017-13035", "UB:CVE-2017-13036", "UB:CVE-2017-13037", "UB:CVE-2017-13038", "UB:CVE-2017-13039", "UB:CVE-2017-13040", "UB:CVE-2017-13041", "UB:CVE-2017-13042", "UB:CVE-2017-13043", "UB:CVE-2017-13044", "UB:CVE-2017-13045", "UB:CVE-2017-13046", "UB:CVE-2017-13047", "UB:CVE-2017-13048", "UB:CVE-2017-13049", "UB:CVE-2017-13050", "UB:CVE-2017-13051", "UB:CVE-2017-13052", "UB:CVE-2017-13053", "UB:CVE-2017-13054", "UB:CVE-2017-13055", "UB:CVE-2017-13687", "UB:CVE-2017-13688", "UB:CVE-2017-13689", "UB:CVE-2017-13690", "UB:CVE-2017-13725"]}, {"type": "veracode", "idList": ["VERACODE:25323"]}]}, "score": {"value": 3.8, "vector": "NONE"}, "backreferences": {"references": [{"type": "aix", "idList": ["TCPDUMP_ADVISORY3.ASC"]}, {"type": "apple", "idList": ["APPLE:0627AF17A33B956DE48ACE757A30BFB9"]}, {"type": "archlinux", "idList": ["ASA-201709-5"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:CDEF392A40CEDCB7569EAF5293B5C0AA"]}, {"type": "cve", "idList": ["CVE-2017-11108", "CVE-2017-12893", "CVE-2017-12894", "CVE-2017-12895", "CVE-2017-12896", "CVE-2017-12897", "CVE-2017-12898", "CVE-2017-12899", "CVE-2017-12900", "CVE-2017-12901", "CVE-2017-12902", "CVE-2017-12985", "CVE-2017-12986", "CVE-2017-12987", "CVE-2017-12988", "CVE-2017-12989", "CVE-2017-12990", "CVE-2017-12991", "CVE-2017-12992", "CVE-2017-12993", "CVE-2017-12994", "CVE-2017-12995", "CVE-2017-12996", "CVE-2017-12997", "CVE-2017-12998", "CVE-2017-12999", "CVE-2017-13000", "CVE-2017-13001", "CVE-2017-13002", "CVE-2017-13003", "CVE-2017-13004", "CVE-2017-13005", "CVE-2017-13006", "CVE-2017-13007", "CVE-2017-13008", "CVE-2017-13009", "CVE-2017-13010", "CVE-2017-13011", "CVE-2017-13012", "CVE-2017-13013", "CVE-2017-13014", "CVE-2017-13015", "CVE-2017-13016", "CVE-2017-13017", "CVE-2017-13018", "CVE-2017-13019", "CVE-2017-13020", "CVE-2017-13021", "CVE-2017-13022", "CVE-2017-13023", "CVE-2017-13024", "CVE-2017-13025", "CVE-2017-13026", "CVE-2017-13027", "CVE-2017-13028", "CVE-2017-13029", "CVE-2017-13030", "CVE-2017-13031", "CVE-2017-13032", "CVE-2017-13033", "CVE-2017-13034", "CVE-2017-13035", "CVE-2017-13036", "CVE-2017-13037", "CVE-2017-13038", "CVE-2017-13039", "CVE-2017-13040", "CVE-2017-13041", "CVE-2017-13042", "CVE-2017-13043", "CVE-2017-13044", "CVE-2017-13045", "CVE-2017-13046", "CVE-2017-13047", "CVE-2017-13048", "CVE-2017-13049", "CVE-2017-13050", "CVE-2017-13051", "CVE-2017-13052", "CVE-2017-13053", "CVE-2017-13054", "CVE-2017-13055", "CVE-2017-13687", "CVE-2017-13688", "CVE-2017-13689", "CVE-2017-13690", "CVE-2017-13725"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1090-1:65863", "DEBIAN:DLA-1097-1:0BD7E", "DEBIAN:DSA-3971-1:55E2D"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-11108", "DEBIANCVE:CVE-2017-11541", "DEBIANCVE:CVE-2017-11542", "DEBIANCVE:CVE-2017-11543", "DEBIANCVE:CVE-2017-12893", "DEBIANCVE:CVE-2017-12894", "DEBIANCVE:CVE-2017-12895", "DEBIANCVE:CVE-2017-12896", "DEBIANCVE:CVE-2017-12897", "DEBIANCVE:CVE-2017-12898", "DEBIANCVE:CVE-2017-12899", "DEBIANCVE:CVE-2017-12900", "DEBIANCVE:CVE-2017-12901", "DEBIANCVE:CVE-2017-12902", "DEBIANCVE:CVE-2017-12985", "DEBIANCVE:CVE-2017-12986", "DEBIANCVE:CVE-2017-12987", "DEBIANCVE:CVE-2017-12988", "DEBIANCVE:CVE-2017-12989", "DEBIANCVE:CVE-2017-12990", "DEBIANCVE:CVE-2017-12991", "DEBIANCVE:CVE-2017-12992", "DEBIANCVE:CVE-2017-12993", "DEBIANCVE:CVE-2017-12994", "DEBIANCVE:CVE-2017-12995", "DEBIANCVE:CVE-2017-12996", "DEBIANCVE:CVE-2017-12997", "DEBIANCVE:CVE-2017-12998", "DEBIANCVE:CVE-2017-12999", "DEBIANCVE:CVE-2017-13000", "DEBIANCVE:CVE-2017-13001", "DEBIANCVE:CVE-2017-13002", "DEBIANCVE:CVE-2017-13003", "DEBIANCVE:CVE-2017-13004", "DEBIANCVE:CVE-2017-13005", "DEBIANCVE:CVE-2017-13006", "DEBIANCVE:CVE-2017-13007", "DEBIANCVE:CVE-2017-13008", "DEBIANCVE:CVE-2017-13009", "DEBIANCVE:CVE-2017-13010", "DEBIANCVE:CVE-2017-13011", "DEBIANCVE:CVE-2017-13012", "DEBIANCVE:CVE-2017-13013", "DEBIANCVE:CVE-2017-13014", "DEBIANCVE:CVE-2017-13015", "DEBIANCVE:CVE-2017-13016", "DEBIANCVE:CVE-2017-13017", "DEBIANCVE:CVE-2017-13018", "DEBIANCVE:CVE-2017-13019", "DEBIANCVE:CVE-2017-13020", "DEBIANCVE:CVE-2017-13021", "DEBIANCVE:CVE-2017-13022", "DEBIANCVE:CVE-2017-13023", "DEBIANCVE:CVE-2017-13024", "DEBIANCVE:CVE-2017-13025", "DEBIANCVE:CVE-2017-13026", "DEBIANCVE:CVE-2017-13027", "DEBIANCVE:CVE-2017-13028", "DEBIANCVE:CVE-2017-13029", "DEBIANCVE:CVE-2017-13030", "DEBIANCVE:CVE-2017-13031", "DEBIANCVE:CVE-2017-13032", "DEBIANCVE:CVE-2017-13033", "DEBIANCVE:CVE-2017-13034", "DEBIANCVE:CVE-2017-13035", "DEBIANCVE:CVE-2017-13036", "DEBIANCVE:CVE-2017-13037", "DEBIANCVE:CVE-2017-13038", "DEBIANCVE:CVE-2017-13039", "DEBIANCVE:CVE-2017-13040", "DEBIANCVE:CVE-2017-13041", "DEBIANCVE:CVE-2017-13042", "DEBIANCVE:CVE-2017-13043", "DEBIANCVE:CVE-2017-13044", "DEBIANCVE:CVE-2017-13045", "DEBIANCVE:CVE-2017-13046", "DEBIANCVE:CVE-2017-13047", "DEBIANCVE:CVE-2017-13048", "DEBIANCVE:CVE-2017-13049", "DEBIANCVE:CVE-2017-13050", "DEBIANCVE:CVE-2017-13051", "DEBIANCVE:CVE-2017-13052", "DEBIANCVE:CVE-2017-13053", "DEBIANCVE:CVE-2017-13054", "DEBIANCVE:CVE-2017-13055", "DEBIANCVE:CVE-2017-13687", "DEBIANCVE:CVE-2017-13688", "DEBIANCVE:CVE-2017-13689", "DEBIANCVE:CVE-2017-13690", "DEBIANCVE:CVE-2017-13725"]}, {"type": "f5", "idList": ["F5:K13237658"]}, {"type": "freebsd", "idList": ["EB03D642-6724-472D-B038-F2BF074E1FC8"]}, {"type": "gentoo", "idList": ["GLSA-201709-23"]}, {"type": "hackerone", "idList": ["H1:268803", "H1:268804", "H1:268805", "H1:268806", "H1:268807", "H1:268808"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/APPLE-OSX-TCPDUMP-CVE-2017-11541/", "MSF:ILITIES/FREEBSD-CVE-2017-11543/", "MSF:ILITIES/FREEBSD-CVE-2017-12893/", "MSF:ILITIES/FREEBSD-CVE-2017-12896/", "MSF:ILITIES/FREEBSD-CVE-2017-12991/", "MSF:ILITIES/FREEBSD-CVE-2017-12994/", "MSF:ILITIES/FREEBSD-CVE-2017-13015/", "MSF:ILITIES/FREEBSD-CVE-2017-13016/", "MSF:ILITIES/FREEBSD-CVE-2017-13017/", "MSF:ILITIES/FREEBSD-CVE-2017-13019/", "MSF:ILITIES/FREEBSD-CVE-2017-13029/", "MSF:ILITIES/FREEBSD-CVE-2017-13034/", "MSF:ILITIES/FREEBSD-CVE-2017-13038/", "MSF:ILITIES/FREEBSD-CVE-2017-13039/", "MSF:ILITIES/FREEBSD-CVE-2017-13047/", "MSF:ILITIES/FREEBSD-CVE-2017-13055/", "MSF:ILITIES/GENTOO-LINUX-CVE-2017-11543/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP2-CVE-2017-11541/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP3-CVE-2017-11541/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP3-CVE-2017-11543/", "MSF:ILITIES/ORACLE-SOLARIS-CVE-2017-11543/"]}, {"type": "nessus", "idList": ["AIX_IV94723.NASL", "AIX_IV94724.NASL", "AIX_IV94726.NASL", "AIX_IV94727.NASL", "AIX_IV94728.NASL", "AIX_IV94729.NASL", "DEBIAN_DLA-1090.NASL", "DEBIAN_DLA-1097.NASL", "DEBIAN_DSA-3971.NASL", "SLACKWARE_SSA_2017-251-03.NASL", "UBUNTU_USN-3415-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310703971", "OPENVAS:1361412562310811961", "OPENVAS:1361412562310843302"]}, {"type": "photon", "idList": ["PHSA-2017-0033", "PHSA-2017-0034"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-11108", "RH:CVE-2017-11541", "RH:CVE-2017-11542", "RH:CVE-2017-11543", "RH:CVE-2017-12893", "RH:CVE-2017-12894", "RH:CVE-2017-12895", "RH:CVE-2017-12896", "RH:CVE-2017-12897", "RH:CVE-2017-12898", "RH:CVE-2017-12899", "RH:CVE-2017-12900", "RH:CVE-2017-12901", "RH:CVE-2017-12902", "RH:CVE-2017-12985", "RH:CVE-2017-12986", "RH:CVE-2017-12987", "RH:CVE-2017-12988", "RH:CVE-2017-12989", "RH:CVE-2017-12990", "RH:CVE-2017-12991", "RH:CVE-2017-12992", "RH:CVE-2017-12993", "RH:CVE-2017-12994", "RH:CVE-2017-12995", "RH:CVE-2017-12996", "RH:CVE-2017-12997", "RH:CVE-2017-12998", "RH:CVE-2017-12999", "RH:CVE-2017-13000", "RH:CVE-2017-13001", "RH:CVE-2017-13002", "RH:CVE-2017-13003", "RH:CVE-2017-13004", "RH:CVE-2017-13005", "RH:CVE-2017-13006", "RH:CVE-2017-13007", "RH:CVE-2017-13008", "RH:CVE-2017-13009", "RH:CVE-2017-13010", "RH:CVE-2017-13011", "RH:CVE-2017-13012", "RH:CVE-2017-13013", "RH:CVE-2017-13014", "RH:CVE-2017-13015", "RH:CVE-2017-13016", "RH:CVE-2017-13017", "RH:CVE-2017-13018", "RH:CVE-2017-13019", "RH:CVE-2017-13020", "RH:CVE-2017-13021", "RH:CVE-2017-13022", "RH:CVE-2017-13023", "RH:CVE-2017-13024", "RH:CVE-2017-13025", "RH:CVE-2017-13026", "RH:CVE-2017-13027", "RH:CVE-2017-13028", "RH:CVE-2017-13029", "RH:CVE-2017-13030", "RH:CVE-2017-13031", "RH:CVE-2017-13032", "RH:CVE-2017-13033", "RH:CVE-2017-13034", "RH:CVE-2017-13035", "RH:CVE-2017-13036", "RH:CVE-2017-13037", "RH:CVE-2017-13038", "RH:CVE-2017-13039", "RH:CVE-2017-13040", "RH:CVE-2017-13041", "RH:CVE-2017-13042", "RH:CVE-2017-13043", "RH:CVE-2017-13044", "RH:CVE-2017-13045", "RH:CVE-2017-13046", "RH:CVE-2017-13047", "RH:CVE-2017-13048", "RH:CVE-2017-13049", "RH:CVE-2017-13050", "RH:CVE-2017-13051", "RH:CVE-2017-13052", "RH:CVE-2017-13053", "RH:CVE-2017-13054", "RH:CVE-2017-13055", "RH:CVE-2017-13687", "RH:CVE-2017-13688", "RH:CVE-2017-13689", "RH:CVE-2017-13690", "RH:CVE-2017-13725"]}, {"type": "slackware", "idList": ["SSA-2017-205-01", "SSA-2017-251-03"]}, {"type": "ubuntu", "idList": ["USN-3415-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-11108", "UB:CVE-2017-11541", "UB:CVE-2017-11542", "UB:CVE-2017-11543", "UB:CVE-2017-12893", "UB:CVE-2017-12894", "UB:CVE-2017-12895", "UB:CVE-2017-12896", "UB:CVE-2017-12897", "UB:CVE-2017-12898", "UB:CVE-2017-12899", "UB:CVE-2017-12900", "UB:CVE-2017-12901", "UB:CVE-2017-12902", "UB:CVE-2017-12985", "UB:CVE-2017-12986", "UB:CVE-2017-12987", "UB:CVE-2017-12988", "UB:CVE-2017-12989", "UB:CVE-2017-12990", "UB:CVE-2017-12991", "UB:CVE-2017-12992", "UB:CVE-2017-12993", "UB:CVE-2017-12994", "UB:CVE-2017-12995", "UB:CVE-2017-12996", "UB:CVE-2017-12997", "UB:CVE-2017-12998", "UB:CVE-2017-12999", "UB:CVE-2017-13000", "UB:CVE-2017-13001", "UB:CVE-2017-13002", "UB:CVE-2017-13003", "UB:CVE-2017-13004", "UB:CVE-2017-13005", "UB:CVE-2017-13006", "UB:CVE-2017-13007", "UB:CVE-2017-13008", "UB:CVE-2017-13009", "UB:CVE-2017-13010", "UB:CVE-2017-13011", "UB:CVE-2017-13012", "UB:CVE-2017-13013", "UB:CVE-2017-13014", "UB:CVE-2017-13015", "UB:CVE-2017-13016", "UB:CVE-2017-13017", "UB:CVE-2017-13018", "UB:CVE-2017-13019", "UB:CVE-2017-13020", "UB:CVE-2017-13021", "UB:CVE-2017-13022", "UB:CVE-2017-13023", "UB:CVE-2017-13024", "UB:CVE-2017-13025", "UB:CVE-2017-13026", "UB:CVE-2017-13027", "UB:CVE-2017-13028", "UB:CVE-2017-13029", "UB:CVE-2017-13030", "UB:CVE-2017-13031", "UB:CVE-2017-13032", "UB:CVE-2017-13033", "UB:CVE-2017-13034", "UB:CVE-2017-13035", "UB:CVE-2017-13036", "UB:CVE-2017-13037", "UB:CVE-2017-13038", "UB:CVE-2017-13039", "UB:CVE-2017-13040", "UB:CVE-2017-13041", "UB:CVE-2017-13042", "UB:CVE-2017-13043", "UB:CVE-2017-13044", "UB:CVE-2017-13045", "UB:CVE-2017-13046", "UB:CVE-2017-13047", "UB:CVE-2017-13048", "UB:CVE-2017-13049", "UB:CVE-2017-13050", "UB:CVE-2017-13051", "UB:CVE-2017-13052", "UB:CVE-2017-13053", "UB:CVE-2017-13054", "UB:CVE-2017-13055", "UB:CVE-2017-13687", "UB:CVE-2017-13688", "UB:CVE-2017-13689", "UB:CVE-2017-13690", "UB:CVE-2017-13725"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2017-11108", "epss": "0.006490000", "percentile": "0.761870000", "modified": "2023-03-14"}, {"cve": "CVE-2017-11541", "epss": "0.048370000", "percentile": "0.914710000", "modified": "2023-03-14"}, {"cve": "CVE-2017-11542", "epss": "0.048370000", "percentile": "0.914710000", "modified": "2023-03-14"}, {"cve": "CVE-2017-11543", "epss": "0.160530000", "percentile": "0.950530000", "modified": "2023-03-14"}, {"cve": "CVE-2017-12893", "epss": "0.004320000", "percentile": "0.705780000", "modified": "2023-03-14"}, {"cve": "CVE-2017-12894", "epss": "0.004320000", "percentile": "0.705780000", "modified": "2023-03-14"}, {"cve": "CVE-2017-12895", "epss": "0.004320000", "percentile": "0.705780000", "modified": "2023-03-14"}, {"cve": "CVE-2017-12896", "epss": "0.006940000", "percentile": "0.771120000", "modified": "2023-03-14"}, {"cve": "CVE-2017-12897", "epss": "0.004320000", "percentile": "0.705780000", "modified": "2023-03-14"}, {"cve": "CVE-2017-12898", "epss": "0.004320000", "percentile": "0.705780000", "modified": "2023-03-14"}, {"cve": "CVE-2017-12899", "epss": "0.006940000", "percentile": "0.771120000", "modified": "2023-03-14"}, {"cve": "CVE-2017-12900", "epss": "0.004320000", "percentile": "0.705780000", "modified": "2023-03-14"}, {"cve": "CVE-2017-12901", "epss": "0.004320000", "percentile": "0.705780000", "modified": "2023-03-14"}, {"cve": "CVE-2017-12902", "epss": "0.006940000", "percentile": "0.771120000", "modified": "2023-03-14"}, {"cve": "CVE-2017-12985", "epss": "0.004320000", "percentile": "0.705780000", "modified": "2023-03-14"}, {"cve": "CVE-2017-12986", "epss": "0.004320000", "percentile": "0.705780000", "modified": "2023-03-14"}, {"cve": "CVE-2017-12987", "epss": "0.006940000", "percentile": "0.771120000", "modified": "2023-03-14"}, {"cve": "CVE-2017-12988", "epss": "0.004320000", "percentile": "0.705780000", "modified": "2023-03-14"}, {"cve": "CVE-2017-12989", "epss": "0.007250000", "percentile": "0.776570000", "modified": "2023-03-14"}, {"cve": "CVE-2017-12990", "epss": "0.007250000", "percentile": "0.776570000", "modified": "2023-03-14"}, {"cve": "CVE-2017-12991", "epss": "0.004320000", "percentile": "0.705780000", "modified": "2023-03-14"}, {"cve": "CVE-2017-12992", "epss": "0.004320000", "percentile": "0.705780000", "modified": "2023-03-14"}, {"cve": "CVE-2017-12993", "epss": "0.004320000", "percentile": "0.705780000", "modified": "2023-03-14"}, {"cve": "CVE-2017-12994", "epss": "0.004320000", "percentile": "0.705780000", "modified": "2023-03-14"}, {"cve": "CVE-2017-12995", "epss": "0.007250000", "percentile": "0.776570000", "modified": "2023-03-14"}, {"cve": "CVE-2017-12996", "epss": "0.004320000", "percentile": "0.705780000", "modified": "2023-03-14"}, {"cve": "CVE-2017-12997", "epss": "0.009340000", "percentile": "0.806370000", "modified": "2023-03-14"}, {"cve": "CVE-2017-12998", "epss": "0.004320000", "percentile": "0.705780000", "modified": "2023-03-14"}, {"cve": "CVE-2017-12999", "epss": "0.004320000", "percentile": "0.705780000", "modified": "2023-03-14"}, {"cve": "CVE-2017-13000", "epss": "0.005820000", "percentile": "0.747850000", "modified": "2023-03-14"}, {"cve": "CVE-2017-13001", "epss": "0.004320000", "percentile": "0.705780000", "modified": "2023-03-14"}, {"cve": "CVE-2017-13002", "epss": "0.004320000", "percentile": "0.705780000", "modified": "2023-03-14"}, {"cve": "CVE-2017-13003", "epss": "0.004320000", "percentile": "0.705780000", "modified": "2023-03-14"}, {"cve": "CVE-2017-13004", "epss": "0.008280000", "percentile": "0.793640000", "modified": "2023-03-14"}, {"cve": "CVE-2017-13005", "epss": "0.004320000", "percentile": "0.705780000", "modified": "2023-03-14"}, {"cve": "CVE-2017-13006", "epss": "0.004320000", "percentile": "0.705780000", "modified": "2023-03-14"}, {"cve": "CVE-2017-13007", "epss": "0.004320000", "percentile": "0.705780000", "modified": "2023-03-14"}, {"cve": "CVE-2017-13008", "epss": "0.004320000", "percentile": "0.705780000", "modified": "2023-03-14"}, {"cve": "CVE-2017-13009", "epss": "0.004320000", "percentile": "0.705780000", "modified": "2023-03-14"}, {"cve": "CVE-2017-13010", "epss": "0.004320000", "percentile": "0.705780000", "modified": "2023-03-14"}, {"cve": "CVE-2017-13011", "epss": "0.005320000", "percentile": "0.735490000", "modified": "2023-03-14"}, {"cve": "CVE-2017-13012", "epss": "0.004320000", "percentile": "0.705780000", "modified": "2023-03-14"}, {"cve": "CVE-2017-13013", "epss": "0.004320000", "percentile": "0.705780000", "modified": "2023-03-14"}, {"cve": "CVE-2017-13014", "epss": "0.004320000", "percentile": "0.705780000", "modified": "2023-03-14"}, {"cve": "CVE-2017-13015", "epss": "0.004320000", "percentile": "0.705780000", "modified": "2023-03-14"}, {"cve": "CVE-2017-13016", "epss": "0.004320000", "percentile": "0.705780000", "modified": "2023-03-14"}, {"cve": "CVE-2017-13017", "epss": "0.004320000", "percentile": "0.705780000", "modified": "2023-03-14"}, {"cve": "CVE-2017-13018", "epss": "0.004320000", "percentile": "0.705780000", "modified": "2023-03-14"}, {"cve": "CVE-2017-13019", "epss": "0.005580000", "percentile": "0.742180000", "modified": "2023-03-14"}, {"cve": "CVE-2017-13020", "epss": "0.008280000", "percentile": "0.793640000", "modified": "2023-03-14"}, {"cve": "CVE-2017-13021", "epss": "0.005580000", "percentile": "0.742180000", "modified": "2023-03-14"}, {"cve": "CVE-2017-13022", "epss": "0.005580000", "percentile": "0.742180000", "modified": "2023-03-14"}, {"cve": "CVE-2017-13023", "epss": "0.005580000", "percentile": "0.742180000", "modified": "2023-03-14"}, {"cve": "CVE-2017-13024", "epss": "0.008280000", "percentile": "0.793640000", "modified": "2023-03-14"}, {"cve": "CVE-2017-13025", "epss": "0.005580000", "percentile": "0.742180000", "modified": "2023-03-14"}, {"cve": "CVE-2017-13026", "epss": "0.005580000", "percentile": "0.742180000", "modified": "2023-03-14"}, {"cve": "CVE-2017-13027", "epss": "0.005580000", "percentile": "0.742180000", "modified": "2023-03-14"}, {"cve": "CVE-2017-13028", "epss": "0.008280000", "percentile": "0.793640000", "modified": "2023-03-14"}, {"cve": "CVE-2017-13029", "epss": "0.005580000", "percentile": "0.742180000", "modified": "2023-03-14"}, {"cve": "CVE-2017-13030", "epss": "0.005580000", "percentile": "0.742180000", "modified": "2023-03-14"}, {"cve": "CVE-2017-13031", "epss": "0.005580000", "percentile": "0.742180000", "modified": "2023-03-14"}, {"cve": "CVE-2017-13032", "epss": "0.005580000", "percentile": "0.742180000", "modified": "2023-03-14"}, {"cve": "CVE-2017-13033", "epss": "0.005580000", "percentile": "0.742180000", "modified": "2023-03-14"}, {"cve": "CVE-2017-13034", "epss": "0.005580000", "percentile": "0.742180000", "modified": "2023-03-14"}, {"cve": "CVE-2017-13035", "epss": "0.005580000", "percentile": "0.742180000", "modified": "2023-03-14"}, {"cve": "CVE-2017-13036", "epss": "0.005580000", "percentile": "0.742180000", "modified": "2023-03-14"}, {"cve": "CVE-2017-13037", "epss": "0.005580000", "percentile": "0.742180000", "modified": "2023-03-14"}, {"cve": "CVE-2017-13038", "epss": "0.005580000", "percentile": "0.742180000", "modified": "2023-03-14"}, {"cve": "CVE-2017-13039", "epss": "0.005580000", "percentile": "0.742180000", "modified": "2023-03-14"}, {"cve": "CVE-2017-13040", "epss": "0.005580000", "percentile": "0.742180000", "modified": "2023-03-14"}, {"cve": "CVE-2017-13041", "epss": "0.005580000", "percentile": "0.742180000", "modified": "2023-03-14"}, {"cve": "CVE-2017-13042", "epss": "0.005580000", "percentile": "0.742180000", "modified": "2023-03-14"}, {"cve": "CVE-2017-13043", "epss": "0.005580000", "percentile": "0.742180000", "modified": "2023-03-14"}, {"cve": "CVE-2017-13044", "epss": "0.005580000", "percentile": "0.742180000", "modified": "2023-03-14"}, {"cve": "CVE-2017-13045", "epss": "0.005580000", "percentile": "0.742180000", "modified": "2023-03-14"}, {"cve": "CVE-2017-13046", "epss": "0.005580000", "percentile": "0.742180000", "modified": "2023-03-14"}, {"cve": "CVE-2017-13047", "epss": "0.005580000", "percentile": "0.742180000", "modified": "2023-03-14"}, {"cve": "CVE-2017-13048", "epss": "0.005580000", "percentile": "0.742180000", "modified": "2023-03-14"}, {"cve": "CVE-2017-13049", "epss": "0.005580000", "percentile": "0.742180000", "modified": "2023-03-14"}, {"cve": "CVE-2017-13050", "epss": "0.005580000", "percentile": "0.742180000", "modified": "2023-03-14"}, {"cve": "CVE-2017-13051", "epss": "0.005580000", "percentile": "0.742180000", "modified": "2023-03-14"}, {"cve": "CVE-2017-13052", "epss": "0.005580000", "percentile": "0.742180000", "modified": "2023-03-14"}, {"cve": "CVE-2017-13053", "epss": "0.005580000", "percentile": "0.742180000", "modified": "2023-03-14"}, {"cve": "CVE-2017-13054", "epss": "0.005580000", "percentile": "0.742180000", "modified": "2023-03-14"}, {"cve": "CVE-2017-13055", "epss": "0.005580000", "percentile": "0.742180000", "modified": "2023-03-14"}, {"cve": "CVE-2017-13687", "epss": "0.008280000", "percentile": "0.793640000", "modified": "2023-03-14"}, {"cve": "CVE-2017-13688", "epss": "0.005580000", "percentile": "0.742180000", "modified": "2023-03-14"}, {"cve": "CVE-2017-13689", "epss": "0.005580000", "percentile": "0.742180000", "modified": "2023-03-14"}, {"cve": "CVE-2017-13690", "epss": "0.005580000", "percentile": "0.742180000", "modified": "2023-03-14"}, {"cve": "CVE-2017-13725", "epss": "0.008280000", "percentile": "0.793640000", "modified": "2023-03-14"}], "vulnersScore": 3.8}, "_state": {"dependencies": 1674739049, "score": 1674739097, "epss": 1678856911}, "_internal": {"score_hash": "1310431fe8864339f0f13e2583c268a0"}, "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "12.04", "arch": "noarch", "packageVersion": "4.9.2-0ubuntu0.12.04.1", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "tcpdump"}]}

{"nessus": [{"lastseen": "2023-01-11T14:40:48", "description": "According to the versions of the tcpdump package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvp_obj_print().(CVE-2017-13048)\n\n - The ARP parser in tcpdump before 4.9.2 has a buffer over-read in print-arp.c, several functions.(CVE-2017-13013)\n\n - The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print().(CVE-2017-13033)\n\n - The OSPFv3 parser in tcpdump before 4.9.2 has a buffer over-read in print-ospf6.c:ospf6_decode_v3().(CVE-2017-13036)\n\n - The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esis_print().(CVE-2017-13047)\n\n - The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print().(CVE-2017-13025)\n\n - The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print().(CVE-2017-13019)\n\n - The IPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-ip6.c:ip6_print().(CVE-2017-12985)\n\n - The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print().(CVE-2017-13725)\n\n - The telnet parser in tcpdump before 4.9.2 has a buffer over-read in print-telnet.c:telnet_parse().(CVE-2017-12988)\n\n - The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print().(CVE-2017-12991)\n\n - The MPTCP parser in tcpdump before 4.9.2 has a buffer over-read in print-mptcp.c, several functions.(CVE-2017-13040)\n\n - The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:print_ccp_config_options().(CVE-2017-13029)\n\n - The IEEE 802.15.4 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_15_4.c:ieee802_15_4_if_print().(CVE-2017-1300 0)\n\n - The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printroute().(CVE-2017-13022)\n\n - The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions.(CVE-2017-13039)\n\n - The IPv6 fragmentation header parser in tcpdump before 4.9.2 has a buffer over-read in print-frag6.c:frag6_print().(CVE-2017-13031)\n\n - The PIM parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c, several functions.(CVE-2017-13030)\n\n - The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print().(CVE-2017-12994)\n\n - The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_multicast_vpn().(CVE-2017-13043)\n\n - The VQP parser in tcpdump before 4.9.2 has a buffer over-read in print-vqp.c:vqp_print().(CVE-2017-13045)\n\n - The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_private_8023_print().(CVE-2017-13054, CVE-2017-12998,CVE-2017-13014,CVE-2017-13037, CVE-2017-13690,CVE-2017-13017,CVE-2017-12895,CVE-2017-1 3046,CVE-2017-13688,CVE-2017-13053,CVE-2017-12995,CVE-2 017-12997,CVE-2017-13016,CVE-2017-13002,CVE-2017-12989, CVE-2017-12999,CVE-2017-12900,CVE-2017-13006,CVE-2017-1 2897,CVE-2017-13003,CVE-2017-12901,CVE-2017-13035,CVE-2 017-13009,CVE-2017-13032,CVE-2017-13049,CVE-2017-13007, CVE-2017-13041,CVE-2017-12987,CVE-2017-12993,CVE-2017-1 3023,CVE-2017-13026,CVE-2017-13055,CVE-2017-13042,CVE-2 017-13018,CVE-2017-13044,CVE-2017-13012,CVE-2017-13001, CVE-2017-13050,CVE-2017-13028,CVE-2017-13024,CVE-2017-1 2992,CVE-2017-13004,CVE-2017-13027,CVE-2017-13008,CVE-2 017-13051,CVE-2017-13020,CVE-2017-12902,CVE-2017-13689, CVE-2017-13005,CVE-2017-12894,CVE-2017-13015,CVE-2017-1 3038,CVE-2017-12990,CVE-2017-13034,CVE-2017-13011,CVE-2 017-13021,CVE-2017-13010,CVE-2017-12986,CVE-2017-12996, CVE-2017-13052)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-11-02T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP1 : tcpdump (EulerOS-SA-2017-1280)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12894", "CVE-2017-12895", "CVE-2017-12897", "CVE-2017-12900", "CVE-2017-12901", "CVE-2017-12902", "CVE-2017-12985", "CVE-2017-12986", "CVE-2017-12987", "CVE-2017-12988", "CVE-2017-12989", "CVE-2017-12990", "CVE-2017-12991", "CVE-2017-12992", "CVE-2017-12993", "CVE-2017-12994", "CVE-2017-12995", "CVE-2017-12996", "CVE-2017-12997", "CVE-2017-12998", "CVE-2017-12999", "CVE-2017-1300", "CVE-2017-13000", "CVE-2017-13001", "CVE-2017-13002", "CVE-2017-13003", "CVE-2017-13004", "CVE-2017-13005", "CVE-2017-13006", "CVE-2017-13007", "CVE-2017-13008", "CVE-2017-13009", "CVE-2017-13010", "CVE-2017-13011", "CVE-2017-13012", "CVE-2017-13013", "CVE-2017-13014", "CVE-2017-13015", "CVE-2017-13016", "CVE-2017-13017", "CVE-2017-13018", "CVE-2017-13019", "CVE-2017-13020", "CVE-2017-13021", "CVE-2017-13022", "CVE-2017-13023", "CVE-2017-13024", "CVE-2017-13025", "CVE-2017-13026", "CVE-2017-13027", "CVE-2017-13028", "CVE-2017-13029", "CVE-2017-13030", "CVE-2017-13031", "CVE-2017-13032", "CVE-2017-13033", "CVE-2017-13034", "CVE-2017-13035", "CVE-2017-13036", "CVE-2017-13037", "CVE-2017-13038", "CVE-2017-13039", "CVE-2017-13040", "CVE-2017-13041", "CVE-2017-13042", "CVE-2017-13043", "CVE-2017-13044", "CVE-2017-13045", "CVE-2017-13046", "CVE-2017-13047", "CVE-2017-13048", "CVE-2017-13049", "CVE-2017-13050", "CVE-2017-13051", "CVE-2017-13052", "CVE-2017-13053", "CVE-2017-13054", "CVE-2017-13055", "CVE-2017-13688", "CVE-2017-13689", "CVE-2017-13690", "CVE-2017-13725"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:tcpdump", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1280.NASL", "href": "https://www.tenable.com/plugins/nessus/104333", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104333);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-12894\",\n \"CVE-2017-12895\",\n \"CVE-2017-12897\",\n \"CVE-2017-12900\",\n \"CVE-2017-12901\",\n \"CVE-2017-12902\",\n \"CVE-2017-12985\",\n \"CVE-2017-12986\",\n \"CVE-2017-12987\",\n \"CVE-2017-12988\",\n \"CVE-2017-12989\",\n \"CVE-2017-12990\",\n \"CVE-2017-12991\",\n \"CVE-2017-12992\",\n \"CVE-2017-12993\",\n \"CVE-2017-12994\",\n \"CVE-2017-12995\",\n \"CVE-2017-12996\",\n \"CVE-2017-12997\",\n \"CVE-2017-12998\",\n \"CVE-2017-12999\",\n \"CVE-2017-13000\",\n \"CVE-2017-13001\",\n \"CVE-2017-13002\",\n \"CVE-2017-13003\",\n \"CVE-2017-13004\",\n \"CVE-2017-13005\",\n \"CVE-2017-13006\",\n \"CVE-2017-13007\",\n \"CVE-2017-13008\",\n \"CVE-2017-13009\",\n \"CVE-2017-13010\",\n \"CVE-2017-13011\",\n \"CVE-2017-13012\",\n \"CVE-2017-13013\",\n \"CVE-2017-13014\",\n \"CVE-2017-13015\",\n \"CVE-2017-13016\",\n \"CVE-2017-13017\",\n \"CVE-2017-13018\",\n \"CVE-2017-13019\",\n \"CVE-2017-13020\",\n \"CVE-2017-13021\",\n \"CVE-2017-13022\",\n \"CVE-2017-13023\",\n \"CVE-2017-13024\",\n \"CVE-2017-13025\",\n \"CVE-2017-13026\",\n \"CVE-2017-13027\",\n \"CVE-2017-13028\",\n \"CVE-2017-13029\",\n \"CVE-2017-13030\",\n \"CVE-2017-13031\",\n \"CVE-2017-13032\",\n \"CVE-2017-13033\",\n \"CVE-2017-13034\",\n \"CVE-2017-13035\",\n \"CVE-2017-13036\",\n \"CVE-2017-13037\",\n \"CVE-2017-13038\",\n \"CVE-2017-13039\",\n \"CVE-2017-13040\",\n \"CVE-2017-13041\",\n \"CVE-2017-13042\",\n \"CVE-2017-13043\",\n \"CVE-2017-13044\",\n \"CVE-2017-13045\",\n \"CVE-2017-13046\",\n \"CVE-2017-13047\",\n \"CVE-2017-13048\",\n \"CVE-2017-13049\",\n \"CVE-2017-13050\",\n \"CVE-2017-13051\",\n \"CVE-2017-13052\",\n \"CVE-2017-13053\",\n \"CVE-2017-13054\",\n \"CVE-2017-13055\",\n \"CVE-2017-13688\",\n \"CVE-2017-13689\",\n \"CVE-2017-13690\",\n \"CVE-2017-13725\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : tcpdump (EulerOS-SA-2017-1280)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the tcpdump package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The RSVP parser in tcpdump before 4.9.2 has a buffer\n over-read in\n print-rsvp.c:rsvp_obj_print().(CVE-2017-13048)\n\n - The ARP parser in tcpdump before 4.9.2 has a buffer\n over-read in print-arp.c, several\n functions.(CVE-2017-13013)\n\n - The VTP parser in tcpdump before 4.9.2 has a buffer\n over-read in print-vtp.c:vtp_print().(CVE-2017-13033)\n\n - The OSPFv3 parser in tcpdump before 4.9.2 has a buffer\n over-read in\n print-ospf6.c:ospf6_decode_v3().(CVE-2017-13036)\n\n - The ISO ES-IS parser in tcpdump before 4.9.2 has a\n buffer over-read in\n print-isoclns.c:esis_print().(CVE-2017-13047)\n\n - The IPv6 mobility parser in tcpdump before 4.9.2 has a\n buffer over-read in\n print-mobility.c:mobility_opt_print().(CVE-2017-13025)\n\n - The PGM parser in tcpdump before 4.9.2 has a buffer\n over-read in print-pgm.c:pgm_print().(CVE-2017-13019)\n\n - The IPv6 parser in tcpdump before 4.9.2 has a buffer\n over-read in print-ip6.c:ip6_print().(CVE-2017-12985)\n\n - The IPv6 routing header parser in tcpdump before 4.9.2\n has a buffer over-read in\n print-rt6.c:rt6_print().(CVE-2017-13725)\n\n - The telnet parser in tcpdump before 4.9.2 has a buffer\n over-read in\n print-telnet.c:telnet_parse().(CVE-2017-12988)\n\n - The BGP parser in tcpdump before 4.9.2 has a buffer\n over-read in\n print-bgp.c:bgp_attr_print().(CVE-2017-12991)\n\n - The MPTCP parser in tcpdump before 4.9.2 has a buffer\n over-read in print-mptcp.c, several\n functions.(CVE-2017-13040)\n\n - The PPP parser in tcpdump before 4.9.2 has a buffer\n over-read in\n print-ppp.c:print_ccp_config_options().(CVE-2017-13029)\n\n - The IEEE 802.15.4 parser in tcpdump before 4.9.2 has a\n buffer over-read in\n print-802_15_4.c:ieee802_15_4_if_print().(CVE-2017-1300\n 0)\n\n - The IP parser in tcpdump before 4.9.2 has a buffer\n over-read in\n print-ip.c:ip_printroute().(CVE-2017-13022)\n\n - The ISAKMP parser in tcpdump before 4.9.2 has a buffer\n over-read in print-isakmp.c, several\n functions.(CVE-2017-13039)\n\n - The IPv6 fragmentation header parser in tcpdump before\n 4.9.2 has a buffer over-read in\n print-frag6.c:frag6_print().(CVE-2017-13031)\n\n - The PIM parser in tcpdump before 4.9.2 has a buffer\n over-read in print-pim.c, several\n functions.(CVE-2017-13030)\n\n - The BGP parser in tcpdump before 4.9.2 has a buffer\n over-read in\n print-bgp.c:bgp_attr_print().(CVE-2017-12994)\n\n - The BGP parser in tcpdump before 4.9.2 has a buffer\n over-read in\n print-bgp.c:decode_multicast_vpn().(CVE-2017-13043)\n\n - The VQP parser in tcpdump before 4.9.2 has a buffer\n over-read in print-vqp.c:vqp_print().(CVE-2017-13045)\n\n - The LLDP parser in tcpdump before 4.9.2 has a buffer\n over-read in\n print-lldp.c:lldp_private_8023_print().(CVE-2017-13054,\n CVE-2017-12998,CVE-2017-13014,CVE-2017-13037,\n CVE-2017-13690,CVE-2017-13017,CVE-2017-12895,CVE-2017-1\n 3046,CVE-2017-13688,CVE-2017-13053,CVE-2017-12995,CVE-2\n 017-12997,CVE-2017-13016,CVE-2017-13002,CVE-2017-12989,\n CVE-2017-12999,CVE-2017-12900,CVE-2017-13006,CVE-2017-1\n 2897,CVE-2017-13003,CVE-2017-12901,CVE-2017-13035,CVE-2\n 017-13009,CVE-2017-13032,CVE-2017-13049,CVE-2017-13007,\n CVE-2017-13041,CVE-2017-12987,CVE-2017-12993,CVE-2017-1\n 3023,CVE-2017-13026,CVE-2017-13055,CVE-2017-13042,CVE-2\n 017-13018,CVE-2017-13044,CVE-2017-13012,CVE-2017-13001,\n CVE-2017-13050,CVE-2017-13028,CVE-2017-13024,CVE-2017-1\n 2992,CVE-2017-13004,CVE-2017-13027,CVE-2017-13008,CVE-2\n 017-13051,CVE-2017-13020,CVE-2017-12902,CVE-2017-13689,\n CVE-2017-13005,CVE-2017-12894,CVE-2017-13015,CVE-2017-1\n 3038,CVE-2017-12990,CVE-2017-13034,CVE-2017-13011,CVE-2\n 017-13021,CVE-2017-13010,CVE-2017-12986,CVE-2017-12996,\n CVE-2017-13052)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1280\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?834904e3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected tcpdump packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"tcpdump-4.9.0-5.h175\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tcpdump\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:39:18", "description": "According to the versions of the tcpdump package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvp_obj_print().(CVE-2017-13048)\n\n - The ARP parser in tcpdump before 4.9.2 has a buffer over-read in print-arp.c, several functions.(CVE-2017-13013)\n\n - The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print().(CVE-2017-13033)\n\n - The OSPFv3 parser in tcpdump before 4.9.2 has a buffer over-read in print-ospf6.c:ospf6_decode_v3().(CVE-2017-13036)\n\n - The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esis_print().(CVE-2017-13047)\n\n - The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print().(CVE-2017-13025)\n\n - The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print().(CVE-2017-13019)\n\n - The IPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-ip6.c:ip6_print().(CVE-2017-12985)\n\n - The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print().(CVE-2017-13725)\n\n - The telnet parser in tcpdump before 4.9.2 has a buffer over-read in print-telnet.c:telnet_parse().(CVE-2017-12988)\n\n - The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print().(CVE-2017-12991)\n\n - The MPTCP parser in tcpdump before 4.9.2 has a buffer over-read in print-mptcp.c, several functions.(CVE-2017-13040)\n\n - The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:print_ccp_config_options().(CVE-2017-13029)\n\n - The IEEE 802.15.4 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_15_4.c:ieee802_15_4_if_print().(CVE-2017-1300 0)\n\n - The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printroute().(CVE-2017-13022)\n\n - The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions.(CVE-2017-13039)\n\n - The IPv6 fragmentation header parser in tcpdump before 4.9.2 has a buffer over-read in print-frag6.c:frag6_print().(CVE-2017-13031)\n\n - The PIM parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c, several functions.(CVE-2017-13030)\n\n - The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print().(CVE-2017-12994)\n\n - The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_multicast_vpn().(CVE-2017-13043)\n\n - The VQP parser in tcpdump before 4.9.2 has a buffer over-read in print-vqp.c:vqp_print().(CVE-2017-13045)\n\n - The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_private_8023_print().(CVE-2017-13054, CVE-2017-12998,CVE-2017-13014,CVE-2017-13037, CVE-2017-13690,CVE-2017-13017,CVE-2017-12895,CVE-2017-1 3046,CVE-2017-13688,CVE-2017-13053,CVE-2017-12995,CVE-2 017-12997,CVE-2017-13016,CVE-2017-13002,CVE-2017-12989, CVE-2017-12999,CVE-2017-12900,CVE-2017-13006,CVE-2017-1 2897,CVE-2017-13003,CVE-2017-12901,CVE-2017-13035,CVE-2 017-13009,CVE-2017-13032,CVE-2017-13049,CVE-2017-13007, CVE-2017-13041,CVE-2017-12987,CVE-2017-12993,CVE-2017-1 3023,CVE-2017-13026,CVE-2017-13055,CVE-2017-13042,CVE-2 017-13018,CVE-2017-13044,CVE-2017-13012,CVE-2017-13001, CVE-2017-13050,CVE-2017-13028,CVE-2017-13024,CVE-2017-1 2992,CVE-2017-13004,CVE-2017-13027,CVE-2017-13008,CVE-2 017-13051,CVE-2017-13020,CVE-2017-12902,CVE-2017-13689, CVE-2017-13005,CVE-2017-12894,CVE-2017-13015,CVE-2017-1 3038,CVE-2017-12990,CVE-2017-13034,CVE-2017-13011,CVE-2 017-13021,CVE-2017-13010,CVE-2017-12986,CVE-2017-12996, CVE-2017-13052)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-11-02T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : tcpdump (EulerOS-SA-2017-1281)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12894", "CVE-2017-12895", "CVE-2017-12897", "CVE-2017-12900", "CVE-2017-12901", "CVE-2017-12902", "CVE-2017-12985", "CVE-2017-12986", "CVE-2017-12987", "CVE-2017-12988", "CVE-2017-12989", "CVE-2017-12990", "CVE-2017-12991", "CVE-2017-12992", "CVE-2017-12993", "CVE-2017-12994", "CVE-2017-12995", "CVE-2017-12996", "CVE-2017-12997", "CVE-2017-12998", "CVE-2017-12999", "CVE-2017-1300", "CVE-2017-13000", "CVE-2017-13001", "CVE-2017-13002", "CVE-2017-13003", "CVE-2017-13004", "CVE-2017-13005", "CVE-2017-13006", "CVE-2017-13007", "CVE-2017-13008", "CVE-2017-13009", "CVE-2017-13010", "CVE-2017-13011", "CVE-2017-13012", "CVE-2017-13013", "CVE-2017-13014", "CVE-2017-13015", "CVE-2017-13016", "CVE-2017-13017", "CVE-2017-13018", "CVE-2017-13019", "CVE-2017-13020", "CVE-2017-13021", "CVE-2017-13022", "CVE-2017-13023", "CVE-2017-13024", "CVE-2017-13025", "CVE-2017-13026", "CVE-2017-13027", "CVE-2017-13028", "CVE-2017-13029", "CVE-2017-13030", "CVE-2017-13031", "CVE-2017-13032", "CVE-2017-13033", "CVE-2017-13034", "CVE-2017-13035", "CVE-2017-13036", "CVE-2017-13037", "CVE-2017-13038", "CVE-2017-13039", "CVE-2017-13040", "CVE-2017-13041", "CVE-2017-13042", "CVE-2017-13043", "CVE-2017-13044", "CVE-2017-13045", "CVE-2017-13046", "CVE-2017-13047", "CVE-2017-13048", "CVE-2017-13049", "CVE-2017-13050", "CVE-2017-13051", "CVE-2017-13052", "CVE-2017-13053", "CVE-2017-13054", "CVE-2017-13055", "CVE-2017-13688", "CVE-2017-13689", "CVE-2017-13690", "CVE-2017-13725"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:tcpdump", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1281.NASL", "href": "https://www.tenable.com/plugins/nessus/104334", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104334);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-12894\",\n \"CVE-2017-12895\",\n \"CVE-2017-12897\",\n \"CVE-2017-12900\",\n \"CVE-2017-12901\",\n \"CVE-2017-12902\",\n \"CVE-2017-12985\",\n \"CVE-2017-12986\",\n \"CVE-2017-12987\",\n \"CVE-2017-12988\",\n \"CVE-2017-12989\",\n \"CVE-2017-12990\",\n \"CVE-2017-12991\",\n \"CVE-2017-12992\",\n \"CVE-2017-12993\",\n \"CVE-2017-12994\",\n \"CVE-2017-12995\",\n \"CVE-2017-12996\",\n \"CVE-2017-12997\",\n \"CVE-2017-12998\",\n \"CVE-2017-12999\",\n \"CVE-2017-13000\",\n \"CVE-2017-13001\",\n \"CVE-2017-13002\",\n \"CVE-2017-13003\",\n \"CVE-2017-13004\",\n \"CVE-2017-13005\",\n \"CVE-2017-13006\",\n \"CVE-2017-13007\",\n \"CVE-2017-13008\",\n \"CVE-2017-13009\",\n \"CVE-2017-13010\",\n \"CVE-2017-13011\",\n \"CVE-2017-13012\",\n \"CVE-2017-13013\",\n \"CVE-2017-13014\",\n \"CVE-2017-13015\",\n \"CVE-2017-13016\",\n \"CVE-2017-13017\",\n \"CVE-2017-13018\",\n \"CVE-2017-13019\",\n \"CVE-2017-13020\",\n \"CVE-2017-13021\",\n \"CVE-2017-13022\",\n \"CVE-2017-13023\",\n \"CVE-2017-13024\",\n \"CVE-2017-13025\",\n \"CVE-2017-13026\",\n \"CVE-2017-13027\",\n \"CVE-2017-13028\",\n \"CVE-2017-13029\",\n \"CVE-2017-13030\",\n \"CVE-2017-13031\",\n \"CVE-2017-13032\",\n \"CVE-2017-13033\",\n \"CVE-2017-13034\",\n \"CVE-2017-13035\",\n \"CVE-2017-13036\",\n \"CVE-2017-13037\",\n \"CVE-2017-13038\",\n \"CVE-2017-13039\",\n \"CVE-2017-13040\",\n \"CVE-2017-13041\",\n \"CVE-2017-13042\",\n \"CVE-2017-13043\",\n \"CVE-2017-13044\",\n \"CVE-2017-13045\",\n \"CVE-2017-13046\",\n \"CVE-2017-13047\",\n \"CVE-2017-13048\",\n \"CVE-2017-13049\",\n \"CVE-2017-13050\",\n \"CVE-2017-13051\",\n \"CVE-2017-13052\",\n \"CVE-2017-13053\",\n \"CVE-2017-13054\",\n \"CVE-2017-13055\",\n \"CVE-2017-13688\",\n \"CVE-2017-13689\",\n \"CVE-2017-13690\",\n \"CVE-2017-13725\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : tcpdump (EulerOS-SA-2017-1281)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the tcpdump package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The RSVP parser in tcpdump before 4.9.2 has a buffer\n over-read in\n print-rsvp.c:rsvp_obj_print().(CVE-2017-13048)\n\n - The ARP parser in tcpdump before 4.9.2 has a buffer\n over-read in print-arp.c, several\n functions.(CVE-2017-13013)\n\n - The VTP parser in tcpdump before 4.9.2 has a buffer\n over-read in print-vtp.c:vtp_print().(CVE-2017-13033)\n\n - The OSPFv3 parser in tcpdump before 4.9.2 has a buffer\n over-read in\n print-ospf6.c:ospf6_decode_v3().(CVE-2017-13036)\n\n - The ISO ES-IS parser in tcpdump before 4.9.2 has a\n buffer over-read in\n print-isoclns.c:esis_print().(CVE-2017-13047)\n\n - The IPv6 mobility parser in tcpdump before 4.9.2 has a\n buffer over-read in\n print-mobility.c:mobility_opt_print().(CVE-2017-13025)\n\n - The PGM parser in tcpdump before 4.9.2 has a buffer\n over-read in print-pgm.c:pgm_print().(CVE-2017-13019)\n\n - The IPv6 parser in tcpdump before 4.9.2 has a buffer\n over-read in print-ip6.c:ip6_print().(CVE-2017-12985)\n\n - The IPv6 routing header parser in tcpdump before 4.9.2\n has a buffer over-read in\n print-rt6.c:rt6_print().(CVE-2017-13725)\n\n - The telnet parser in tcpdump before 4.9.2 has a buffer\n over-read in\n print-telnet.c:telnet_parse().(CVE-2017-12988)\n\n - The BGP parser in tcpdump before 4.9.2 has a buffer\n over-read in\n print-bgp.c:bgp_attr_print().(CVE-2017-12991)\n\n - The MPTCP parser in tcpdump before 4.9.2 has a buffer\n over-read in print-mptcp.c, several\n functions.(CVE-2017-13040)\n\n - The PPP parser in tcpdump before 4.9.2 has a buffer\n over-read in\n print-ppp.c:print_ccp_config_options().(CVE-2017-13029)\n\n - The IEEE 802.15.4 parser in tcpdump before 4.9.2 has a\n buffer over-read in\n print-802_15_4.c:ieee802_15_4_if_print().(CVE-2017-1300\n 0)\n\n - The IP parser in tcpdump before 4.9.2 has a buffer\n over-read in\n print-ip.c:ip_printroute().(CVE-2017-13022)\n\n - The ISAKMP parser in tcpdump before 4.9.2 has a buffer\n over-read in print-isakmp.c, several\n functions.(CVE-2017-13039)\n\n - The IPv6 fragmentation header parser in tcpdump before\n 4.9.2 has a buffer over-read in\n print-frag6.c:frag6_print().(CVE-2017-13031)\n\n - The PIM parser in tcpdump before 4.9.2 has a buffer\n over-read in print-pim.c, several\n functions.(CVE-2017-13030)\n\n - The BGP parser in tcpdump before 4.9.2 has a buffer\n over-read in\n print-bgp.c:bgp_attr_print().(CVE-2017-12994)\n\n - The BGP parser in tcpdump before 4.9.2 has a buffer\n over-read in\n print-bgp.c:decode_multicast_vpn().(CVE-2017-13043)\n\n - The VQP parser in tcpdump before 4.9.2 has a buffer\n over-read in print-vqp.c:vqp_print().(CVE-2017-13045)\n\n - The LLDP parser in tcpdump before 4.9.2 has a buffer\n over-read in\n print-lldp.c:lldp_private_8023_print().(CVE-2017-13054,\n CVE-2017-12998,CVE-2017-13014,CVE-2017-13037,\n CVE-2017-13690,CVE-2017-13017,CVE-2017-12895,CVE-2017-1\n 3046,CVE-2017-13688,CVE-2017-13053,CVE-2017-12995,CVE-2\n 017-12997,CVE-2017-13016,CVE-2017-13002,CVE-2017-12989,\n CVE-2017-12999,CVE-2017-12900,CVE-2017-13006,CVE-2017-1\n 2897,CVE-2017-13003,CVE-2017-12901,CVE-2017-13035,CVE-2\n 017-13009,CVE-2017-13032,CVE-2017-13049,CVE-2017-13007,\n CVE-2017-13041,CVE-2017-12987,CVE-2017-12993,CVE-2017-1\n 3023,CVE-2017-13026,CVE-2017-13055,CVE-2017-13042,CVE-2\n 017-13018,CVE-2017-13044,CVE-2017-13012,CVE-2017-13001,\n CVE-2017-13050,CVE-2017-13028,CVE-2017-13024,CVE-2017-1\n 2992,CVE-2017-13004,CVE-2017-13027,CVE-2017-13008,CVE-2\n 017-13051,CVE-2017-13020,CVE-2017-12902,CVE-2017-13689,\n CVE-2017-13005,CVE-2017-12894,CVE-2017-13015,CVE-2017-1\n 3038,CVE-2017-12990,CVE-2017-13034,CVE-2017-13011,CVE-2\n 017-13021,CVE-2017-13010,CVE-2017-12986,CVE-2017-12996,\n CVE-2017-13052)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1281\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5056afaf\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected tcpdump packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"tcpdump-4.9.0-5.h175\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tcpdump\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:34:29", "description": "Several vulnerabilities have been discovered in tcpdump, a command-line network traffic analyzer. These vulnerabilities might result in denial of service or, potentially, execution of arbitrary code.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 4.9.2-1~deb7u1.\n\nWe recommend that you upgrade your tcpdump packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-09-18T00:00:00", "type": "nessus", "title": "Debian DLA-1097-1 : tcpdump security update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12893", "CVE-2017-12894", "CVE-2017-12895", "CVE-2017-12896", "CVE-2017-12897", "CVE-2017-12898", "CVE-2017-12899", "CVE-2017-12900", "CVE-2017-12901", "CVE-2017-12902", "CVE-2017-12985", "CVE-2017-12986", "CVE-2017-12987", "CVE-2017-12988", "CVE-2017-12989", "CVE-2017-12990", "CVE-2017-12991", "CVE-2017-12992", "CVE-2017-12993", "CVE-2017-12994", "CVE-2017-12995", "CVE-2017-12996", "CVE-2017-12997", "CVE-2017-12998", "CVE-2017-12999", "CVE-2017-13000", "CVE-2017-13001", "CVE-2017-13002", "CVE-2017-13003", "CVE-2017-13004", "CVE-2017-13005", "CVE-2017-13006", "CVE-2017-13007", "CVE-2017-13008", "CVE-2017-13009", "CVE-2017-13010", "CVE-2017-13011", "CVE-2017-13012", "CVE-2017-13013", "CVE-2017-13014", "CVE-2017-13015", "CVE-2017-13016", "CVE-2017-13017", "CVE-2017-13018", "CVE-2017-13019", "CVE-2017-13020", "CVE-2017-13021", "CVE-2017-13022", "CVE-2017-13023", "CVE-2017-13024", "CVE-2017-13025", "CVE-2017-13026", "CVE-2017-13027", "CVE-2017-13028", "CVE-2017-13029", "CVE-2017-13030", "CVE-2017-13031", "CVE-2017-13032", "CVE-2017-13033", "CVE-2017-13034", "CVE-2017-13035", "CVE-2017-13036", "CVE-2017-13037", "CVE-2017-13038", "CVE-2017-13039", "CVE-2017-13040", "CVE-2017-13041", "CVE-2017-13042", "CVE-2017-13043", "CVE-2017-13044", "CVE-2017-13045", "CVE-2017-13046", "CVE-2017-13047", "CVE-2017-13048", "CVE-2017-13049", "CVE-2017-13050", "CVE-2017-13051", "CVE-2017-13052", "CVE-2017-13053", "CVE-2017-13054", "CVE-2017-13055", "CVE-2017-13687", "CVE-2017-13688", "CVE-2017-13689", "CVE-2017-13690", "CVE-2017-13725"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:tcpdump", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-1097.NASL", "href": "https://www.tenable.com/plugins/nessus/103257", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1097-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103257);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-12893\", \"CVE-2017-12894\", \"CVE-2017-12895\", \"CVE-2017-12896\", \"CVE-2017-12897\", \"CVE-2017-12898\", \"CVE-2017-12899\", \"CVE-2017-12900\", \"CVE-2017-12901\", \"CVE-2017-12902\", \"CVE-2017-12985\", \"CVE-2017-12986\", \"CVE-2017-12987\", \"CVE-2017-12988\", \"CVE-2017-12989\", \"CVE-2017-12990\", \"CVE-2017-12991\", \"CVE-2017-12992\", \"CVE-2017-12993\", \"CVE-2017-12994\", \"CVE-2017-12995\", \"CVE-2017-12996\", \"CVE-2017-12997\", \"CVE-2017-12998\", \"CVE-2017-12999\", \"CVE-2017-13000\", \"CVE-2017-13001\", \"CVE-2017-13002\", \"CVE-2017-13003\", \"CVE-2017-13004\", \"CVE-2017-13005\", \"CVE-2017-13006\", \"CVE-2017-13007\", \"CVE-2017-13008\", \"CVE-2017-13009\", \"CVE-2017-13010\", \"CVE-2017-13011\", \"CVE-2017-13012\", \"CVE-2017-13013\", \"CVE-2017-13014\", \"CVE-2017-13015\", \"CVE-2017-13016\", \"CVE-2017-13017\", \"CVE-2017-13018\", \"CVE-2017-13019\", \"CVE-2017-13020\", \"CVE-2017-13021\", \"CVE-2017-13022\", \"CVE-2017-13023\", \"CVE-2017-13024\", \"CVE-2017-13025\", \"CVE-2017-13026\", \"CVE-2017-13027\", \"CVE-2017-13028\", \"CVE-2017-13029\", \"CVE-2017-13030\", \"CVE-2017-13031\", \"CVE-2017-13032\", \"CVE-2017-13033\", \"CVE-2017-13034\", \"CVE-2017-13035\", \"CVE-2017-13036\", \"CVE-2017-13037\", \"CVE-2017-13038\", \"CVE-2017-13039\", \"CVE-2017-13040\", \"CVE-2017-13041\", \"CVE-2017-13042\", \"CVE-2017-13043\", \"CVE-2017-13044\", \"CVE-2017-13045\", \"CVE-2017-13046\", \"CVE-2017-13047\", \"CVE-2017-13048\", \"CVE-2017-13049\", \"CVE-2017-13050\", \"CVE-2017-13051\", \"CVE-2017-13052\", \"CVE-2017-13053\", \"CVE-2017-13054\", \"CVE-2017-13055\", \"CVE-2017-13687\", \"CVE-2017-13688\", \"CVE-2017-13689\", \"CVE-2017-13690\", \"CVE-2017-13725\");\n\n script_name(english:\"Debian DLA-1097-1 : tcpdump security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in tcpdump, a\ncommand-line network traffic analyzer. These vulnerabilities might\nresult in denial of service or, potentially, execution of arbitrary\ncode.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n4.9.2-1~deb7u1.\n\nWe recommend that you upgrade your tcpdump packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/09/msg00014.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/tcpdump\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected tcpdump package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"tcpdump\", reference:\"4.9.2-1~deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-02T15:32:57", "description": "An update of [tcpdump,ruby] packages for PhotonOS has been released.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-08-17T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Ruby / Tcpdump PHSA-2017-0034 (deprecated)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12893", "CVE-2017-12894", "CVE-2017-12895", "CVE-2017-12896", "CVE-2017-12897", "CVE-2017-12898", "CVE-2017-12899", "CVE-2017-12900", "CVE-2017-12901", "CVE-2017-12902", "CVE-2017-12985", "CVE-2017-12986", "CVE-2017-12987", "CVE-2017-12988", "CVE-2017-12989", "CVE-2017-12990", "CVE-2017-12991", "CVE-2017-12992", "CVE-2017-12993", "CVE-2017-12994", "CVE-2017-12995", "CVE-2017-12996", "CVE-2017-12997", "CVE-2017-12998", "CVE-2017-12999", "CVE-2017-13000", "CVE-2017-13001", "CVE-2017-13002", "CVE-2017-13003", "CVE-2017-13004", "CVE-2017-13005", "CVE-2017-13006", "CVE-2017-13007", "CVE-2017-13008", "CVE-2017-13009", "CVE-2017-13010", "CVE-2017-13011", "CVE-2017-13012", "CVE-2017-13013", "CVE-2017-13014", "CVE-2017-13015", "CVE-2017-13016", "CVE-2017-13017", "CVE-2017-13018", "CVE-2017-13019", "CVE-2017-13020", "CVE-2017-13021", "CVE-2017-13022", "CVE-2017-13023", "CVE-2017-13024", "CVE-2017-13025", "CVE-2017-13026", "CVE-2017-13027", "CVE-2017-13028", "CVE-2017-13029", "CVE-2017-13030", "CVE-2017-13031", "CVE-2017-13032", "CVE-2017-13033", "CVE-2017-13034", "CVE-2017-13035", "CVE-2017-13036", "CVE-2017-13037", "CVE-2017-13038", "CVE-2017-13039", "CVE-2017-13040", "CVE-2017-13041", "CVE-2017-13042", "CVE-2017-13043", "CVE-2017-13044", "CVE-2017-13045", "CVE-2017-13046", "CVE-2017-13047", "CVE-2017-13048", "CVE-2017-13049", "CVE-2017-13050", "CVE-2017-13051", "CVE-2017-13052", "CVE-2017-13053", "CVE-2017-13054", "CVE-2017-13055", "CVE-2017-13687", "CVE-2017-13688", "CVE-2017-13689", "CVE-2017-13690", "CVE-2017-13725", "CVE-2017-14064"], "modified": "2019-02-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:ruby", "p-cpe:/a:vmware:photonos:tcpdump", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2017-0034.NASL", "href": "https://www.tenable.com/plugins/nessus/111883", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2/7/2019\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2017-0034. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111883);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/02/07 18:59:50\");\n\n script_cve_id(\n \"CVE-2017-12893\",\n \"CVE-2017-12894\",\n \"CVE-2017-12895\",\n \"CVE-2017-12896\",\n \"CVE-2017-12897\",\n \"CVE-2017-12898\",\n \"CVE-2017-12899\",\n \"CVE-2017-12900\",\n \"CVE-2017-12901\",\n \"CVE-2017-12902\",\n \"CVE-2017-12985\",\n \"CVE-2017-12986\",\n \"CVE-2017-12987\",\n \"CVE-2017-12988\",\n \"CVE-2017-12989\",\n \"CVE-2017-12990\",\n \"CVE-2017-12991\",\n \"CVE-2017-12992\",\n \"CVE-2017-12993\",\n \"CVE-2017-12994\",\n \"CVE-2017-12995\",\n \"CVE-2017-12996\",\n \"CVE-2017-12997\",\n \"CVE-2017-12998\",\n \"CVE-2017-12999\",\n \"CVE-2017-13000\",\n \"CVE-2017-13001\",\n \"CVE-2017-13002\",\n \"CVE-2017-13003\",\n \"CVE-2017-13004\",\n \"CVE-2017-13005\",\n \"CVE-2017-13006\",\n \"CVE-2017-13007\",\n \"CVE-2017-13008\",\n \"CVE-2017-13009\",\n \"CVE-2017-13010\",\n \"CVE-2017-13011\",\n \"CVE-2017-13012\",\n \"CVE-2017-13013\",\n \"CVE-2017-13014\",\n \"CVE-2017-13015\",\n \"CVE-2017-13016\",\n \"CVE-2017-13017\",\n \"CVE-2017-13018\",\n \"CVE-2017-13019\",\n \"CVE-2017-13020\",\n \"CVE-2017-13021\",\n \"CVE-2017-13022\",\n \"CVE-2017-13023\",\n \"CVE-2017-13024\",\n \"CVE-2017-13025\",\n \"CVE-2017-13026\",\n \"CVE-2017-13027\",\n \"CVE-2017-13028\",\n \"CVE-2017-13029\",\n \"CVE-2017-13030\",\n \"CVE-2017-13031\",\n \"CVE-2017-13032\",\n \"CVE-2017-13033\",\n \"CVE-2017-13034\",\n \"CVE-2017-13035\",\n \"CVE-2017-13036\",\n \"CVE-2017-13037\",\n \"CVE-2017-13038\",\n \"CVE-2017-13039\",\n \"CVE-2017-13040\",\n \"CVE-2017-13041\",\n \"CVE-2017-13042\",\n \"CVE-2017-13043\",\n \"CVE-2017-13044\",\n \"CVE-2017-13045\",\n \"CVE-2017-13046\",\n \"CVE-2017-13047\",\n \"CVE-2017-13048\",\n \"CVE-2017-13049\",\n \"CVE-2017-13050\",\n \"CVE-2017-13051\",\n \"CVE-2017-13052\",\n \"CVE-2017-13053\",\n \"CVE-2017-13054\",\n \"CVE-2017-13055\",\n \"CVE-2017-13687\",\n \"CVE-2017-13688\",\n \"CVE-2017-13689\",\n \"CVE-2017-13690\",\n \"CVE-2017-13725\",\n \"CVE-2017-14064\"\n );\n\n script_name(english:\"Photon OS 1.0: Ruby / Tcpdump PHSA-2017-0034 (deprecated)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"This plugin has been deprecated.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of [tcpdump,ruby] packages for PhotonOS has been released.\");\n # https://github.com/vmware/photon/wiki/Security-Updates-70\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d5900e66\");\n script_set_attribute(attribute:\"solution\", value:\"n/a.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-12893\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated.\");\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\npkgs = [\n \"ruby-2.4.0-6.ph1\",\n \"ruby-debuginfo-2.4.0-6.ph1\",\n \"tcpdump-4.9.2-1.ph1\",\n \"tcpdump-debuginfo-4.9.2-1.ph1\"\n];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"PhotonOS-1.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby / tcpdump\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-17T15:27:46", "description": "Several vulnerabilities have been discovered in tcpdump, a command-line network traffic analyzer. These vulnerabilities might result in denial of service or, potentially, execution of arbitrary code.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-09-13T00:00:00", "type": "nessus", "title": "Debian DSA-3971-1 : tcpdump - security update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11108", "CVE-2017-11541", "CVE-2017-11542", "CVE-2017-11543", "CVE-2017-12893", "CVE-2017-12894", "CVE-2017-12895", "CVE-2017-12896", "CVE-2017-12897", "CVE-2017-12898", "CVE-2017-12899", "CVE-2017-12900", "CVE-2017-12901", "CVE-2017-12902", "CVE-2017-12985", "CVE-2017-12986", "CVE-2017-12987", "CVE-2017-12988", "CVE-2017-12989", "CVE-2017-12990", "CVE-2017-12991", "CVE-2017-12992", "CVE-2017-12993", "CVE-2017-12994", "CVE-2017-12995", "CVE-2017-12996", "CVE-2017-12997", "CVE-2017-12998", "CVE-2017-12999", "CVE-2017-13000", "CVE-2017-13001", "CVE-2017-13002", "CVE-2017-13003", "CVE-2017-13004", "CVE-2017-13005", "CVE-2017-13006", "CVE-2017-13007", "CVE-2017-13008", "CVE-2017-13009", "CVE-2017-13010", "CVE-2017-13011", "CVE-2017-13012", "CVE-2017-13013", "CVE-2017-13014", "CVE-2017-13015", "CVE-2017-13016", "CVE-2017-13017", "CVE-2017-13018", "CVE-2017-13019", "CVE-2017-13020", "CVE-2017-13021", "CVE-2017-13022", "CVE-2017-13023", "CVE-2017-13024", "CVE-2017-13025", "CVE-2017-13026", "CVE-2017-13027", "CVE-2017-13028", "CVE-2017-13029", "CVE-2017-13030", "CVE-2017-13031", "CVE-2017-13032", "CVE-2017-13033", "CVE-2017-13034", "CVE-2017-13035", "CVE-2017-13036", "CVE-2017-13037", "CVE-2017-13038", "CVE-2017-13039", "CVE-2017-13040", "CVE-2017-13041", "CVE-2017-13042", "CVE-2017-13043", "CVE-2017-13044", "CVE-2017-13045", "CVE-2017-13046", "CVE-2017-13047", "CVE-2017-13048", "CVE-2017-13049", "CVE-2017-13050", "CVE-2017-13051", "CVE-2017-13052", "CVE-2017-13053", "CVE-2017-13054", "CVE-2017-13055", "CVE-2017-13687", "CVE-2017-13688", "CVE-2017-13689", "CVE-2017-13690", "CVE-2017-13725"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:tcpdump", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-3971.NASL", "href": "https://www.tenable.com/plugins/nessus/103148", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3971. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103148);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-11108\", \"CVE-2017-11541\", \"CVE-2017-11542\", \"CVE-2017-11543\", \"CVE-2017-12893\", \"CVE-2017-12894\", \"CVE-2017-12895\", \"CVE-2017-12896\", \"CVE-2017-12897\", \"CVE-2017-12898\", \"CVE-2017-12899\", \"CVE-2017-12900\", \"CVE-2017-12901\", \"CVE-2017-12902\", \"CVE-2017-12985\", \"CVE-2017-12986\", \"CVE-2017-12987\", \"CVE-2017-12988\", \"CVE-2017-12989\", \"CVE-2017-12990\", \"CVE-2017-12991\", \"CVE-2017-12992\", \"CVE-2017-12993\", \"CVE-2017-12994\", \"CVE-2017-12995\", \"CVE-2017-12996\", \"CVE-2017-12997\", \"CVE-2017-12998\", \"CVE-2017-12999\", \"CVE-2017-13000\", \"CVE-2017-13001\", \"CVE-2017-13002\", \"CVE-2017-13003\", \"CVE-2017-13004\", \"CVE-2017-13005\", \"CVE-2017-13006\", \"CVE-2017-13007\", \"CVE-2017-13008\", \"CVE-2017-13009\", \"CVE-2017-13010\", \"CVE-2017-13011\", \"CVE-2017-13012\", \"CVE-2017-13013\", \"CVE-2017-13014\", \"CVE-2017-13015\", \"CVE-2017-13016\", \"CVE-2017-13017\", \"CVE-2017-13018\", \"CVE-2017-13019\", \"CVE-2017-13020\", \"CVE-2017-13021\", \"CVE-2017-13022\", \"CVE-2017-13023\", \"CVE-2017-13024\", \"CVE-2017-13025\", \"CVE-2017-13026\", \"CVE-2017-13027\", \"CVE-2017-13028\", \"CVE-2017-13029\", \"CVE-2017-13030\", \"CVE-2017-13031\", \"CVE-2017-13032\", \"CVE-2017-13033\", \"CVE-2017-13034\", \"CVE-2017-13035\", \"CVE-2017-13036\", \"CVE-2017-13037\", \"CVE-2017-13038\", \"CVE-2017-13039\", \"CVE-2017-13040\", \"CVE-2017-13041\", \"CVE-2017-13042\", \"CVE-2017-13043\", \"CVE-2017-13044\", \"CVE-2017-13045\", \"CVE-2017-13046\", \"CVE-2017-13047\", \"CVE-2017-13048\", \"CVE-2017-13049\", \"CVE-2017-13050\", \"CVE-2017-13051\", \"CVE-2017-13052\", \"CVE-2017-13053\", \"CVE-2017-13054\", \"CVE-2017-13055\", \"CVE-2017-13687\", \"CVE-2017-13688\", \"CVE-2017-13689\", \"CVE-2017-13690\", \"CVE-2017-13725\");\n script_xref(name:\"DSA\", value:\"3971\");\n\n script_name(english:\"Debian DSA-3971-1 : tcpdump - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in tcpdump, a\ncommand-line network traffic analyzer. These vulnerabilities might\nresult in denial of service or, potentially, execution of arbitrary\ncode.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867718\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873804\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873806\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/tcpdump\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/tcpdump\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-3971\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the tcpdump packages.\n\nFor the oldstable distribution (jessie), these problems have been\nfixed in version 4.9.2-1~deb8u1.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 4.9.2-1~deb9u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"tcpdump\", reference:\"4.9.2-1~deb8u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"tcpdump\", reference:\"4.9.2-1~deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-17T15:27:37", "description": "Wilfried Kirsch discovered a buffer overflow in the SLIP decoder in tcpdump. A remote attacker could use this to cause a denial of service (application crash) or possibly execute arbitrary code.\n(CVE-2017-11543)\n\nBhargava Shastry discovered a buffer overflow in the bitfield converter utility function bittok2str_internal() in tcpdump. A remote attacker could use this to cause a denial of service (application crash) or possibly execute arbitrary code. (CVE-2017-13011)\n\nOtto Airamo and Antti Levomaki discovered logic errors in different protocol parsers in tcpdump that could lead to an infinite loop. A remote attacker could use these to cause a denial of service (application hang). CVE-2017-12989, CVE-2017-12990, CVE-2017-12995, CVE-2017-12997)\n\nOtto Airamo, Brian Carpenter, Yannick Formaggio, Kamil Frankowicz, Katie Holly, Kim Gwan Yeong, Antti Levomaki, Henri Salo, and Bhargava Shastry discovered out-of-bounds reads in muliptle protocol parsers in tcpdump. A remote attacker could use these to cause a denial of service (application crash). (CVE-2017-11108, CVE-2017-11541, CVE-2017-11542, CVE-2017-12893, CVE-2017-12894, CVE-2017-12895, CVE-2017-12896, CVE-2017-12897, CVE-2017-12898, CVE-2017-12899, CVE-2017-12900, CVE-2017-12901, CVE-2017-12902, CVE-2017-12985, CVE-2017-12986, CVE-2017-12987, CVE-2017-12988, CVE-2017-12991, CVE-2017-12992, CVE-2017-12993, CVE-2017-12994, CVE-2017-12996, CVE-2017-12998, CVE-2017-12999, CVE-2017-13000, CVE-2017-13001, CVE-2017-13002, CVE-2017-13003, CVE-2017-13004, CVE-2017-13005, CVE-2017-13006, CVE-2017-13007, CVE-2017-13008, CVE-2017-13009, CVE-2017-13010, CVE-2017-13012, CVE-2017-13013, CVE-2017-13014, CVE-2017-13015, CVE-2017-13016, CVE-2017-13017, CVE-2017-13018, CVE-2017-13019, CVE-2017-13020, CVE-2017-13021, CVE-2017-13022, CVE-2017-13023, CVE-2017-13024, CVE-2017-13025, CVE-2017-13026, CVE-2017-13027, CVE-2017-13028, CVE-2017-13029, CVE-2017-13030, CVE-2017-13031, CVE-2017-13032, CVE-2017-13033, CVE-2017-13034, CVE-2017-13035, CVE-2017-13036, CVE-2017-13037, CVE-2017-13038, CVE-2017-13039, CVE-2017-13040, CVE-2017-13041, CVE-2017-13042, CVE-2017-13043, CVE-2017-13044, CVE-2017-13045, CVE-2017-13046, CVE-2017-13047, CVE-2017-13048, CVE-2017-13049, CVE-2017-13050, CVE-2017-13051, CVE-2017-13052, CVE-2017-13053, CVE-2017-13054, CVE-2017-13055, CVE-2017-13687, CVE-2017-13688, CVE-2017-13689, CVE-2017-13690, CVE-2017-13725).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-09-14T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : tcpdump vulnerabilities (USN-3415-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11108", "CVE-2017-11541", "CVE-2017-11542", "CVE-2017-11543", "CVE-2017-12893", "CVE-2017-12894", "CVE-2017-12895", "CVE-2017-12896", "CVE-2017-12897", "CVE-2017-12898", "CVE-2017-12899", "CVE-2017-12900", "CVE-2017-12901", "CVE-2017-12902", "CVE-2017-12985", "CVE-2017-12986", "CVE-2017-12987", "CVE-2017-12988", "CVE-2017-12989", "CVE-2017-12990", "CVE-2017-12991", "CVE-2017-12992", "CVE-2017-12993", "CVE-2017-12994", "CVE-2017-12995", "CVE-2017-12996", "CVE-2017-12997", "CVE-2017-12998", "CVE-2017-12999", "CVE-2017-13000", "CVE-2017-13001", "CVE-2017-13002", "CVE-2017-13003", "CVE-2017-13004", "CVE-2017-13005", "CVE-2017-13006", "CVE-2017-13007", "CVE-2017-13008", "CVE-2017-13009", "CVE-2017-13010", "CVE-2017-13011", "CVE-2017-13012", "CVE-2017-13013", "CVE-2017-13014", "CVE-2017-13015", "CVE-2017-13016", "CVE-2017-13017", "CVE-2017-13018", "CVE-2017-13019", "CVE-2017-13020", "CVE-2017-13021", "CVE-2017-13022", "CVE-2017-13023", "CVE-2017-13024", "CVE-2017-13025", "CVE-2017-13026", "CVE-2017-13027", "CVE-2017-13028", "CVE-2017-13029", "CVE-2017-13030", "CVE-2017-13031", "CVE-2017-13032", "CVE-2017-13033", "CVE-2017-13034", "CVE-2017-13035", "CVE-2017-13036", "CVE-2017-13037", "CVE-2017-13038", "CVE-2017-13039", "CVE-2017-13040", "CVE-2017-13041", "CVE-2017-13042", "CVE-2017-13043", "CVE-2017-13044", "CVE-2017-13045", "CVE-2017-13046", "CVE-2017-13047", "CVE-2017-13048", "CVE-2017-13049", "CVE-2017-13050", "CVE-2017-13051", "CVE-2017-13052", "CVE-2017-13053", "CVE-2017-13054", "CVE-2017-13055", "CVE-2017-13687", "CVE-2017-13688", "CVE-2017-13689", "CVE-2017-13690", "CVE-2017-13725"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:tcpdump", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:17.04"], "id": "UBUNTU_USN-3415-1.NASL", "href": "https://www.tenable.com/plugins/nessus/103218", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3415-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103218);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-11108\", \"CVE-2017-11541\", \"CVE-2017-11542\", \"CVE-2017-11543\", \"CVE-2017-12893\", \"CVE-2017-12894\", \"CVE-2017-12895\", \"CVE-2017-12896\", \"CVE-2017-12897\", \"CVE-2017-12898\", \"CVE-2017-12899\", \"CVE-2017-12900\", \"CVE-2017-12901\", \"CVE-2017-12902\", \"CVE-2017-12985\", \"CVE-2017-12986\", \"CVE-2017-12987\", \"CVE-2017-12988\", \"CVE-2017-12989\", \"CVE-2017-12990\", \"CVE-2017-12991\", \"CVE-2017-12992\", \"CVE-2017-12993\", \"CVE-2017-12994\", \"CVE-2017-12995\", \"CVE-2017-12996\", \"CVE-2017-12997\", \"CVE-2017-12998\", \"CVE-2017-12999\", \"CVE-2017-13000\", \"CVE-2017-13001\", \"CVE-2017-13002\", \"CVE-2017-13003\", \"CVE-2017-13004\", \"CVE-2017-13005\", \"CVE-2017-13006\", \"CVE-2017-13007\", \"CVE-2017-13008\", \"CVE-2017-13009\", \"CVE-2017-13010\", \"CVE-2017-13011\", \"CVE-2017-13012\", \"CVE-2017-13013\", \"CVE-2017-13014\", \"CVE-2017-13015\", \"CVE-2017-13016\", \"CVE-2017-13017\", \"CVE-2017-13018\", \"CVE-2017-13019\", \"CVE-2017-13020\", \"CVE-2017-13021\", \"CVE-2017-13022\", \"CVE-2017-13023\", \"CVE-2017-13024\", \"CVE-2017-13025\", \"CVE-2017-13026\", \"CVE-2017-13027\", \"CVE-2017-13028\", \"CVE-2017-13029\", \"CVE-2017-13030\", \"CVE-2017-13031\", \"CVE-2017-13032\", \"CVE-2017-13033\", \"CVE-2017-13034\", \"CVE-2017-13035\", \"CVE-2017-13036\", \"CVE-2017-13037\", \"CVE-2017-13038\", \"CVE-2017-13039\", \"CVE-2017-13040\", \"CVE-2017-13041\", \"CVE-2017-13042\", \"CVE-2017-13043\", \"CVE-2017-13044\", \"CVE-2017-13045\", \"CVE-2017-13046\", \"CVE-2017-13047\", \"CVE-2017-13048\", \"CVE-2017-13049\", \"CVE-2017-13050\", \"CVE-2017-13051\", \"CVE-2017-13052\", \"CVE-2017-13053\", \"CVE-2017-13054\", \"CVE-2017-13055\", \"CVE-2017-13687\", \"CVE-2017-13688\", \"CVE-2017-13689\", \"CVE-2017-13690\", \"CVE-2017-13725\");\n script_xref(name:\"USN\", value:\"3415-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : tcpdump vulnerabilities (USN-3415-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Wilfried Kirsch discovered a buffer overflow in the SLIP decoder in\ntcpdump. A remote attacker could use this to cause a denial of service\n(application crash) or possibly execute arbitrary code.\n(CVE-2017-11543)\n\nBhargava Shastry discovered a buffer overflow in the bitfield\nconverter utility function bittok2str_internal() in tcpdump. A remote\nattacker could use this to cause a denial of service (application\ncrash) or possibly execute arbitrary code. (CVE-2017-13011)\n\nOtto Airamo and Antti Levomaki discovered logic errors in different\nprotocol parsers in tcpdump that could lead to an infinite loop. A\nremote attacker could use these to cause a denial of service\n(application hang). CVE-2017-12989, CVE-2017-12990, CVE-2017-12995,\nCVE-2017-12997)\n\nOtto Airamo, Brian Carpenter, Yannick Formaggio, Kamil Frankowicz,\nKatie Holly, Kim Gwan Yeong, Antti Levomaki, Henri Salo, and Bhargava\nShastry discovered out-of-bounds reads in muliptle protocol parsers in\ntcpdump. A remote attacker could use these to cause a denial of\nservice (application crash). (CVE-2017-11108, CVE-2017-11541,\nCVE-2017-11542, CVE-2017-12893, CVE-2017-12894, CVE-2017-12895,\nCVE-2017-12896, CVE-2017-12897, CVE-2017-12898, CVE-2017-12899,\nCVE-2017-12900, CVE-2017-12901, CVE-2017-12902, CVE-2017-12985,\nCVE-2017-12986, CVE-2017-12987, CVE-2017-12988, CVE-2017-12991,\nCVE-2017-12992, CVE-2017-12993, CVE-2017-12994, CVE-2017-12996,\nCVE-2017-12998, CVE-2017-12999, CVE-2017-13000, CVE-2017-13001,\nCVE-2017-13002, CVE-2017-13003, CVE-2017-13004, CVE-2017-13005,\nCVE-2017-13006, CVE-2017-13007, CVE-2017-13008, CVE-2017-13009,\nCVE-2017-13010, CVE-2017-13012, CVE-2017-13013, CVE-2017-13014,\nCVE-2017-13015, CVE-2017-13016, CVE-2017-13017, CVE-2017-13018,\nCVE-2017-13019, CVE-2017-13020, CVE-2017-13021, CVE-2017-13022,\nCVE-2017-13023, CVE-2017-13024, CVE-2017-13025, CVE-2017-13026,\nCVE-2017-13027, CVE-2017-13028, CVE-2017-13029, CVE-2017-13030,\nCVE-2017-13031, CVE-2017-13032, CVE-2017-13033, CVE-2017-13034,\nCVE-2017-13035, CVE-2017-13036, CVE-2017-13037, CVE-2017-13038,\nCVE-2017-13039, CVE-2017-13040, CVE-2017-13041, CVE-2017-13042,\nCVE-2017-13043, CVE-2017-13044, CVE-2017-13045, CVE-2017-13046,\nCVE-2017-13047, CVE-2017-13048, CVE-2017-13049, CVE-2017-13050,\nCVE-2017-13051, CVE-2017-13052, CVE-2017-13053, CVE-2017-13054,\nCVE-2017-13055, CVE-2017-13687, CVE-2017-13688, CVE-2017-13689,\nCVE-2017-13690, CVE-2017-13725).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3415-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected tcpdump package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|17\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 17.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"tcpdump\", pkgver:\"4.9.2-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"tcpdump\", pkgver:\"4.9.2-0ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"tcpdump\", pkgver:\"4.9.2-0ubuntu0.17.04.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tcpdump\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-18T15:35:51", "description": "The remote host is affected by the vulnerability described in GLSA-201709-23 (Tcpdump: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Tcpdump. Please review the referenced CVE identifiers for details.\n Impact :\n\n A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-09-26T00:00:00", "type": "nessus", "title": "GLSA-201709-23 : Tcpdump: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11108", "CVE-2017-11541", "CVE-2017-11542", "CVE-2017-11543", "CVE-2017-11544", "CVE-2017-12893", "CVE-2017-12894", "CVE-2017-12895", "CVE-2017-12896", "CVE-2017-12897", "CVE-2017-12898", "CVE-2017-12899", "CVE-2017-12900", "CVE-2017-12901", "CVE-2017-12902", "CVE-2017-12985", "CVE-2017-12986", "CVE-2017-12987", "CVE-2017-12988", "CVE-2017-12989", "CVE-2017-12990", "CVE-2017-12991", "CVE-2017-12992", "CVE-2017-12993", "CVE-2017-12994", "CVE-2017-12995", "CVE-2017-12996", "CVE-2017-12997", "CVE-2017-12998", "CVE-2017-12999", "CVE-2017-13000", "CVE-2017-13001", "CVE-2017-13002", "CVE-2017-13003", "CVE-2017-13004", "CVE-2017-13005", "CVE-2017-13006", "CVE-2017-13007", "CVE-2017-13008", "CVE-2017-13009", "CVE-2017-13010", "CVE-2017-13011", "CVE-2017-13012", "CVE-2017-13013", "CVE-2017-13014", "CVE-2017-13015", "CVE-2017-13016", "CVE-2017-13017", "CVE-2017-13018", "CVE-2017-13019", "CVE-2017-13020", "CVE-2017-13021", "CVE-2017-13022", "CVE-2017-13023", "CVE-2017-13024", "CVE-2017-13025", "CVE-2017-13026", "CVE-2017-13027", "CVE-2017-13028", "CVE-2017-13029", "CVE-2017-13030", "CVE-2017-13031", "CVE-2017-13032", "CVE-2017-13033", "CVE-2017-13034", "CVE-2017-13035", "CVE-2017-13036", "CVE-2017-13037", "CVE-2017-13038", "CVE-2017-13039", "CVE-2017-13040", "CVE-2017-13041", "CVE-2017-13042", "CVE-2017-13043", "CVE-2017-13044", "CVE-2017-13045", "CVE-2017-13046", "CVE-2017-13047", "CVE-2017-13048", "CVE-2017-13049", "CVE-2017-13050", "CVE-2017-13051", "CVE-2017-13052", "CVE-2017-13053", "CVE-2017-13054", "CVE-2017-13055", "CVE-2017-13687", "CVE-2017-13688", "CVE-2017-13689", "CVE-2017-13690", "CVE-2017-13725"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:tcpdump", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201709-23.NASL", "href": "https://www.tenable.com/plugins/nessus/103462", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201709-23.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103462);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-11108\", \"CVE-2017-11541\", \"CVE-2017-11542\", \"CVE-2017-11543\", \"CVE-2017-11544\", \"CVE-2017-12893\", \"CVE-2017-12894\", \"CVE-2017-12895\", \"CVE-2017-12896\", \"CVE-2017-12897\", \"CVE-2017-12898\", \"CVE-2017-12899\", \"CVE-2017-12900\", \"CVE-2017-12901\", \"CVE-2017-12902\", \"CVE-2017-12985\", \"CVE-2017-12986\", \"CVE-2017-12987\", \"CVE-2017-12988\", \"CVE-2017-12989\", \"CVE-2017-12990\", \"CVE-2017-12991\", \"CVE-2017-12992\", \"CVE-2017-12993\", \"CVE-2017-12994\", \"CVE-2017-12995\", \"CVE-2017-12996\", \"CVE-2017-12997\", \"CVE-2017-12998\", \"CVE-2017-12999\", \"CVE-2017-13000\", \"CVE-2017-13001\", \"CVE-2017-13002\", \"CVE-2017-13003\", \"CVE-2017-13004\", \"CVE-2017-13005\", \"CVE-2017-13006\", \"CVE-2017-13007\", \"CVE-2017-13008\", \"CVE-2017-13009\", \"CVE-2017-13010\", \"CVE-2017-13011\", \"CVE-2017-13012\", \"CVE-2017-13013\", \"CVE-2017-13014\", \"CVE-2017-13015\", \"CVE-2017-13016\", \"CVE-2017-13017\", \"CVE-2017-13018\", \"CVE-2017-13019\", \"CVE-2017-13020\", \"CVE-2017-13021\", \"CVE-2017-13022\", \"CVE-2017-13023\", \"CVE-2017-13024\", \"CVE-2017-13025\", \"CVE-2017-13026\", \"CVE-2017-13027\", \"CVE-2017-13028\", \"CVE-2017-13029\", \"CVE-2017-13030\", \"CVE-2017-13031\", \"CVE-2017-13032\", \"CVE-2017-13033\", \"CVE-2017-13034\", \"CVE-2017-13035\", \"CVE-2017-13036\", \"CVE-2017-13037\", \"CVE-2017-13038\", \"CVE-2017-13039\", \"CVE-2017-13040\", \"CVE-2017-13041\", \"CVE-2017-13042\", \"CVE-2017-13043\", \"CVE-2017-13044\", \"CVE-2017-13045\", \"CVE-2017-13046\", \"CVE-2017-13047\", \"CVE-2017-13048\", \"CVE-2017-13049\", \"CVE-2017-13050\", \"CVE-2017-13051\", \"CVE-2017-13052\", \"CVE-2017-13053\", \"CVE-2017-13054\", \"CVE-2017-13055\", \"CVE-2017-13687\", \"CVE-2017-13688\", \"CVE-2017-13689\", \"CVE-2017-13690\", \"CVE-2017-13725\");\n script_xref(name:\"GLSA\", value:\"201709-23\");\n\n script_name(english:\"GLSA-201709-23 : Tcpdump: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201709-23\n(Tcpdump: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Tcpdump. Please review\n the referenced CVE identifiers for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process or cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201709-23\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Tcpdump users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-analyzer/tcpdump-4.9.2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-analyzer/tcpdump\", unaffected:make_list(\"ge 4.9.2\"), vulnerable:make_list(\"lt 4.9.2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Tcpdump\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-18T15:36:09", "description": "This update for tcpdump to version 4.9.2 fixes several issues. These security issues were fixed :\n\n - CVE-2017-11108: Prevent remote attackers to cause DoS (heap-based buffer over-read and application crash) via crafted packet data. The crash occured in the EXTRACT_16BITS function, called from the stp_print function for the Spanning Tree Protocol (bsc#1047873, bsc#1057247).\n\n - CVE-2017-11543: Prevent buffer overflow in the sliplink_print function in print-sl.c that allowed remote DoS (bsc#1057247).\n\n - CVE-2017-13011: Prevent buffer overflow in bittok2str_internal() that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12989: Prevent infinite loop in the RESP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12990: Prevent infinite loop in the ISAKMP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12995: Prevent infinite loop in the DNS parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12997: Prevent infinite loop in the LLDP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-11541: Prevent heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c that allowed remote DoS (bsc#1057247).\n\n - CVE-2017-11542: Prevent heap-based buffer over-read in the pimv1_print function in print-pim.c that allowed remote DoS (bsc#1057247).\n\n - CVE-2017-12893: Prevent buffer over-read in the SMB/CIFS parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12894: Prevent buffer over-read in several protocol parsers that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12895: Prevent buffer over-read in the ICMP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12896: Prevent buffer over-read in the ISAKMP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12897: Prevent buffer over-read in the ISO CLNS parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12898: Prevent buffer over-read in the NFS parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12899: Prevent buffer over-read in the DECnet parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12900: Prevent buffer over-read in the in several protocol parsers that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12901: Prevent buffer over-read in the EIGRP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12902: Prevent buffer over-read in the Zephyr parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12985: Prevent buffer over-read in the IPv6 parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12986: Prevent buffer over-read in the IPv6 routing header parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12987: Prevent buffer over-read in the 802.11 parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12988: Prevent buffer over-read in the telnet parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12991: Prevent buffer over-read in the BGP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12992: Prevent buffer over-read in the RIPng parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12993: Prevent buffer over-read in the Juniper protocols parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12994: Prevent buffer over-read in the BGP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12996: Prevent buffer over-read in the PIMv2 parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12998: Prevent buffer over-read in the IS-IS parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12999: Prevent buffer over-read in the IS-IS parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13000: Prevent buffer over-read in the IEEE 802.15.4 parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13001: Prevent buffer over-read in the NFS parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13002: Prevent buffer over-read in the AODV parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13003: Prevent buffer over-read in the LMP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13004: Prevent buffer over-read in the Juniper protocols parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13005: Prevent buffer over-read in the NFS parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13006: Prevent buffer over-read in the L2TP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13007: Prevent buffer over-read in the Apple PKTAP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13008: Prevent buffer over-read in the IEEE 802.11 parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13009: Prevent buffer over-read in the IPv6 mobility parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13010: Prevent buffer over-read in the BEEP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13012: Prevent buffer over-read in the ICMP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13013: Prevent buffer over-read in the ARP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13014: Prevent buffer over-read in the White Board protocol parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13015: Prevent buffer over-read in the EAP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13016: Prevent buffer over-read in the ISO ES-IS parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13017: Prevent buffer over-read in the DHCPv6 parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13018: Prevent buffer over-read in the PGM parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13019: Prevent buffer over-read in the PGM parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13020: Prevent buffer over-read in the VTP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13021: Prevent buffer over-read in the ICMPv6 parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13022: Prevent buffer over-read in the IP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13023: Prevent buffer over-read in the IPv6 mobility parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13024: Prevent buffer over-read in the IPv6 mobility parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13025: Prevent buffer over-read in the IPv6 mobility parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13026: Prevent buffer over-read in the ISO IS-IS parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13027: Prevent buffer over-read in the LLDP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13028: Prevent buffer over-read in the BOOTP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13029: Prevent buffer over-read in the PPP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13030: Prevent buffer over-read in the PIM parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13031: Prevent buffer over-read in the IPv6 fragmentation header parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13032: Prevent buffer over-read in the RADIUS parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13033: Prevent buffer over-read in the VTP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13034: Prevent buffer over-read in the PGM parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13035: Prevent buffer over-read in the ISO IS-IS parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13036: Prevent buffer over-read in the OSPFv3 parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13037: Prevent buffer over-read in the IP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13038: Prevent buffer over-read in the PPP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13039: Prevent buffer over-read in the ISAKMP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13040: Prevent buffer over-read in the MPTCP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13041: Prevent buffer over-read in the ICMPv6 parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13042: Prevent buffer over-read in the HNCP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13043: Prevent buffer over-read in the BGP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13044: Prevent buffer over-read in the HNCP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13045: Prevent buffer over-read in the VQP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13046: Prevent buffer over-read in the BGP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13047: Prevent buffer over-read in the ISO ES-IS parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13048: Prevent buffer over-read in the RSVP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13049: Prevent buffer over-read in the Rx protocol parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13050: Prevent buffer over-read in the RPKI-Router parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13051: Prevent buffer over-read in the RSVP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13052: Prevent buffer over-read in the CFM parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13053: Prevent buffer over-read in the BGP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13054: Prevent buffer over-read in the LLDP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13055: Prevent buffer over-read in the ISO IS-IS parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13687: Prevent buffer over-read in the Cisco HDLC parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13688: Prevent buffer over-read in the OLSR parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13689: Prevent buffer over-read in the IKEv1 parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13690: Prevent buffer over-read in the IKEv2 parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13725: Prevent buffer over-read in the IPv6 routing header parser that allowed remote DoS (bsc#1057247)\n\n - Prevent segmentation fault in ESP decoder with OpenSSL 1.1 (bsc#1057247)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-10-27T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : tcpdump (SUSE-SU-2017:2854-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11108", "CVE-2017-11541", "CVE-2017-11542", "CVE-2017-11543", "CVE-2017-12893", "CVE-2017-12894", "CVE-2017-12895", "CVE-2017-12896", "CVE-2017-12897", "CVE-2017-12898", "CVE-2017-12899", "CVE-2017-12900", "CVE-2017-12901", "CVE-2017-12902", "CVE-2017-12985", "CVE-2017-12986", "CVE-2017-12987", "CVE-2017-12988", "CVE-2017-12989", "CVE-2017-12990", "CVE-2017-12991", "CVE-2017-12992", "CVE-2017-12993", "CVE-2017-12994", "CVE-2017-12995", "CVE-2017-12996", "CVE-2017-12997", "CVE-2017-12998", "CVE-2017-12999", "CVE-2017-13000", "CVE-2017-13001", "CVE-2017-13002", "CVE-2017-13003", "CVE-2017-13004", "CVE-2017-13005", "CVE-2017-13006", "CVE-2017-13007", "CVE-2017-13008", "CVE-2017-13009", "CVE-2017-13010", "CVE-2017-13011", "CVE-2017-13012", "CVE-2017-13013", "CVE-2017-13014", "CVE-2017-13015", "CVE-2017-13016", "CVE-2017-13017", "CVE-2017-13018", "CVE-2017-13019", "CVE-2017-13020", "CVE-2017-13021", "CVE-2017-13022", "CVE-2017-13023", "CVE-2017-13024", "CVE-2017-13025", "CVE-2017-13026", "CVE-2017-13027", "CVE-2017-13028", "CVE-2017-13029", "CVE-2017-13030", "CVE-2017-13031", "CVE-2017-13032", "CVE-2017-13033", "CVE-2017-13034", "CVE-2017-13035", "CVE-2017-13036", "CVE-2017-13037", "CVE-2017-13038", "CVE-2017-13039", "CVE-2017-13040", "CVE-2017-13041", "CVE-2017-13042", "CVE-2017-13043", "CVE-2017-13044", "CVE-2017-13045", "CVE-2017-13046", "CVE-2017-13047", "CVE-2017-13048", "CVE-2017-13049", "CVE-2017-13050", "CVE-2017-13051", "CVE-2017-13052", "CVE-2017-13053", "CVE-2017-13054", "CVE-2017-13055", "CVE-2017-13687", "CVE-2017-13688", "CVE-2017-13689", "CVE-2017-13690", "CVE-2017-13725"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:tcpdump", "p-cpe:/a:novell:suse_linux:tcpdump-debuginfo", "p-cpe:/a:novell:suse_linux:tcpdump-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-2854-1.NASL", "href": "https://www.tenable.com/plugins/nessus/104208", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2854-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104208);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-11108\", \"CVE-2017-11541\", \"CVE-2017-11542\", \"CVE-2017-11543\", \"CVE-2017-12893\", \"CVE-2017-12894\", \"CVE-2017-12895\", \"CVE-2017-12896\", \"CVE-2017-12897\", \"CVE-2017-12898\", \"CVE-2017-12899\", \"CVE-2017-12900\", \"CVE-2017-12901\", \"CVE-2017-12902\", \"CVE-2017-12985\", \"CVE-2017-12986\", \"CVE-2017-12987\", \"CVE-2017-12988\", \"CVE-2017-12989\", \"CVE-2017-12990\", \"CVE-2017-12991\", \"CVE-2017-12992\", \"CVE-2017-12993\", \"CVE-2017-12994\", \"CVE-2017-12995\", \"CVE-2017-12996\", \"CVE-2017-12997\", \"CVE-2017-12998\", \"CVE-2017-12999\", \"CVE-2017-13000\", \"CVE-2017-13001\", \"CVE-2017-13002\", \"CVE-2017-13003\", \"CVE-2017-13004\", \"CVE-2017-13005\", \"CVE-2017-13006\", \"CVE-2017-13007\", \"CVE-2017-13008\", \"CVE-2017-13009\", \"CVE-2017-13010\", \"CVE-2017-13011\", \"CVE-2017-13012\", \"CVE-2017-13013\", \"CVE-2017-13014\", \"CVE-2017-13015\", \"CVE-2017-13016\", \"CVE-2017-13017\", \"CVE-2017-13018\", \"CVE-2017-13019\", \"CVE-2017-13020\", \"CVE-2017-13021\", \"CVE-2017-13022\", \"CVE-2017-13023\", \"CVE-2017-13024\", \"CVE-2017-13025\", \"CVE-2017-13026\", \"CVE-2017-13027\", \"CVE-2017-13028\", \"CVE-2017-13029\", \"CVE-2017-13030\", \"CVE-2017-13031\", \"CVE-2017-13032\", \"CVE-2017-13033\", \"CVE-2017-13034\", \"CVE-2017-13035\", \"CVE-2017-13036\", \"CVE-2017-13037\", \"CVE-2017-13038\", \"CVE-2017-13039\", \"CVE-2017-13040\", \"CVE-2017-13041\", \"CVE-2017-13042\", \"CVE-2017-13043\", \"CVE-2017-13044\", \"CVE-2017-13045\", \"CVE-2017-13046\", \"CVE-2017-13047\", \"CVE-2017-13048\", \"CVE-2017-13049\", \"CVE-2017-13050\", \"CVE-2017-13051\", \"CVE-2017-13052\", \"CVE-2017-13053\", \"CVE-2017-13054\", \"CVE-2017-13055\", \"CVE-2017-13687\", \"CVE-2017-13688\", \"CVE-2017-13689\", \"CVE-2017-13690\", \"CVE-2017-13725\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : tcpdump (SUSE-SU-2017:2854-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for tcpdump to version 4.9.2 fixes several issues. These\nsecurity issues were fixed :\n\n - CVE-2017-11108: Prevent remote attackers to cause DoS\n (heap-based buffer over-read and application crash) via\n crafted packet data. The crash occured in the\n EXTRACT_16BITS function, called from the stp_print\n function for the Spanning Tree Protocol (bsc#1047873,\n bsc#1057247).\n\n - CVE-2017-11543: Prevent buffer overflow in the\n sliplink_print function in print-sl.c that allowed\n remote DoS (bsc#1057247).\n\n - CVE-2017-13011: Prevent buffer overflow in\n bittok2str_internal() that allowed remote DoS\n (bsc#1057247)\n\n - CVE-2017-12989: Prevent infinite loop in the RESP parser\n that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12990: Prevent infinite loop in the ISAKMP\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12995: Prevent infinite loop in the DNS parser\n that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12997: Prevent infinite loop in the LLDP parser\n that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-11541: Prevent heap-based buffer over-read in\n the lldp_print function in print-lldp.c, related to\n util-print.c that allowed remote DoS (bsc#1057247).\n\n - CVE-2017-11542: Prevent heap-based buffer over-read in\n the pimv1_print function in print-pim.c that allowed\n remote DoS (bsc#1057247).\n\n - CVE-2017-12893: Prevent buffer over-read in the SMB/CIFS\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12894: Prevent buffer over-read in several\n protocol parsers that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12895: Prevent buffer over-read in the ICMP\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12896: Prevent buffer over-read in the ISAKMP\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12897: Prevent buffer over-read in the ISO CLNS\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12898: Prevent buffer over-read in the NFS\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12899: Prevent buffer over-read in the DECnet\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12900: Prevent buffer over-read in the in\n several protocol parsers that allowed remote DoS\n (bsc#1057247)\n\n - CVE-2017-12901: Prevent buffer over-read in the EIGRP\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12902: Prevent buffer over-read in the Zephyr\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12985: Prevent buffer over-read in the IPv6\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12986: Prevent buffer over-read in the IPv6\n routing header parser that allowed remote DoS\n (bsc#1057247)\n\n - CVE-2017-12987: Prevent buffer over-read in the 802.11\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12988: Prevent buffer over-read in the telnet\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12991: Prevent buffer over-read in the BGP\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12992: Prevent buffer over-read in the RIPng\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12993: Prevent buffer over-read in the Juniper\n protocols parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12994: Prevent buffer over-read in the BGP\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12996: Prevent buffer over-read in the PIMv2\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12998: Prevent buffer over-read in the IS-IS\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12999: Prevent buffer over-read in the IS-IS\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13000: Prevent buffer over-read in the IEEE\n 802.15.4 parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13001: Prevent buffer over-read in the NFS\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13002: Prevent buffer over-read in the AODV\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13003: Prevent buffer over-read in the LMP\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13004: Prevent buffer over-read in the Juniper\n protocols parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13005: Prevent buffer over-read in the NFS\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13006: Prevent buffer over-read in the L2TP\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13007: Prevent buffer over-read in the Apple\n PKTAP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13008: Prevent buffer over-read in the IEEE\n 802.11 parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13009: Prevent buffer over-read in the IPv6\n mobility parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13010: Prevent buffer over-read in the BEEP\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13012: Prevent buffer over-read in the ICMP\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13013: Prevent buffer over-read in the ARP\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13014: Prevent buffer over-read in the White\n Board protocol parser that allowed remote DoS\n (bsc#1057247)\n\n - CVE-2017-13015: Prevent buffer over-read in the EAP\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13016: Prevent buffer over-read in the ISO\n ES-IS parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13017: Prevent buffer over-read in the DHCPv6\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13018: Prevent buffer over-read in the PGM\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13019: Prevent buffer over-read in the PGM\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13020: Prevent buffer over-read in the VTP\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13021: Prevent buffer over-read in the ICMPv6\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13022: Prevent buffer over-read in the IP\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13023: Prevent buffer over-read in the IPv6\n mobility parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13024: Prevent buffer over-read in the IPv6\n mobility parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13025: Prevent buffer over-read in the IPv6\n mobility parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13026: Prevent buffer over-read in the ISO\n IS-IS parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13027: Prevent buffer over-read in the LLDP\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13028: Prevent buffer over-read in the BOOTP\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13029: Prevent buffer over-read in the PPP\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13030: Prevent buffer over-read in the PIM\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13031: Prevent buffer over-read in the IPv6\n fragmentation header parser that allowed remote DoS\n (bsc#1057247)\n\n - CVE-2017-13032: Prevent buffer over-read in the RADIUS\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13033: Prevent buffer over-read in the VTP\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13034: Prevent buffer over-read in the PGM\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13035: Prevent buffer over-read in the ISO\n IS-IS parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13036: Prevent buffer over-read in the OSPFv3\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13037: Prevent buffer over-read in the IP\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13038: Prevent buffer over-read in the PPP\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13039: Prevent buffer over-read in the ISAKMP\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13040: Prevent buffer over-read in the MPTCP\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13041: Prevent buffer over-read in the ICMPv6\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13042: Prevent buffer over-read in the HNCP\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13043: Prevent buffer over-read in the BGP\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13044: Prevent buffer over-read in the HNCP\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13045: Prevent buffer over-read in the VQP\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13046: Prevent buffer over-read in the BGP\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13047: Prevent buffer over-read in the ISO\n ES-IS parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13048: Prevent buffer over-read in the RSVP\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13049: Prevent buffer over-read in the Rx\n protocol parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13050: Prevent buffer over-read in the\n RPKI-Router parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13051: Prevent buffer over-read in the RSVP\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13052: Prevent buffer over-read in the CFM\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13053: Prevent buffer over-read in the BGP\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13054: Prevent buffer over-read in the LLDP\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13055: Prevent buffer over-read in the ISO\n IS-IS parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13687: Prevent buffer over-read in the Cisco\n HDLC parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13688: Prevent buffer over-read in the OLSR\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13689: Prevent buffer over-read in the IKEv1\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13690: Prevent buffer over-read in the IKEv2\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13725: Prevent buffer over-read in the IPv6\n routing header parser that allowed remote DoS\n (bsc#1057247)\n\n - Prevent segmentation fault in ESP decoder with OpenSSL\n 1.1 (bsc#1057247)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047873\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057247\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11108/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11541/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11542/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11543/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12893/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12894/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12895/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12896/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12897/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12898/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12899/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12900/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12901/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12902/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12985/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12986/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12987/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12988/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12989/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12990/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12991/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12992/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12993/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12994/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12995/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12996/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12997/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12998/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12999/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13000/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13001/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13002/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13003/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13004/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13005/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13006/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13007/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13008/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13009/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13010/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13011/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13012/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13013/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13014/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13015/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13016/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13017/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13018/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13019/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13020/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13021/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13022/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13023/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13024/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13025/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13026/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13027/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13028/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13029/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13030/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13031/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13032/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13033/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13034/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13035/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13036/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13037/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13038/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13039/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13040/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13041/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13042/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13043/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13044/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13045/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13046/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13047/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13048/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13049/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13050/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13051/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13052/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13053/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13054/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13055/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13687/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13688/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13689/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13690/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13725/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172854-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fe000485\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2017-1776=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2017-1776=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-1776=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2017-1776=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2017-1776=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:tcpdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:tcpdump-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"tcpdump-4.9.2-14.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"tcpdump-debuginfo-4.9.2-14.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"tcpdump-debugsource-4.9.2-14.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"tcpdump-4.9.2-14.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"tcpdump-debuginfo-4.9.2-14.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"tcpdump-debugsource-4.9.2-14.5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"tcpdump-4.9.2-14.5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"tcpdump-debuginfo-4.9.2-14.5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"tcpdump-debugsource-4.9.2-14.5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"tcpdump-4.9.2-14.5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"tcpdump-debuginfo-4.9.2-14.5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"tcpdump-debugsource-4.9.2-14.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tcpdump\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-18T15:08:18", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has tcpdump packages installed that are affected by multiple vulnerabilities:\n\n - Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in util-print.c:tok2strbuf().\n (CVE-2017-12900)\n\n - tcpdump 4.9.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packet data. The crash occurs in the EXTRACT_16BITS function, called from the stp_print function for the Spanning Tree Protocol.\n (CVE-2017-11108)\n\n - A vulnerability was discovered in tcpdump's handling of LINKTYPE_SLIP pcap files. An attacker could craft a malicious pcap file that would cause tcpdump to crash when attempting to print a summary of packet data within the file. (CVE-2017-11543, CVE-2017-11544)\n\n - The ISO CLNS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isoclns_print().\n (CVE-2017-12897)\n\n - The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:isakmp_rfc3948_print().\n (CVE-2017-12896)\n\n - The IPv6 fragmentation header parser in tcpdump before 4.9.2 has a buffer over-read in print- frag6.c:frag6_print(). (CVE-2017-13031)\n\n - The RADIUS parser in tcpdump before 4.9.2 has a buffer over-read in print-radius.c:print_attr_string().\n (CVE-2017-13032)\n\n - The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print- mobility.c:mobility_opt_print(). (CVE-2017-13023, CVE-2017-13024, CVE-2017-13025)\n\n - The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esis_print().\n (CVE-2017-13016, CVE-2017-13047)\n\n - The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_mgmt_addr_tlv_print().\n (CVE-2017-13027)\n\n - The White Board protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-wb.c:wb_prep(), several functions. (CVE-2017-13014)\n\n - The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_extd_ip_reach().\n (CVE-2017-12998)\n\n - The IEEE 802.15.4 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_15_4.c:ieee802_15_4_if_print().\n (CVE-2017-13000)\n\n - The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_id().\n (CVE-2017-13035)\n\n - The OSPFv3 parser in tcpdump before 4.9.2 has a buffer over-read in print-ospf6.c:ospf6_decode_v3().\n (CVE-2017-13036)\n\n - The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c, several functions.\n (CVE-2017-13026)\n\n - The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print- juniper.c:juniper_parse_header(). (CVE-2017-13004)\n\n - The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:print_ccp_config_options().\n (CVE-2017-13029)\n\n - The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_print().\n (CVE-2017-13009)\n\n - The Apple PKTAP parser in tcpdump before 4.9.2 has a buffer over-read in print-pktap.c:pktap_if_print().\n (CVE-2017-13007)\n\n - The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements().\n (CVE-2017-13008, CVE-2017-12987)\n\n - The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print-juniper.c, several functions. (CVE-2017-12993)\n\n - The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions.\n (CVE-2017-13039)\n\n - The MPTCP parser in tcpdump before 4.9.2 has a buffer over-read in print-mptcp.c, several functions.\n (CVE-2017-13040)\n\n - The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_nodeinfo_print().\n (CVE-2017-13041)\n\n - The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_multicast_vpn().\n (CVE-2017-13043)\n\n - The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_rt_routing_info().\n (CVE-2017-13053)\n\n - The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_private_8023_print().\n (CVE-2017-13054)\n\n - The RPKI-Router parser in tcpdump before 4.9.2 has a buffer over-read in print-rpki- rtr.c:rpki_rtr_pdu_print(). (CVE-2017-13050)\n\n - The IKEv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions.\n (CVE-2017-13690)\n\n - The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print().\n (CVE-2017-13725, CVE-2017-12986)\n\n - The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print- isoclns.c:isis_print_is_reach_subtlv(). (CVE-2017-13055)\n\n - The Cisco HDLC parser in tcpdump before 4.9.2 has a buffer over-read in print-chdlc.c:chdlc_print().\n (CVE-2017-13687)\n\n - The RESP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print- resp.c:resp_get_length(). (CVE-2017-12989)\n\n - The Zephyr parser in tcpdump before 4.9.2 has a buffer over-read in print-zephyr.c, several functions.\n (CVE-2017-12902)\n\n - The DNS parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-domain.c:ns_print().\n (CVE-2017-12995)\n\n - Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in addrtoname.c:lookup_bytestring(). (CVE-2017-12894)\n\n - The LLDP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print- lldp.c:lldp_private_8021_print(). (CVE-2017-12997)\n\n - The ISAKMP parser in tcpdump before 4.9.2 could enter an infinite loop due to bugs in print-isakmp.c, several functions. (CVE-2017-12990)\n\n - A vulnerability was found in tcpdump's verbose printing of packet data. A crafted pcap file or specially crafted network traffic could cause tcpdump to write out of bounds in the BSS segment, potentially causing tcpdump to display truncated or incorrectly decoded fields or crash with a segmentation violation. This does not affect tcpdump when used with the -w option to save a pcap file. (CVE-2017-13011)\n\n - The SMB/CIFS parser in tcpdump before 4.9.2 has a buffer over-read in smbutil.c:name_len(). (CVE-2017-12893)\n\n - The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp.c:icmp_print(). (CVE-2017-12895, CVE-2017-13012)\n\n - The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:interp_reply().\n (CVE-2017-12898)\n\n - The DECnet parser in tcpdump before 4.9.2 has a buffer over-read in print-decnet.c:decnet_print().\n (CVE-2017-12899)\n\n - The EIGRP parser in tcpdump before 4.9.2 has a buffer over-read in print-eigrp.c:eigrp_print().\n (CVE-2017-12901)\n\n - The IPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-ip6.c:ip6_print(). (CVE-2017-12985)\n\n - The telnet parser in tcpdump before 4.9.2 has a buffer over-read in print-telnet.c:telnet_parse().\n (CVE-2017-12988)\n\n - The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print().\n (CVE-2017-12991, CVE-2017-12994, CVE-2017-13046)\n\n - The RIPng parser in tcpdump before 4.9.2 has a buffer over-read in print-ripng.c:ripng_print().\n (CVE-2017-12992)\n\n - The PIMv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c:pimv2_print(). (CVE-2017-12996)\n\n - The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print().\n (CVE-2017-12999)\n\n - The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:nfs_printfh(). (CVE-2017-13001)\n\n - The AODV parser in tcpdump before 4.9.2 has a buffer over-read in print-aodv.c:aodv_extension().\n (CVE-2017-13002)\n\n - The LMP parser in tcpdump before 4.9.2 has a buffer over-read in print-lmp.c:lmp_print(). (CVE-2017-13003)\n\n - The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:xid_map_enter().\n (CVE-2017-13005)\n\n - The L2TP parser in tcpdump before 4.9.2 has a buffer over-read in print-l2tp.c, several functions.\n (CVE-2017-13006)\n\n - The BEEP parser in tcpdump before 4.9.2 has a buffer over-read in print-beep.c:l_strnstart().\n (CVE-2017-13010)\n\n - The ARP parser in tcpdump before 4.9.2 has a buffer over-read in print-arp.c, several functions.\n (CVE-2017-13013)\n\n - The EAP parser in tcpdump before 4.9.2 has a buffer over-read in print-eap.c:eap_print(). (CVE-2017-13015)\n\n - The DHCPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-dhcp6.c:dhcp6opt_print().\n (CVE-2017-13017)\n\n - The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print(). (CVE-2017-13018, CVE-2017-13019, CVE-2017-13034)\n\n - The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print(). (CVE-2017-13020, CVE-2017-13033)\n\n - The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_print().\n (CVE-2017-13021)\n\n - The IP parser in tcpdump before 4.9.2 has a buffer over- read in print-ip.c:ip_printroute(). (CVE-2017-13022)\n\n - The BOOTP parser in tcpdump before 4.9.2 has a buffer over-read in print-bootp.c:bootp_print().\n (CVE-2017-13028)\n\n - The PIM parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c, several functions.\n (CVE-2017-13030)\n\n - The IP parser in tcpdump before 4.9.2 has a buffer over- read in print-ip.c:ip_printts(). (CVE-2017-13037)\n\n - The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:handle_mlppp().\n (CVE-2017-13038)\n\n - The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in print-hncp.c:dhcpv6_print().\n (CVE-2017-13042)\n\n - The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in print-hncp.c:dhcpv4_print().\n (CVE-2017-13044)\n\n - The VQP parser in tcpdump before 4.9.2 has a buffer over-read in print-vqp.c:vqp_print(). (CVE-2017-13045)\n\n - The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvp_obj_print().\n (CVE-2017-13048, CVE-2017-13051)\n\n - The Rx protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-rx.c:ubik_print().\n (CVE-2017-13049)\n\n - The CFM parser in tcpdump before 4.9.2 has a buffer over-read in print-cfm.c:cfm_print(). (CVE-2017-13052)\n\n - The OLSR parser in tcpdump before 4.9.2 has a buffer over-read in print-olsr.c:olsr_print(). (CVE-2017-13688)\n\n - The IKEv1 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:ikev1_id_print().\n (CVE-2017-13689)\n\n - tcpdump 4.9.0 has a heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util- print.c. (CVE-2017-11541)\n\n - tcpdump 4.9.0 has a heap-based buffer over-read in the pimv1_print function in print-pim.c. (CVE-2017-11542)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : tcpdump Multiple Vulnerabilities (NS-SA-2019-0071)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11108", "CVE-2017-11541", "CVE-2017-11542", "CVE-2017-11543", "CVE-2017-11544", "CVE-2017-12893", "CVE-2017-12894", "CVE-2017-12895", "CVE-2017-12896", "CVE-2017-12897", "CVE-2017-12898", "CVE-2017-12899", "CVE-2017-12900", "CVE-2017-12901", "CVE-2017-12902", "CVE-2017-12985", "CVE-2017-12986", "CVE-2017-12987", "CVE-2017-12988", "CVE-2017-12989", "CVE-2017-12990", "CVE-2017-12991", "CVE-2017-12992", "CVE-2017-12993", "CVE-2017-12994", "CVE-2017-12995", "CVE-2017-12996", "CVE-2017-12997", "CVE-2017-12998", "CVE-2017-12999", "CVE-2017-13000", "CVE-2017-13001", "CVE-2017-13002", "CVE-2017-13003", "CVE-2017-13004", "CVE-2017-13005", "CVE-2017-13006", "CVE-2017-13007", "CVE-2017-13008", "CVE-2017-13009", "CVE-2017-13010", "CVE-2017-13011", "CVE-2017-13012", "CVE-2017-13013", "CVE-2017-13014", "CVE-2017-13015", "CVE-2017-13016", "CVE-2017-13017", "CVE-2017-13018", "CVE-2017-13019", "CVE-2017-13020", "CVE-2017-13021", "CVE-2017-13022", "CVE-2017-13023", "CVE-2017-13024", "CVE-2017-13025", "CVE-2017-13026", "CVE-2017-13027", "CVE-2017-13028", "CVE-2017-13029", "CVE-2017-13030", "CVE-2017-13031", "CVE-2017-13032", "CVE-2017-13033", "CVE-2017-13034", "CVE-2017-13035", "CVE-2017-13036", "CVE-2017-13037", "CVE-2017-13038", "CVE-2017-13039", "CVE-2017-13040", "CVE-2017-13041", "CVE-2017-13042", "CVE-2017-13043", "CVE-2017-13044", "CVE-2017-13045", "CVE-2017-13046", "CVE-2017-13047", "CVE-2017-13048", "CVE-2017-13049", "CVE-2017-13050", "CVE-2017-13051", "CVE-2017-13052", "CVE-2017-13053", "CVE-2017-13054", "CVE-2017-13055", "CVE-2017-13687", "CVE-2017-13688", "CVE-2017-13689", "CVE-2017-13690", "CVE-2017-13725"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0071_TCPDUMP.NASL", "href": "https://www.tenable.com/plugins/nessus/127275", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0071. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127275);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\n \"CVE-2017-11108\",\n \"CVE-2017-11541\",\n \"CVE-2017-11542\",\n \"CVE-2017-11543\",\n \"CVE-2017-11544\",\n \"CVE-2017-12893\",\n \"CVE-2017-12894\",\n \"CVE-2017-12895\",\n \"CVE-2017-12896\",\n \"CVE-2017-12897\",\n \"CVE-2017-12898\",\n \"CVE-2017-12899\",\n \"CVE-2017-12900\",\n \"CVE-2017-12901\",\n \"CVE-2017-12902\",\n \"CVE-2017-12985\",\n \"CVE-2017-12986\",\n \"CVE-2017-12987\",\n \"CVE-2017-12988\",\n \"CVE-2017-12989\",\n \"CVE-2017-12990\",\n \"CVE-2017-12991\",\n \"CVE-2017-12992\",\n \"CVE-2017-12993\",\n \"CVE-2017-12994\",\n \"CVE-2017-12995\",\n \"CVE-2017-12996\",\n \"CVE-2017-12997\",\n \"CVE-2017-12998\",\n \"CVE-2017-12999\",\n \"CVE-2017-13000\",\n \"CVE-2017-13001\",\n \"CVE-2017-13002\",\n \"CVE-2017-13003\",\n \"CVE-2017-13004\",\n \"CVE-2017-13005\",\n \"CVE-2017-13006\",\n \"CVE-2017-13007\",\n \"CVE-2017-13008\",\n \"CVE-2017-13009\",\n \"CVE-2017-13010\",\n \"CVE-2017-13011\",\n \"CVE-2017-13012\",\n \"CVE-2017-13013\",\n \"CVE-2017-13014\",\n \"CVE-2017-13015\",\n \"CVE-2017-13016\",\n \"CVE-2017-13017\",\n \"CVE-2017-13018\",\n \"CVE-2017-13019\",\n \"CVE-2017-13020\",\n \"CVE-2017-13021\",\n \"CVE-2017-13022\",\n \"CVE-2017-13023\",\n \"CVE-2017-13024\",\n \"CVE-2017-13025\",\n \"CVE-2017-13026\",\n \"CVE-2017-13027\",\n \"CVE-2017-13028\",\n \"CVE-2017-13029\",\n \"CVE-2017-13030\",\n \"CVE-2017-13031\",\n \"CVE-2017-13032\",\n \"CVE-2017-13033\",\n \"CVE-2017-13034\",\n \"CVE-2017-13035\",\n \"CVE-2017-13036\",\n \"CVE-2017-13037\",\n \"CVE-2017-13038\",\n \"CVE-2017-13039\",\n \"CVE-2017-13040\",\n \"CVE-2017-13041\",\n \"CVE-2017-13042\",\n \"CVE-2017-13043\",\n \"CVE-2017-13044\",\n \"CVE-2017-13045\",\n \"CVE-2017-13046\",\n \"CVE-2017-13047\",\n \"CVE-2017-13048\",\n \"CVE-2017-13049\",\n \"CVE-2017-13050\",\n \"CVE-2017-13051\",\n \"CVE-2017-13052\",\n \"CVE-2017-13053\",\n \"CVE-2017-13054\",\n \"CVE-2017-13055\",\n \"CVE-2017-13687\",\n \"CVE-2017-13688\",\n \"CVE-2017-13689\",\n \"CVE-2017-13690\",\n \"CVE-2017-13725\"\n );\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : tcpdump Multiple Vulnerabilities (NS-SA-2019-0071)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has tcpdump packages installed that are affected\nby multiple vulnerabilities:\n\n - Several protocol parsers in tcpdump before 4.9.2 could\n cause a buffer over-read in util-print.c:tok2strbuf().\n (CVE-2017-12900)\n\n - tcpdump 4.9.0 allows remote attackers to cause a denial\n of service (heap-based buffer over-read and application\n crash) via crafted packet data. The crash occurs in the\n EXTRACT_16BITS function, called from the stp_print\n function for the Spanning Tree Protocol.\n (CVE-2017-11108)\n\n - A vulnerability was discovered in tcpdump's handling of\n LINKTYPE_SLIP pcap files. An attacker could craft a\n malicious pcap file that would cause tcpdump to crash\n when attempting to print a summary of packet data within\n the file. (CVE-2017-11543, CVE-2017-11544)\n\n - The ISO CLNS parser in tcpdump before 4.9.2 has a buffer\n over-read in print-isoclns.c:isoclns_print().\n (CVE-2017-12897)\n\n - The ISAKMP parser in tcpdump before 4.9.2 has a buffer\n over-read in print-isakmp.c:isakmp_rfc3948_print().\n (CVE-2017-12896)\n\n - The IPv6 fragmentation header parser in tcpdump before\n 4.9.2 has a buffer over-read in print-\n frag6.c:frag6_print(). (CVE-2017-13031)\n\n - The RADIUS parser in tcpdump before 4.9.2 has a buffer\n over-read in print-radius.c:print_attr_string().\n (CVE-2017-13032)\n\n - The IPv6 mobility parser in tcpdump before 4.9.2 has a\n buffer over-read in print-\n mobility.c:mobility_opt_print(). (CVE-2017-13023,\n CVE-2017-13024, CVE-2017-13025)\n\n - The ISO ES-IS parser in tcpdump before 4.9.2 has a\n buffer over-read in print-isoclns.c:esis_print().\n (CVE-2017-13016, CVE-2017-13047)\n\n - The LLDP parser in tcpdump before 4.9.2 has a buffer\n over-read in print-lldp.c:lldp_mgmt_addr_tlv_print().\n (CVE-2017-13027)\n\n - The White Board protocol parser in tcpdump before 4.9.2\n has a buffer over-read in print-wb.c:wb_prep(), several\n functions. (CVE-2017-13014)\n\n - The IS-IS parser in tcpdump before 4.9.2 has a buffer\n over-read in print-isoclns.c:isis_print_extd_ip_reach().\n (CVE-2017-12998)\n\n - The IEEE 802.15.4 parser in tcpdump before 4.9.2 has a\n buffer over-read in\n print-802_15_4.c:ieee802_15_4_if_print().\n (CVE-2017-13000)\n\n - The ISO IS-IS parser in tcpdump before 4.9.2 has a\n buffer over-read in print-isoclns.c:isis_print_id().\n (CVE-2017-13035)\n\n - The OSPFv3 parser in tcpdump before 4.9.2 has a buffer\n over-read in print-ospf6.c:ospf6_decode_v3().\n (CVE-2017-13036)\n\n - The ISO IS-IS parser in tcpdump before 4.9.2 has a\n buffer over-read in print-isoclns.c, several functions.\n (CVE-2017-13026)\n\n - The Juniper protocols parser in tcpdump before 4.9.2 has\n a buffer over-read in print-\n juniper.c:juniper_parse_header(). (CVE-2017-13004)\n\n - The PPP parser in tcpdump before 4.9.2 has a buffer\n over-read in print-ppp.c:print_ccp_config_options().\n (CVE-2017-13029)\n\n - The IPv6 mobility parser in tcpdump before 4.9.2 has a\n buffer over-read in print-mobility.c:mobility_print().\n (CVE-2017-13009)\n\n - The Apple PKTAP parser in tcpdump before 4.9.2 has a\n buffer over-read in print-pktap.c:pktap_if_print().\n (CVE-2017-13007)\n\n - The IEEE 802.11 parser in tcpdump before 4.9.2 has a\n buffer over-read in print-802_11.c:parse_elements().\n (CVE-2017-13008, CVE-2017-12987)\n\n - The Juniper protocols parser in tcpdump before 4.9.2 has\n a buffer over-read in print-juniper.c, several\n functions. (CVE-2017-12993)\n\n - The ISAKMP parser in tcpdump before 4.9.2 has a buffer\n over-read in print-isakmp.c, several functions.\n (CVE-2017-13039)\n\n - The MPTCP parser in tcpdump before 4.9.2 has a buffer\n over-read in print-mptcp.c, several functions.\n (CVE-2017-13040)\n\n - The ICMPv6 parser in tcpdump before 4.9.2 has a buffer\n over-read in print-icmp6.c:icmp6_nodeinfo_print().\n (CVE-2017-13041)\n\n - The BGP parser in tcpdump before 4.9.2 has a buffer\n over-read in print-bgp.c:decode_multicast_vpn().\n (CVE-2017-13043)\n\n - The BGP parser in tcpdump before 4.9.2 has a buffer\n over-read in print-bgp.c:decode_rt_routing_info().\n (CVE-2017-13053)\n\n - The LLDP parser in tcpdump before 4.9.2 has a buffer\n over-read in print-lldp.c:lldp_private_8023_print().\n (CVE-2017-13054)\n\n - The RPKI-Router parser in tcpdump before 4.9.2 has a\n buffer over-read in print-rpki-\n rtr.c:rpki_rtr_pdu_print(). (CVE-2017-13050)\n\n - The IKEv2 parser in tcpdump before 4.9.2 has a buffer\n over-read in print-isakmp.c, several functions.\n (CVE-2017-13690)\n\n - The IPv6 routing header parser in tcpdump before 4.9.2\n has a buffer over-read in print-rt6.c:rt6_print().\n (CVE-2017-13725, CVE-2017-12986)\n\n - The ISO IS-IS parser in tcpdump before 4.9.2 has a\n buffer over-read in print-\n isoclns.c:isis_print_is_reach_subtlv(). (CVE-2017-13055)\n\n - The Cisco HDLC parser in tcpdump before 4.9.2 has a\n buffer over-read in print-chdlc.c:chdlc_print().\n (CVE-2017-13687)\n\n - The RESP parser in tcpdump before 4.9.2 could enter an\n infinite loop due to a bug in print-\n resp.c:resp_get_length(). (CVE-2017-12989)\n\n - The Zephyr parser in tcpdump before 4.9.2 has a buffer\n over-read in print-zephyr.c, several functions.\n (CVE-2017-12902)\n\n - The DNS parser in tcpdump before 4.9.2 could enter an\n infinite loop due to a bug in print-domain.c:ns_print().\n (CVE-2017-12995)\n\n - Several protocol parsers in tcpdump before 4.9.2 could\n cause a buffer over-read in\n addrtoname.c:lookup_bytestring(). (CVE-2017-12894)\n\n - The LLDP parser in tcpdump before 4.9.2 could enter an\n infinite loop due to a bug in print-\n lldp.c:lldp_private_8021_print(). (CVE-2017-12997)\n\n - The ISAKMP parser in tcpdump before 4.9.2 could enter an\n infinite loop due to bugs in print-isakmp.c, several\n functions. (CVE-2017-12990)\n\n - A vulnerability was found in tcpdump's verbose printing\n of packet data. A crafted pcap file or specially crafted\n network traffic could cause tcpdump to write out of\n bounds in the BSS segment, potentially causing tcpdump\n to display truncated or incorrectly decoded fields or\n crash with a segmentation violation. This does not\n affect tcpdump when used with the -w option to save a\n pcap file. (CVE-2017-13011)\n\n - The SMB/CIFS parser in tcpdump before 4.9.2 has a buffer\n over-read in smbutil.c:name_len(). (CVE-2017-12893)\n\n - The ICMP parser in tcpdump before 4.9.2 has a buffer\n over-read in print-icmp.c:icmp_print(). (CVE-2017-12895,\n CVE-2017-13012)\n\n - The NFS parser in tcpdump before 4.9.2 has a buffer\n over-read in print-nfs.c:interp_reply().\n (CVE-2017-12898)\n\n - The DECnet parser in tcpdump before 4.9.2 has a buffer\n over-read in print-decnet.c:decnet_print().\n (CVE-2017-12899)\n\n - The EIGRP parser in tcpdump before 4.9.2 has a buffer\n over-read in print-eigrp.c:eigrp_print().\n (CVE-2017-12901)\n\n - The IPv6 parser in tcpdump before 4.9.2 has a buffer\n over-read in print-ip6.c:ip6_print(). (CVE-2017-12985)\n\n - The telnet parser in tcpdump before 4.9.2 has a buffer\n over-read in print-telnet.c:telnet_parse().\n (CVE-2017-12988)\n\n - The BGP parser in tcpdump before 4.9.2 has a buffer\n over-read in print-bgp.c:bgp_attr_print().\n (CVE-2017-12991, CVE-2017-12994, CVE-2017-13046)\n\n - The RIPng parser in tcpdump before 4.9.2 has a buffer\n over-read in print-ripng.c:ripng_print().\n (CVE-2017-12992)\n\n - The PIMv2 parser in tcpdump before 4.9.2 has a buffer\n over-read in print-pim.c:pimv2_print(). (CVE-2017-12996)\n\n - The IS-IS parser in tcpdump before 4.9.2 has a buffer\n over-read in print-isoclns.c:isis_print().\n (CVE-2017-12999)\n\n - The NFS parser in tcpdump before 4.9.2 has a buffer\n over-read in print-nfs.c:nfs_printfh(). (CVE-2017-13001)\n\n - The AODV parser in tcpdump before 4.9.2 has a buffer\n over-read in print-aodv.c:aodv_extension().\n (CVE-2017-13002)\n\n - The LMP parser in tcpdump before 4.9.2 has a buffer\n over-read in print-lmp.c:lmp_print(). (CVE-2017-13003)\n\n - The NFS parser in tcpdump before 4.9.2 has a buffer\n over-read in print-nfs.c:xid_map_enter().\n (CVE-2017-13005)\n\n - The L2TP parser in tcpdump before 4.9.2 has a buffer\n over-read in print-l2tp.c, several functions.\n (CVE-2017-13006)\n\n - The BEEP parser in tcpdump before 4.9.2 has a buffer\n over-read in print-beep.c:l_strnstart().\n (CVE-2017-13010)\n\n - The ARP parser in tcpdump before 4.9.2 has a buffer\n over-read in print-arp.c, several functions.\n (CVE-2017-13013)\n\n - The EAP parser in tcpdump before 4.9.2 has a buffer\n over-read in print-eap.c:eap_print(). (CVE-2017-13015)\n\n - The DHCPv6 parser in tcpdump before 4.9.2 has a buffer\n over-read in print-dhcp6.c:dhcp6opt_print().\n (CVE-2017-13017)\n\n - The PGM parser in tcpdump before 4.9.2 has a buffer\n over-read in print-pgm.c:pgm_print(). (CVE-2017-13018,\n CVE-2017-13019, CVE-2017-13034)\n\n - The VTP parser in tcpdump before 4.9.2 has a buffer\n over-read in print-vtp.c:vtp_print(). (CVE-2017-13020,\n CVE-2017-13033)\n\n - The ICMPv6 parser in tcpdump before 4.9.2 has a buffer\n over-read in print-icmp6.c:icmp6_print().\n (CVE-2017-13021)\n\n - The IP parser in tcpdump before 4.9.2 has a buffer over-\n read in print-ip.c:ip_printroute(). (CVE-2017-13022)\n\n - The BOOTP parser in tcpdump before 4.9.2 has a buffer\n over-read in print-bootp.c:bootp_print().\n (CVE-2017-13028)\n\n - The PIM parser in tcpdump before 4.9.2 has a buffer\n over-read in print-pim.c, several functions.\n (CVE-2017-13030)\n\n - The IP parser in tcpdump before 4.9.2 has a buffer over-\n read in print-ip.c:ip_printts(). (CVE-2017-13037)\n\n - The PPP parser in tcpdump before 4.9.2 has a buffer\n over-read in print-ppp.c:handle_mlppp().\n (CVE-2017-13038)\n\n - The HNCP parser in tcpdump before 4.9.2 has a buffer\n over-read in print-hncp.c:dhcpv6_print().\n (CVE-2017-13042)\n\n - The HNCP parser in tcpdump before 4.9.2 has a buffer\n over-read in print-hncp.c:dhcpv4_print().\n (CVE-2017-13044)\n\n - The VQP parser in tcpdump before 4.9.2 has a buffer\n over-read in print-vqp.c:vqp_print(). (CVE-2017-13045)\n\n - The RSVP parser in tcpdump before 4.9.2 has a buffer\n over-read in print-rsvp.c:rsvp_obj_print().\n (CVE-2017-13048, CVE-2017-13051)\n\n - The Rx protocol parser in tcpdump before 4.9.2 has a\n buffer over-read in print-rx.c:ubik_print().\n (CVE-2017-13049)\n\n - The CFM parser in tcpdump before 4.9.2 has a buffer\n over-read in print-cfm.c:cfm_print(). (CVE-2017-13052)\n\n - The OLSR parser in tcpdump before 4.9.2 has a buffer\n over-read in print-olsr.c:olsr_print(). (CVE-2017-13688)\n\n - The IKEv1 parser in tcpdump before 4.9.2 has a buffer\n over-read in print-isakmp.c:ikev1_id_print().\n (CVE-2017-13689)\n\n - tcpdump 4.9.0 has a heap-based buffer over-read in the\n lldp_print function in print-lldp.c, related to util-\n print.c. (CVE-2017-11541)\n\n - tcpdump 4.9.0 has a heap-based buffer over-read in the\n pimv1_print function in print-pim.c. (CVE-2017-11542)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0071\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL tcpdump packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-13725\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.04\": [\n \"tcpdump-4.9.2-3.el7\",\n \"tcpdump-debuginfo-4.9.2-3.el7\"\n ],\n \"CGSL MAIN 5.04\": [\n \"tcpdump-4.9.2-3.el7\",\n \"tcpdump-debuginfo-4.9.2-3.el7\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tcpdump\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-18T15:36:28", "description": "This update for tcpdump to version 4.9.2 fixes several issues.\n\nThese security issues were fixed :\n\n - CVE-2017-11108: Prevent remote attackers to cause DoS (heap-based buffer over-read and application crash) via crafted packet data. The crash occured in the EXTRACT_16BITS function, called from the stp_print function for the Spanning Tree Protocol (bsc#1047873, bsc#1057247).\n\n - CVE-2017-11543: Prevent buffer overflow in the sliplink_print function in print-sl.c that allowed remote DoS (bsc#1057247).\n\n - CVE-2017-13011: Prevent buffer overflow in bittok2str_internal() that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12989: Prevent infinite loop in the RESP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12990: Prevent infinite loop in the ISAKMP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12995: Prevent infinite loop in the DNS parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12997: Prevent infinite loop in the LLDP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-11541: Prevent heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c that allowed remote DoS (bsc#1057247).\n\n - CVE-2017-11542: Prevent heap-based buffer over-read in the pimv1_print function in print-pim.c that allowed remote DoS (bsc#1057247).\n\n - CVE-2017-12893: Prevent buffer over-read in the SMB/CIFS parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12894: Prevent buffer over-read in several protocol parsers that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12895: Prevent buffer over-read in the ICMP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12896: Prevent buffer over-read in the ISAKMP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12897: Prevent buffer over-read in the ISO CLNS parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12898: Prevent buffer over-read in the NFS parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12899: Prevent buffer over-read in the DECnet parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12900: Prevent buffer over-read in the in several protocol parsers that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12901: Prevent buffer over-read in the EIGRP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12902: Prevent buffer over-read in the Zephyr parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12985: Prevent buffer over-read in the IPv6 parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12986: Prevent buffer over-read in the IPv6 routing header parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12987: Prevent buffer over-read in the 802.11 parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12988: Prevent buffer over-read in the telnet parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12991: Prevent buffer over-read in the BGP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12992: Prevent buffer over-read in the RIPng parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12993: Prevent buffer over-read in the Juniper protocols parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12994: Prevent buffer over-read in the BGP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12996: Prevent buffer over-read in the PIMv2 parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12998: Prevent buffer over-read in the IS-IS parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12999: Prevent buffer over-read in the IS-IS parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13000: Prevent buffer over-read in the IEEE 802.15.4 parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13001: Prevent buffer over-read in the NFS parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13002: Prevent buffer over-read in the AODV parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13003: Prevent buffer over-read in the LMP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13004: Prevent buffer over-read in the Juniper protocols parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13005: Prevent buffer over-read in the NFS parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13006: Prevent buffer over-read in the L2TP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13007: Prevent buffer over-read in the Apple PKTAP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13008: Prevent buffer over-read in the IEEE 802.11 parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13009: Prevent buffer over-read in the IPv6 mobility parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13010: Prevent buffer over-read in the BEEP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13012: Prevent buffer over-read in the ICMP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13013: Prevent buffer over-read in the ARP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13014: Prevent buffer over-read in the White Board protocol parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13015: Prevent buffer over-read in the EAP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13016: Prevent buffer over-read in the ISO ES-IS parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13017: Prevent buffer over-read in the DHCPv6 parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13018: Prevent buffer over-read in the PGM parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13019: Prevent buffer over-read in the PGM parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13020: Prevent buffer over-read in the VTP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13021: Prevent buffer over-read in the ICMPv6 parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13022: Prevent buffer over-read in the IP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13023: Prevent buffer over-read in the IPv6 mobility parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13024: Prevent buffer over-read in the IPv6 mobility parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13025: Prevent buffer over-read in the IPv6 mobility parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13026: Prevent buffer over-read in the ISO IS-IS parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13027: Prevent buffer over-read in the LLDP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13028: Prevent buffer over-read in the BOOTP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13029: Prevent buffer over-read in the PPP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13030: Prevent buffer over-read in the PIM parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13031: Prevent buffer over-read in the IPv6 fragmentation header parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13032: Prevent buffer over-read in the RADIUS parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13033: Prevent buffer over-read in the VTP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13034: Prevent buffer over-read in the PGM parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13035: Prevent buffer over-read in the ISO IS-IS parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13036: Prevent buffer over-read in the OSPFv3 parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13037: Prevent buffer over-read in the IP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13038: Prevent buffer over-read in the PPP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13039: Prevent buffer over-read in the ISAKMP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13040: Prevent buffer over-read in the MPTCP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13041: Prevent buffer over-read in the ICMPv6 parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13042: Prevent buffer over-read in the HNCP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13043: Prevent buffer over-read in the BGP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13044: Prevent buffer over-read in the HNCP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13045: Prevent buffer over-read in the VQP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13046: Prevent buffer over-read in the BGP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13047: Prevent buffer over-read in the ISO ES-IS parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13048: Prevent buffer over-read in the RSVP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13049: Prevent buffer over-read in the Rx protocol parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13050: Prevent buffer over-read in the RPKI-Router parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13051: Prevent buffer over-read in the RSVP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13052: Prevent buffer over-read in the CFM parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13053: Prevent buffer over-read in the BGP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13054: Prevent buffer over-read in the LLDP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13055: Prevent buffer over-read in the ISO IS-IS parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13687: Prevent buffer over-read in the Cisco HDLC parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13688: Prevent buffer over-read in the OLSR parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13689: Prevent buffer over-read in the IKEv1 parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13690: Prevent buffer over-read in the IKEv2 parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13725: Prevent buffer over-read in the IPv6 routing header parser that allowed remote DoS (bsc#1057247)\n\n - Prevent segmentation fault in ESP decoder with OpenSSL 1.1 (bsc#1057247)\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-10-30T00:00:00", "type": "nessus", "title": "openSUSE Security Update : tcpdump (openSUSE-2017-1205)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11108", "CVE-2017-11541", "CVE-2017-11542", "CVE-2017-11543", "CVE-2017-12893", "CVE-2017-12894", "CVE-2017-12895", "CVE-2017-12896", "CVE-2017-12897", "CVE-2017-12898", "CVE-2017-12899", "CVE-2017-12900", "CVE-2017-12901", "CVE-2017-12902", "CVE-2017-12985", "CVE-2017-12986", "CVE-2017-12987", "CVE-2017-12988", "CVE-2017-12989", "CVE-2017-12990", "CVE-2017-12991", "CVE-2017-12992", "CVE-2017-12993", "CVE-2017-12994", "CVE-2017-12995", "CVE-2017-12996", "CVE-2017-12997", "CVE-2017-12998", "CVE-2017-12999", "CVE-2017-13000", "CVE-2017-13001", "CVE-2017-13002", "CVE-2017-13003", "CVE-2017-13004", "CVE-2017-13005", "CVE-2017-13006", "CVE-2017-13007", "CVE-2017-13008", "CVE-2017-13009", "CVE-2017-13010", "CVE-2017-13011", "CVE-2017-13012", "CVE-2017-13013", "CVE-2017-13014", "CVE-2017-13015", "CVE-2017-13016", "CVE-2017-13017", "CVE-2017-13018", "CVE-2017-13019", "CVE-2017-13020", "CVE-2017-13021", "CVE-2017-13022", "CVE-2017-13023", "CVE-2017-13024", "CVE-2017-13025", "CVE-2017-13026", "CVE-2017-13027", "CVE-2017-13028", "CVE-2017-13029", "CVE-2017-13030", "CVE-2017-13031", "CVE-2017-13032", "CVE-2017-13033", "CVE-2017-13034", "CVE-2017-13035", "CVE-2017-13036", "CVE-2017-13037", "CVE-2017-13038", "CVE-2017-13039", "CVE-2017-13040", "CVE-2017-13041", "CVE-2017-13042", "CVE-2017-13043", "CVE-2017-13044", "CVE-2017-13045", "CVE-2017-13046", "CVE-2017-13047", "CVE-2017-13048", "CVE-2017-13049", "CVE-2017-13050", "CVE-2017-13051", "CVE-2017-13052", "CVE-2017-13053", "CVE-2017-13054", "CVE-2017-13055", "CVE-2017-13687", "CVE-2017-13688", "CVE-2017-13689", "CVE-2017-13690", "CVE-2017-13725"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:tcpdump", "p-cpe:/a:novell:opensuse:tcpdump-debuginfo", "p-cpe:/a:novell:opensuse:tcpdump-debugsource", "cpe:/o:novell:opensuse:42.2", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2017-1205.NASL", "href": "https://www.tenable.com/plugins/nessus/104239", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-1205.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104239);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-11108\", \"CVE-2017-11541\", \"CVE-2017-11542\", \"CVE-2017-11543\", \"CVE-2017-12893\", \"CVE-2017-12894\", \"CVE-2017-12895\", \"CVE-2017-12896\", \"CVE-2017-12897\", \"CVE-2017-12898\", \"CVE-2017-12899\", \"CVE-2017-12900\", \"CVE-2017-12901\", \"CVE-2017-12902\", \"CVE-2017-12985\", \"CVE-2017-12986\", \"CVE-2017-12987\", \"CVE-2017-12988\", \"CVE-2017-12989\", \"CVE-2017-12990\", \"CVE-2017-12991\", \"CVE-2017-12992\", \"CVE-2017-12993\", \"CVE-2017-12994\", \"CVE-2017-12995\", \"CVE-2017-12996\", \"CVE-2017-12997\", \"CVE-2017-12998\", \"CVE-2017-12999\", \"CVE-2017-13000\", \"CVE-2017-13001\", \"CVE-2017-13002\", \"CVE-2017-13003\", \"CVE-2017-13004\", \"CVE-2017-13005\", \"CVE-2017-13006\", \"CVE-2017-13007\", \"CVE-2017-13008\", \"CVE-2017-13009\", \"CVE-2017-13010\", \"CVE-2017-13011\", \"CVE-2017-13012\", \"CVE-2017-13013\", \"CVE-2017-13014\", \"CVE-2017-13015\", \"CVE-2017-13016\", \"CVE-2017-13017\", \"CVE-2017-13018\", \"CVE-2017-13019\", \"CVE-2017-13020\", \"CVE-2017-13021\", \"CVE-2017-13022\", \"CVE-2017-13023\", \"CVE-2017-13024\", \"CVE-2017-13025\", \"CVE-2017-13026\", \"CVE-2017-13027\", \"CVE-2017-13028\", \"CVE-2017-13029\", \"CVE-2017-13030\", \"CVE-2017-13031\", \"CVE-2017-13032\", \"CVE-2017-13033\", \"CVE-2017-13034\", \"CVE-2017-13035\", \"CVE-2017-13036\", \"CVE-2017-13037\", \"CVE-2017-13038\", \"CVE-2017-13039\", \"CVE-2017-13040\", \"CVE-2017-13041\", \"CVE-2017-13042\", \"CVE-2017-13043\", \"CVE-2017-13044\", \"CVE-2017-13045\", \"CVE-2017-13046\", \"CVE-2017-13047\", \"CVE-2017-13048\", \"CVE-2017-13049\", \"CVE-2017-13050\", \"CVE-2017-13051\", \"CVE-2017-13052\", \"CVE-2017-13053\", \"CVE-2017-13054\", \"CVE-2017-13055\", \"CVE-2017-13687\", \"CVE-2017-13688\", \"CVE-2017-13689\", \"CVE-2017-13690\", \"CVE-2017-13725\");\n\n script_name(english:\"openSUSE Security Update : tcpdump (openSUSE-2017-1205)\");\n script_summary(english:\"Check for the openSUSE-2017-1205 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for tcpdump to version 4.9.2 fixes several issues.\n\nThese security issues were fixed :\n\n - CVE-2017-11108: Prevent remote attackers to cause DoS\n (heap-based buffer over-read and application crash) via\n crafted packet data. The crash occured in the\n EXTRACT_16BITS function, called from the stp_print\n function for the Spanning Tree Protocol (bsc#1047873,\n bsc#1057247).\n\n - CVE-2017-11543: Prevent buffer overflow in the\n sliplink_print function in print-sl.c that allowed\n remote DoS (bsc#1057247).\n\n - CVE-2017-13011: Prevent buffer overflow in\n bittok2str_internal() that allowed remote DoS\n (bsc#1057247)\n\n - CVE-2017-12989: Prevent infinite loop in the RESP parser\n that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12990: Prevent infinite loop in the ISAKMP\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12995: Prevent infinite loop in the DNS parser\n that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12997: Prevent infinite loop in the LLDP parser\n that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-11541: Prevent heap-based buffer over-read in\n the lldp_print function in print-lldp.c, related to\n util-print.c that allowed remote DoS (bsc#1057247).\n\n - CVE-2017-11542: Prevent heap-based buffer over-read in\n the pimv1_print function in print-pim.c that allowed\n remote DoS (bsc#1057247).\n\n - CVE-2017-12893: Prevent buffer over-read in the SMB/CIFS\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12894: Prevent buffer over-read in several\n protocol parsers that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12895: Prevent buffer over-read in the ICMP\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12896: Prevent buffer over-read in the ISAKMP\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12897: Prevent buffer over-read in the ISO CLNS\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12898: Prevent buffer over-read in the NFS\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12899: Prevent buffer over-read in the DECnet\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12900: Prevent buffer over-read in the in\n several protocol parsers that allowed remote DoS\n (bsc#1057247)\n\n - CVE-2017-12901: Prevent buffer over-read in the EIGRP\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12902: Prevent buffer over-read in the Zephyr\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12985: Prevent buffer over-read in the IPv6\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12986: Prevent buffer over-read in the IPv6\n routing header parser that allowed remote DoS\n (bsc#1057247)\n\n - CVE-2017-12987: Prevent buffer over-read in the 802.11\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12988: Prevent buffer over-read in the telnet\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12991: Prevent buffer over-read in the BGP\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12992: Prevent buffer over-read in the RIPng\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12993: Prevent buffer over-read in the Juniper\n protocols parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12994: Prevent buffer over-read in the BGP\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12996: Prevent buffer over-read in the PIMv2\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12998: Prevent buffer over-read in the IS-IS\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-12999: Prevent buffer over-read in the IS-IS\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13000: Prevent buffer over-read in the IEEE\n 802.15.4 parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13001: Prevent buffer over-read in the NFS\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13002: Prevent buffer over-read in the AODV\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13003: Prevent buffer over-read in the LMP\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13004: Prevent buffer over-read in the Juniper\n protocols parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13005: Prevent buffer over-read in the NFS\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13006: Prevent buffer over-read in the L2TP\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13007: Prevent buffer over-read in the Apple\n PKTAP parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13008: Prevent buffer over-read in the IEEE\n 802.11 parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13009: Prevent buffer over-read in the IPv6\n mobility parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13010: Prevent buffer over-read in the BEEP\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13012: Prevent buffer over-read in the ICMP\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13013: Prevent buffer over-read in the ARP\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13014: Prevent buffer over-read in the White\n Board protocol parser that allowed remote DoS\n (bsc#1057247)\n\n - CVE-2017-13015: Prevent buffer over-read in the EAP\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13016: Prevent buffer over-read in the ISO\n ES-IS parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13017: Prevent buffer over-read in the DHCPv6\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13018: Prevent buffer over-read in the PGM\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13019: Prevent buffer over-read in the PGM\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13020: Prevent buffer over-read in the VTP\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13021: Prevent buffer over-read in the ICMPv6\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13022: Prevent buffer over-read in the IP\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13023: Prevent buffer over-read in the IPv6\n mobility parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13024: Prevent buffer over-read in the IPv6\n mobility parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13025: Prevent buffer over-read in the IPv6\n mobility parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13026: Prevent buffer over-read in the ISO\n IS-IS parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13027: Prevent buffer over-read in the LLDP\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13028: Prevent buffer over-read in the BOOTP\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13029: Prevent buffer over-read in the PPP\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13030: Prevent buffer over-read in the PIM\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13031: Prevent buffer over-read in the IPv6\n fragmentation header parser that allowed remote DoS\n (bsc#1057247)\n\n - CVE-2017-13032: Prevent buffer over-read in the RADIUS\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13033: Prevent buffer over-read in the VTP\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13034: Prevent buffer over-read in the PGM\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13035: Prevent buffer over-read in the ISO\n IS-IS parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13036: Prevent buffer over-read in the OSPFv3\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13037: Prevent buffer over-read in the IP\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13038: Prevent buffer over-read in the PPP\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13039: Prevent buffer over-read in the ISAKMP\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13040: Prevent buffer over-read in the MPTCP\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13041: Prevent buffer over-read in the ICMPv6\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13042: Prevent buffer over-read in the HNCP\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13043: Prevent buffer over-read in the BGP\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13044: Prevent buffer over-read in the HNCP\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13045: Prevent buffer over-read in the VQP\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13046: Prevent buffer over-read in the BGP\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13047: Prevent buffer over-read in the ISO\n ES-IS parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13048: Prevent buffer over-read in the RSVP\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13049: Prevent buffer over-read in the Rx\n protocol parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13050: Prevent buffer over-read in the\n RPKI-Router parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13051: Prevent buffer over-read in the RSVP\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13052: Prevent buffer over-read in the CFM\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13053: Prevent buffer over-read in the BGP\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13054: Prevent buffer over-read in the LLDP\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13055: Prevent buffer over-read in the ISO\n IS-IS parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13687: Prevent buffer over-read in the Cisco\n HDLC parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13688: Prevent buffer over-read in the OLSR\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13689: Prevent buffer over-read in the IKEv1\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13690: Prevent buffer over-read in the IKEv2\n parser that allowed remote DoS (bsc#1057247)\n\n - CVE-2017-13725: Prevent buffer over-read in the IPv6\n routing header parser that allowed remote DoS\n (bsc#1057247)\n\n - Prevent segmentation fault in ESP decoder with OpenSSL\n 1.1 (bsc#1057247)\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1047873\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1057247\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tcpdump packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tcpdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tcpdump-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tcpdump-4.9.2-6.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tcpdump-debuginfo-4.9.2-6.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tcpdump-debugsource-4.9.2-6.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"tcpdump-4.9.2-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"tcpdump-debuginfo-4.9.2-9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"tcpdump-debugsource-4.9.2-9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tcpdump / tcpdump-debuginfo / tcpdump-debugsource\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-18T15:35:50", "description": "tcpdump developers report :\n\nToo many issues to detail, see CVE references for details.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-09-27T00:00:00", "type": "nessus", "title": "FreeBSD : tcpdump -- multiple vulnerabilities (eb03d642-6724-472d-b038-f2bf074e1fc8)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11541", "CVE-2017-11542", "CVE-2017-11543", "CVE-2017-12893", "CVE-2017-12894", "CVE-2017-12895", "CVE-2017-12896", "CVE-2017-12897", "CVE-2017-12898", "CVE-2017-12899", "CVE-2017-12900", "CVE-2017-12901", "CVE-2017-12902", "CVE-2017-12985", "CVE-2017-12986", "CVE-2017-12987", "CVE-2017-12988", "CVE-2017-12989", "CVE-2017-12990", "CVE-2017-12991", "CVE-2017-12992", "CVE-2017-12993", "CVE-2017-12994", "CVE-2017-12995", "CVE-2017-12996", "CVE-2017-12997", "CVE-2017-12998", "CVE-2017-12999", "CVE-2017-13000", "CVE-2017-13001", "CVE-2017-13002", "CVE-2017-13003", "CVE-2017-13004", "CVE-2017-13005", "CVE-2017-13006", "CVE-2017-13007", "CVE-2017-13008", "CVE-2017-13009", "CVE-2017-13010", "CVE-2017-13011", "CVE-2017-13012", "CVE-2017-13013", "CVE-2017-13014", "CVE-2017-13015", "CVE-2017-13016", "CVE-2017-13017", "CVE-2017-13018", "CVE-2017-13019", "CVE-2017-13020", "CVE-2017-13021", "CVE-2017-13022", "CVE-2017-13023", "CVE-2017-13024", "CVE-2017-13025", "CVE-2017-13026", "CVE-2017-13027", "CVE-2017-13028", "CVE-2017-13029", "CVE-2017-13030", "CVE-2017-13031", "CVE-2017-13032", "CVE-2017-13033", "CVE-2017-13034", "CVE-2017-13035", "CVE-2017-13036", "CVE-2017-13037", "CVE-2017-13038", "CVE-2017-13039", "CVE-2017-13040", "CVE-2017-13041", "CVE-2017-13042", "CVE-2017-13043", "CVE-2017-13044", "CVE-2017-13045", "CVE-2017-13046", "CVE-2017-13047", "CVE-2017-13048", "CVE-2017-13049", "CVE-2017-13050", "CVE-2017-13051", "CVE-2017-13052", "CVE-2017-13053", "CVE-2017-13054", "CVE-2017-13055", "CVE-2017-13687", "CVE-2017-13688", "CVE-2017-13689", "CVE-2017-13690", "CVE-2017-13725"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:tcpdump", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_EB03D6426724472DB038F2BF074E1FC8.NASL", "href": "https://www.tenable.com/plugins/nessus/103484", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103484);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-11541\", \"CVE-2017-11542\", \"CVE-2017-11543\", \"CVE-2017-12893\", \"CVE-2017-12894\", \"CVE-2017-12895\", \"CVE-2017-12896\", \"CVE-2017-12897\", \"CVE-2017-12898\", \"CVE-2017-12899\", \"CVE-2017-12900\", \"CVE-2017-12901\", \"CVE-2017-12902\", \"CVE-2017-12985\", \"CVE-2017-12986\", \"CVE-2017-12987\", \"CVE-2017-12988\", \"CVE-2017-12989\", \"CVE-2017-12990\", \"CVE-2017-12991\", \"CVE-2017-12992\", \"CVE-2017-12993\", \"CVE-2017-12994\", \"CVE-2017-12995\", \"CVE-2017-12996\", \"CVE-2017-12997\", \"CVE-2017-12998\", \"CVE-2017-12999\", \"CVE-2017-13000\", \"CVE-2017-13001\", \"CVE-2017-13002\", \"CVE-2017-13003\", \"CVE-2017-13004\", \"CVE-2017-13005\", \"CVE-2017-13006\", \"CVE-2017-13007\", \"CVE-2017-13008\", \"CVE-2017-13009\", \"CVE-2017-13010\", \"CVE-2017-13011\", \"CVE-2017-13012\", \"CVE-2017-13013\", \"CVE-2017-13014\", \"CVE-2017-13015\", \"CVE-2017-13016\", \"CVE-2017-13017\", \"CVE-2017-13018\", \"CVE-2017-13019\", \"CVE-2017-13020\", \"CVE-2017-13021\", \"CVE-2017-13022\", \"CVE-2017-13023\", \"CVE-2017-13024\", \"CVE-2017-13025\", \"CVE-2017-13026\", \"CVE-2017-13027\", \"CVE-2017-13028\", \"CVE-2017-13029\", \"CVE-2017-13030\", \"CVE-2017-13031\", \"CVE-2017-13032\", \"CVE-2017-13033\", \"CVE-2017-13034\", \"CVE-2017-13035\", \"CVE-2017-13036\", \"CVE-2017-13037\", \"CVE-2017-13038\", \"CVE-2017-13039\", \"CVE-2017-13040\", \"CVE-2017-13041\", \"CVE-2017-13042\", \"CVE-2017-13043\", \"CVE-2017-13044\", \"CVE-2017-13045\", \"CVE-2017-13046\", \"CVE-2017-13047\", \"CVE-2017-13048\", \"CVE-2017-13049\", \"CVE-2017-13050\", \"CVE-2017-13051\", \"CVE-2017-13052\", \"CVE-2017-13053\", \"CVE-2017-13054\", \"CVE-2017-13055\", \"CVE-2017-13687\", \"CVE-2017-13688\", \"CVE-2017-13689\", \"CVE-2017-13690\", \"CVE-2017-13725\");\n\n script_name(english:\"FreeBSD : tcpdump -- multiple vulnerabilities (eb03d642-6724-472d-b038-f2bf074e1fc8)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"tcpdump developers report :\n\nToo many issues to detail, see CVE references for details.\"\n );\n # https://vuxml.freebsd.org/freebsd/eb03d642-6724-472d-b038-f2bf074e1fc8.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d61670e7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"tcpdump<4.9.2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-17T15:27:55", "description": "New tcpdump packages are available for Slackware 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-09-11T00:00:00", "type": "nessus", "title": "Slackware 13.37 / 14.0 / 14.1 / 14.2 / current : tcpdump (SSA:2017-251-03)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11541", "CVE-2017-11542", "CVE-2017-11543", "CVE-2017-12893", "CVE-2017-12894", "CVE-2017-12895", "CVE-2017-12896", "CVE-2017-12897", "CVE-2017-12898", "CVE-2017-12899", "CVE-2017-12900", "CVE-2017-12901", "CVE-2017-12902", "CVE-2017-12985", "CVE-2017-12986", "CVE-2017-12987", "CVE-2017-12988", "CVE-2017-12989", "CVE-2017-12990", "CVE-2017-12991", "CVE-2017-12992", "CVE-2017-12993", "CVE-2017-12994", "CVE-2017-12995", "CVE-2017-12996", "CVE-2017-12997", "CVE-2017-12998", "CVE-2017-12999", "CVE-2017-13000", "CVE-2017-13001", "CVE-2017-13002", "CVE-2017-13003", "CVE-2017-13004", "CVE-2017-13005", "CVE-2017-13006", "CVE-2017-13007", "CVE-2017-13008", "CVE-2017-13009", "CVE-2017-13010", "CVE-2017-13011", "CVE-2017-13012", "CVE-2017-13013", "CVE-2017-13014", "CVE-2017-13015", "CVE-2017-13016", "CVE-2017-13017", "CVE-2017-13018", "CVE-2017-13019", "CVE-2017-13020", "CVE-2017-13021", "CVE-2017-13022", "CVE-2017-13023", "CVE-2017-13024", "CVE-2017-13025", "CVE-2017-13026", "CVE-2017-13027", "CVE-2017-13028", "CVE-2017-13029", "CVE-2017-13030", "CVE-2017-13031", "CVE-2017-13032", "CVE-2017-13033", "CVE-2017-13034", "CVE-2017-13035", "CVE-2017-13036", "CVE-2017-13037", "CVE-2017-13038", "CVE-2017-13039", "CVE-2017-13040", "CVE-2017-13041", "CVE-2017-13042", "CVE-2017-13043", "CVE-2017-13044", "CVE-2017-13045", "CVE-2017-13046", "CVE-2017-13047", "CVE-2017-13048", "CVE-2017-13049", "CVE-2017-13050", "CVE-2017-13051", "CVE-2017-13052", "CVE-2017-13053", "CVE-2017-13054", "CVE-2017-13055", "CVE-2017-13687", "CVE-2017-13688", "CVE-2017-13689", "CVE-2017-13690", "CVE-2017-13725"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:tcpdump", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:13.37", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux:14.2"], "id": "SLACKWARE_SSA_2017-251-03.NASL", "href": "https://www.tenable.com/plugins/nessus/103091", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2017-251-03. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103091);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-11541\", \"CVE-2017-11542\", \"CVE-2017-11543\", \"CVE-2017-12893\", \"CVE-2017-12894\", \"CVE-2017-12895\", \"CVE-2017-12896\", \"CVE-2017-12897\", \"CVE-2017-12898\", \"CVE-2017-12899\", \"CVE-2017-12900\", \"CVE-2017-12901\", \"CVE-2017-12902\", \"CVE-2017-12985\", \"CVE-2017-12986\", \"CVE-2017-12987\", \"CVE-2017-12988\", \"CVE-2017-12989\", \"CVE-2017-12990\", \"CVE-2017-12991\", \"CVE-2017-12992\", \"CVE-2017-12993\", \"CVE-2017-12994\", \"CVE-2017-12995\", \"CVE-2017-12996\", \"CVE-2017-12997\", \"CVE-2017-12998\", \"CVE-2017-12999\", \"CVE-2017-13000\", \"CVE-2017-13001\", \"CVE-2017-13002\", \"CVE-2017-13003\", \"CVE-2017-13004\", \"CVE-2017-13005\", \"CVE-2017-13006\", \"CVE-2017-13007\", \"CVE-2017-13008\", \"CVE-2017-13009\", \"CVE-2017-13010\", \"CVE-2017-13011\", \"CVE-2017-13012\", \"CVE-2017-13013\", \"CVE-2017-13014\", \"CVE-2017-13015\", \"CVE-2017-13016\", \"CVE-2017-13017\", \"CVE-2017-13018\", \"CVE-2017-13019\", \"CVE-2017-13020\", \"CVE-2017-13021\", \"CVE-2017-13022\", \"CVE-2017-13023\", \"CVE-2017-13024\", \"CVE-2017-13025\", \"CVE-2017-13026\", \"CVE-2017-13027\", \"CVE-2017-13028\", \"CVE-2017-13029\", \"CVE-2017-13030\", \"CVE-2017-13031\", \"CVE-2017-13032\", \"CVE-2017-13033\", \"CVE-2017-13034\", \"CVE-2017-13035\", \"CVE-2017-13036\", \"CVE-2017-13037\", \"CVE-2017-13038\", \"CVE-2017-13039\", \"CVE-2017-13040\", \"CVE-2017-13041\", \"CVE-2017-13042\", \"CVE-2017-13043\", \"CVE-2017-13044\", \"CVE-2017-13045\", \"CVE-2017-13046\", \"CVE-2017-13047\", \"CVE-2017-13048\", \"CVE-2017-13049\", \"CVE-2017-13050\", \"CVE-2017-13051\", \"CVE-2017-13052\", \"CVE-2017-13053\", \"CVE-2017-13054\", \"CVE-2017-13055\", \"CVE-2017-13687\", \"CVE-2017-13688\", \"CVE-2017-13689\", \"CVE-2017-13690\", \"CVE-2017-13725\");\n script_xref(name:\"SSA\", value:\"2017-251-03\");\n\n script_name(english:\"Slackware 13.37 / 14.0 / 14.1 / 14.2 / current : tcpdump (SSA:2017-251-03)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New tcpdump packages are available for Slackware 13.37, 14.0, 14.1,\n14.2, and -current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.928329\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d3aa5fe6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tcpdump package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"13.37\", pkgname:\"tcpdump\", pkgver:\"4.9.2\", pkgarch:\"i486\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"tcpdump\", pkgver:\"4.9.2\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.37\")) flag++;\n\nif (slackware_check(osver:\"14.0\", pkgname:\"tcpdump\", pkgver:\"4.9.2\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"tcpdump\", pkgver:\"4.9.2\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"tcpdump\", pkgver:\"4.9.2\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"tcpdump\", pkgver:\"4.9.2\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"tcpdump\", pkgver:\"4.9.2\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"tcpdump\", pkgver:\"4.9.2\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"tcpdump\", pkgver:\"4.9.2\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"tcpdump\", pkgver:\"4.9.2\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-19T15:11:27", "description": "Vulnerabilities in tcpdump affect AIX :\n\nhttps://vulners.com/cve/CVE-2017-12993 https://vulners.com/cve/CVE-2017-12993 tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the Juniper component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the RIPng component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the BGP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the telnet component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IEEE 802.11 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IPv6 routing headers component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IPv6 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the Zephyr component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the EIGRP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the tok2strbuf component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the DECnet component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the NFS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISO CLNS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISAKMP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ICMP component.\nBy sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the lookup_bytestring component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the SMB/CIFS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump is vulnerable to a denial of service, caused by a heap-based buffer over-read in the pimv1_print function in print-pim.c. An attacker could exploit this vulnerability to cause the application to crash. tcpdump is vulnerable to a denial of service, caused by a heap-based buffer over-read in the lldp_print function in print-lldp.c. An attacker could exploit this vulnerability to cause the application to crash. tcpdump is vulnerable to a denial of service, caused by an error in the LLDP component. By sending specially crafted data, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.\ntcpdump is vulnerable to a denial of service, caused by an error in the DNS component. By sending specially crafted data, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. tcpdump is vulnerable to a denial of service, caused by an error in the ISAKMP component. By sending specially crafted data, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.\ntcpdump is vulnerable to a denial of service, caused by an error in the RESP component. By sending specially crafted data, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. tcpdump is vulnerable to a buffer overflow, caused by improper bounds checking by the bittok2str_internal component. By sending an overly long string argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.\ntcpdump is vulnerable to a denial of service, caused by a buffer overflow in the sliplink_print function in print-sl.c. An attacker could exploit this vulnerability to cause the application to crash.\ntcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the PGM component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the DHCPv6 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISO ES-IS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump is vulnerable to a denial of service, caused by a buffer overflow in the sliplink_print function in print-sl.c. An attacker could exploit this vulnerability to cause the application to crash. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the EAP component.\nBy sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the White Board component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ARP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ICMP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the BEEP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IPv6 mobility component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IEEE 802.11 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the L2TP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the NFS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the Juniper component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the LMP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the AODV component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the NFS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IEEE 802.15.4 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISO IS-IS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISO IS-IS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the PIMv2 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the BGP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump is vulnerable to a denial of service, caused by a heap-based buffer over-read in the lldp_print function in print-lldp.c. An attacker could exploit this vulnerability to cause the application to crash. tcpdump is vulnerable to a denial of service, caused by a heap-based buffer over-read in the pimv1_print function in print-pim.c. An attacker could exploit this vulnerability to cause the application to crash. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the BGP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the HNCP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ICMPv6 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the MPTCP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISAKMP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the PPP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the OSPFv3 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISO IS-IS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the PGM component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the VTP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the RADIUS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IPv6 fragmentation header component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the PIM component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the PPP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the BOOTP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the LLDP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISO IS-IS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IPv6 mobility component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IPv6 mobility component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IPv6 mobility component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IP component.\nBy sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ICMPv6 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the VTP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the PGM component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IPv6 routing headers component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IKEv2 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IKEv1 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the OLSR component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the Cisco HDLC component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISO IS-IS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the LLDP component.\nBy sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the BGP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the CFM component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the RSVP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the RPKI-Router component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the Rx component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the RSVP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISO ES-IS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the BGP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the VQP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the HNCP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-05-30T00:00:00", "type": "nessus", "title": "AIX 7.1 TL 4 : tcpdump (IV94726)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11541", "CVE-2017-11542", "CVE-2017-11543", "CVE-2017-12893", "CVE-2017-12894", "CVE-2017-12895", "CVE-2017-12896", "CVE-2017-12897", "CVE-2017-12898", "CVE-2017-12899", "CVE-2017-12900", "CVE-2017-12901", "CVE-2017-12902", "CVE-2017-12985", "CVE-2017-12986", "CVE-2017-12987", "CVE-2017-12988", "CVE-2017-12989", "CVE-2017-12990", "CVE-2017-12991", "CVE-2017-12992", "CVE-2017-12993", "CVE-2017-12994", "CVE-2017-12995", "CVE-2017-12996", "CVE-2017-12997", "CVE-2017-12998", "CVE-2017-12999", "CVE-2017-13000", "CVE-2017-13001", "CVE-2017-13002", "CVE-2017-13003", "CVE-2017-13004", "CVE-2017-13005", "CVE-2017-13006", "CVE-2017-13008", "CVE-2017-13009", "CVE-2017-13010", "CVE-2017-13011", "CVE-2017-13012", "CVE-2017-13013", "CVE-2017-13014", "CVE-2017-13015", "CVE-2017-13016", "CVE-2017-13017", "CVE-2017-13018", "CVE-2017-13019", "CVE-2017-13020", "CVE-2017-13021", "CVE-2017-13022", "CVE-2017-13023", "CVE-2017-13024", "CVE-2017-13025", "CVE-2017-13026", "CVE-2017-13027", "CVE-2017-13028", "CVE-2017-13029", "CVE-2017-13030", "CVE-2017-13031", "CVE-2017-13032", "CVE-2017-13033", "CVE-2017-13034", "CVE-2017-13035", "CVE-2017-13036", "CVE-2017-13037", "CVE-2017-13038", "CVE-2017-13039", "CVE-2017-13040", "CVE-2017-13041", "CVE-2017-13042", "CVE-2017-13043", "CVE-2017-13044", "CVE-2017-13045", "CVE-2017-13046", "CVE-2017-13047", "CVE-2017-13048", "CVE-2017-13049", "CVE-2017-13050", "CVE-2017-13051", "CVE-2017-13052", "CVE-2017-13053", "CVE-2017-13054", "CVE-2017-13055", "CVE-2017-13687", "CVE-2017-13688", "CVE-2017-13689", "CVE-2017-13690", "CVE-2017-13725"], "modified": "2021-01-04T00:00:00", "cpe": ["cpe:/o:ibm:aix:7.1"], "id": "AIX_IV94726.NASL", "href": "https://www.tenable.com/plugins/nessus/100469", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory tcpdump_advisory3.asc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100469);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-11541\", \"CVE-2017-11542\", \"CVE-2017-11543\", \"CVE-2017-12893\", \"CVE-2017-12894\", \"CVE-2017-12895\", \"CVE-2017-12896\", \"CVE-2017-12897\", \"CVE-2017-12898\", \"CVE-2017-12899\", \"CVE-2017-12900\", \"CVE-2017-12901\", \"CVE-2017-12902\", \"CVE-2017-12985\", \"CVE-2017-12986\", \"CVE-2017-12987\", \"CVE-2017-12988\", \"CVE-2017-12989\", \"CVE-2017-12990\", \"CVE-2017-12991\", \"CVE-2017-12992\", \"CVE-2017-12993\", \"CVE-2017-12994\", \"CVE-2017-12995\", \"CVE-2017-12996\", \"CVE-2017-12997\", \"CVE-2017-12998\", \"CVE-2017-12999\", \"CVE-2017-13000\", \"CVE-2017-13001\", \"CVE-2017-13002\", \"CVE-2017-13003\", \"CVE-2017-13004\", \"CVE-2017-13005\", \"CVE-2017-13006\", \"CVE-2017-13008\", \"CVE-2017-13009\", \"CVE-2017-13010\", \"CVE-2017-13011\", \"CVE-2017-13012\", \"CVE-2017-13013\", \"CVE-2017-13014\", \"CVE-2017-13015\", \"CVE-2017-13016\", \"CVE-2017-13017\", \"CVE-2017-13018\", \"CVE-2017-13019\", \"CVE-2017-13020\", \"CVE-2017-13021\", \"CVE-2017-13022\", \"CVE-2017-13023\", \"CVE-2017-13024\", \"CVE-2017-13025\", \"CVE-2017-13026\", \"CVE-2017-13027\", \"CVE-2017-13028\", \"CVE-2017-13029\", \"CVE-2017-13030\", \"CVE-2017-13031\", \"CVE-2017-13032\", \"CVE-2017-13033\", \"CVE-2017-13034\", \"CVE-2017-13035\", \"CVE-2017-13036\", \"CVE-2017-13037\", \"CVE-2017-13038\", \"CVE-2017-13039\", \"CVE-2017-13040\", \"CVE-2017-13041\", \"CVE-2017-13042\", \"CVE-2017-13043\", \"CVE-2017-13044\", \"CVE-2017-13045\", \"CVE-2017-13046\", \"CVE-2017-13047\", \"CVE-2017-13048\", \"CVE-2017-13049\", \"CVE-2017-13050\", \"CVE-2017-13051\", \"CVE-2017-13052\", \"CVE-2017-13053\", \"CVE-2017-13054\", \"CVE-2017-13055\", \"CVE-2017-13687\", \"CVE-2017-13688\", \"CVE-2017-13689\", \"CVE-2017-13690\", \"CVE-2017-13725\");\n\n script_name(english:\"AIX 7.1 TL 4 : tcpdump (IV94726)\");\n script_summary(english:\"Check for APAR IV94726\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote AIX host is missing a security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vulnerabilities in tcpdump affect AIX :\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12993\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12993 tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the Juniper component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the RIPng component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the BGP\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the telnet component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the IEEE 802.11 component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump could allow a remote attacker to\nobtain sensitive information, caused by a buffer overread memory in\nthe IPv6 routing headers component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the IPv6\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the Zephyr component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the EIGRP component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the\ntok2strbuf component. By sending a specially crafted request, an\nattacker could exploit this vulnerability to obtain sensitive\ninformation. tcpdump could allow a remote attacker to obtain sensitive\ninformation, caused by a buffer overread memory in the DECnet\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the NFS component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the ISO CLNS component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump could allow a remote attacker to\nobtain sensitive information, caused by a buffer overread memory in\nthe ISAKMP component. By sending a specially crafted request, an\nattacker could exploit this vulnerability to obtain sensitive\ninformation. tcpdump could allow a remote attacker to obtain sensitive\ninformation, caused by a buffer overread memory in the ICMP component.\nBy sending a specially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the lookup_bytestring component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the SMB/CIFS component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump is vulnerable to a denial of\nservice, caused by a heap-based buffer over-read in the pimv1_print\nfunction in print-pim.c. An attacker could exploit this vulnerability\nto cause the application to crash. tcpdump is vulnerable to a denial\nof service, caused by a heap-based buffer over-read in the lldp_print\nfunction in print-lldp.c. An attacker could exploit this vulnerability\nto cause the application to crash. tcpdump is vulnerable to a denial\nof service, caused by an error in the LLDP component. By sending\nspecially crafted data, a remote attacker could exploit this\nvulnerability to cause the application to enter into an infinite loop.\ntcpdump is vulnerable to a denial of service, caused by an error in\nthe DNS component. By sending specially crafted data, a remote\nattacker could exploit this vulnerability to cause the application to\nenter into an infinite loop. tcpdump is vulnerable to a denial of\nservice, caused by an error in the ISAKMP component. By sending\nspecially crafted data, a remote attacker could exploit this\nvulnerability to cause the application to enter into an infinite loop.\ntcpdump is vulnerable to a denial of service, caused by an error in\nthe RESP component. By sending specially crafted data, a remote\nattacker could exploit this vulnerability to cause the application to\nenter into an infinite loop. tcpdump is vulnerable to a buffer\noverflow, caused by improper bounds checking by the\nbittok2str_internal component. By sending an overly long string\nargument, a remote attacker could overflow a buffer and execute\narbitrary code on the system or cause the application to crash.\ntcpdump is vulnerable to a denial of service, caused by a buffer\noverflow in the sliplink_print function in print-sl.c. An attacker\ncould exploit this vulnerability to cause the application to crash.\ntcpdump could allow a remote attacker to obtain sensitive information,\ncaused by a buffer overread memory in the PGM component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the DHCPv6 component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump could allow a remote attacker to\nobtain sensitive information, caused by a buffer overread memory in\nthe ISO ES-IS component. By sending a specially crafted request, an\nattacker could exploit this vulnerability to obtain sensitive\ninformation. tcpdump is vulnerable to a denial of service, caused by a\nbuffer overflow in the sliplink_print function in print-sl.c. An\nattacker could exploit this vulnerability to cause the application to\ncrash. tcpdump could allow a remote attacker to obtain sensitive\ninformation, caused by a buffer overread memory in the EAP component.\nBy sending a specially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the White Board component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump could allow a remote attacker to\nobtain sensitive information, caused by a buffer overread memory in\nthe ARP component. By sending a specially crafted request, an attacker\ncould exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information,\ncaused by a buffer overread memory in the ICMP component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the BEEP component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the IPv6\nmobility component. By sending a specially crafted request, an\nattacker could exploit this vulnerability to obtain sensitive\ninformation. tcpdump could allow a remote attacker to obtain sensitive\ninformation, caused by a buffer overread memory in the IEEE 802.11\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the L2TP component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the NFS component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the\nJuniper component. By sending a specially crafted request, an attacker\ncould exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information,\ncaused by a buffer overread memory in the LMP component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the AODV component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the NFS\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the IEEE 802.15.4 component. By sending\na specially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the ISO IS-IS component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump could allow a remote attacker to\nobtain sensitive information, caused by a buffer overread memory in\nthe ISO IS-IS component. By sending a specially crafted request, an\nattacker could exploit this vulnerability to obtain sensitive\ninformation. tcpdump could allow a remote attacker to obtain sensitive\ninformation, caused by a buffer overread memory in the PIMv2\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the BGP component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump is vulnerable\nto a denial of service, caused by a heap-based buffer over-read in the\nlldp_print function in print-lldp.c. An attacker could exploit this\nvulnerability to cause the application to crash. tcpdump is vulnerable\nto a denial of service, caused by a heap-based buffer over-read in the\npimv1_print function in print-pim.c. An attacker could exploit this\nvulnerability to cause the application to crash. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the BGP component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the HNCP\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the ICMPv6 component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the MPTCP component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the\nISAKMP component. By sending a specially crafted request, an attacker\ncould exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information,\ncaused by a buffer overread memory in the PPP component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the IP component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the\nOSPFv3 component. By sending a specially crafted request, an attacker\ncould exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information,\ncaused by a buffer overread memory in the ISO IS-IS component. By\nsending a specially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the PGM component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the VTP\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the RADIUS component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the IPv6 fragmentation header component. By sending\na specially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the PIM component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the PPP\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the BOOTP component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the LLDP component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the ISO\nIS-IS component. By sending a specially crafted request, an attacker\ncould exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information,\ncaused by a buffer overread memory in the IPv6 mobility component. By\nsending a specially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the IPv6 mobility component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump could allow a remote attacker to\nobtain sensitive information, caused by a buffer overread memory in\nthe IPv6 mobility component. By sending a specially crafted request,\nan attacker could exploit this vulnerability to obtain sensitive\ninformation. tcpdump could allow a remote attacker to obtain sensitive\ninformation, caused by a buffer overread memory in the IP component.\nBy sending a specially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the ICMPv6 component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump could allow a remote attacker to\nobtain sensitive information, caused by a buffer overread memory in\nthe VTP component. By sending a specially crafted request, an attacker\ncould exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information,\ncaused by a buffer overread memory in the PGM component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the IPv6 routing headers component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the IKEv2 component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the IKEv1\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the OLSR component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the Cisco HDLC component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump could allow a remote attacker to\nobtain sensitive information, caused by a buffer overread memory in\nthe ISO IS-IS component. By sending a specially crafted request, an\nattacker could exploit this vulnerability to obtain sensitive\ninformation. tcpdump could allow a remote attacker to obtain sensitive\ninformation, caused by a buffer overread memory in the LLDP component.\nBy sending a specially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the BGP component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the CFM\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the RSVP component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the RPKI-Router component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump could allow a remote attacker to\nobtain sensitive information, caused by a buffer overread memory in\nthe Rx component. By sending a specially crafted request, an attacker\ncould exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information,\ncaused by a buffer overread memory in the RSVP component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the ISO ES-IS component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump could allow a remote attacker to\nobtain sensitive information, caused by a buffer overread memory in\nthe BGP component. By sending a specially crafted request, an attacker\ncould exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information,\ncaused by a buffer overread memory in the VQP component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the HNCP component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory3.asc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the appropriate interim fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:7.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"7.1\", ml:\"04\", sp:\"03\", patch:\"IV94726m5a\", package:\"bos.net.tcp.server\", minfilesetver:\"7.1.4.0\", maxfilesetver:\"7.1.4.32\") < 0) flag++;\nif (aix_check_ifix(release:\"7.1\", ml:\"04\", sp:\"04\", patch:\"IV94726m5a\", package:\"bos.net.tcp.server\", minfilesetver:\"7.1.4.0\", maxfilesetver:\"7.1.4.32\") < 0) flag++;\nif (aix_check_ifix(release:\"7.1\", ml:\"04\", sp:\"05\", patch:\"IV94726m5a\", package:\"bos.net.tcp.server\", minfilesetver:\"7.1.4.0\", maxfilesetver:\"7.1.4.32\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:aix_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-17T15:24:48", "description": "Vulnerabilities in tcpdump affect AIX :\n\nhttps://vulners.com/cve/CVE-2017-12993 https://vulners.com/cve/CVE-2017-12993 tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the Juniper component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the RIPng component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the BGP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the telnet component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IEEE 802.11 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IPv6 routing headers component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IPv6 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the Zephyr component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the EIGRP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the tok2strbuf component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the DECnet component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the NFS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISO CLNS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISAKMP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ICMP component.\nBy sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the lookup_bytestring component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the SMB/CIFS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump is vulnerable to a denial of service, caused by a heap-based buffer over-read in the pimv1_print function in print-pim.c. An attacker could exploit this vulnerability to cause the application to crash. tcpdump is vulnerable to a denial of service, caused by a heap-based buffer over-read in the lldp_print function in print-lldp.c. An attacker could exploit this vulnerability to cause the application to crash. tcpdump is vulnerable to a denial of service, caused by an error in the LLDP component. By sending specially crafted data, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.\ntcpdump is vulnerable to a denial of service, caused by an error in the DNS component. By sending specially crafted data, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. tcpdump is vulnerable to a denial of service, caused by an error in the ISAKMP component. By sending specially crafted data, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.\ntcpdump is vulnerable to a denial of service, caused by an error in the RESP component. By sending specially crafted data, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. tcpdump is vulnerable to a buffer overflow, caused by improper bounds checking by the bittok2str_internal component. By sending an overly long string argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.\ntcpdump is vulnerable to a denial of service, caused by a buffer overflow in the sliplink_print function in print-sl.c. An attacker could exploit this vulnerability to cause the application to crash.\ntcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the PGM component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the DHCPv6 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISO ES-IS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump is vulnerable to a denial of service, caused by a buffer overflow in the sliplink_print function in print-sl.c. An attacker could exploit this vulnerability to cause the application to crash. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the EAP component.\nBy sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the White Board component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ARP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ICMP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the BEEP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IPv6 mobility component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IEEE 802.11 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the L2TP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the NFS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the Juniper component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the LMP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the AODV component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the NFS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IEEE 802.15.4 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISO IS-IS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISO IS-IS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the PIMv2 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the BGP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump is vulnerable to a denial of service, caused by a heap-based buffer over-read in the lldp_print function in print-lldp.c. An attacker could exploit this vulnerability to cause the application to crash. tcpdump is vulnerable to a denial of service, caused by a heap-based buffer over-read in the pimv1_print function in print-pim.c. An attacker could exploit this vulnerability to cause the application to crash. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the BGP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the HNCP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ICMPv6 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the MPTCP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISAKMP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the PPP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the OSPFv3 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISO IS-IS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the PGM component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the VTP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the RADIUS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IPv6 fragmentation header component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the PIM component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the PPP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the BOOTP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the LLDP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISO IS-IS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IPv6 mobility component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IPv6 mobility component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IPv6 mobility component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IP component.\nBy sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ICMPv6 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the VTP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the PGM component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IPv6 routing headers component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IKEv2 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IKEv1 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the OLSR component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the Cisco HDLC component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISO IS-IS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the LLDP component.\nBy sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the BGP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the CFM component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the RSVP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the RPKI-Router component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the Rx component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the RSVP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISO ES-IS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the BGP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the VQP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the HNCP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-05-30T00:00:00", "type": "nessus", "title": "AIX 6.1 TL 9 : tcpdump (IV94728)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11541", "CVE-2017-11542", "CVE-2017-11543", "CVE-2017-12893", "CVE-2017-12894", "CVE-2017-12895", "CVE-2017-12896", "CVE-2017-12897", "CVE-2017-12898", "CVE-2017-12899", "CVE-2017-12900", "CVE-2017-12901", "CVE-2017-12902", "CVE-2017-12985", "CVE-2017-12986", "CVE-2017-12987", "CVE-2017-12988", "CVE-2017-12989", "CVE-2017-12990", "CVE-2017-12991", "CVE-2017-12992", "CVE-2017-12993", "CVE-2017-12994", "CVE-2017-12995", "CVE-2017-12996", "CVE-2017-12997", "CVE-2017-12998", "CVE-2017-12999", "CVE-2017-13000", "CVE-2017-13001", "CVE-2017-13002", "CVE-2017-13003", "CVE-2017-13004", "CVE-2017-13005", "CVE-2017-13006", "CVE-2017-13008", "CVE-2017-13009", "CVE-2017-13010", "CVE-2017-13011", "CVE-2017-13012", "CVE-2017-13013", "CVE-2017-13014", "CVE-2017-13015", "CVE-2017-13016", "CVE-2017-13017", "CVE-2017-13018", "CVE-2017-13019", "CVE-2017-13020", "CVE-2017-13021", "CVE-2017-13022", "CVE-2017-13023", "CVE-2017-13024", "CVE-2017-13025", "CVE-2017-13026", "CVE-2017-13027", "CVE-2017-13028", "CVE-2017-13029", "CVE-2017-13030", "CVE-2017-13031", "CVE-2017-13032", "CVE-2017-13033", "CVE-2017-13034", "CVE-2017-13035", "CVE-2017-13036", "CVE-2017-13037", "CVE-2017-13038", "CVE-2017-13039", "CVE-2017-13040", "CVE-2017-13041", "CVE-2017-13042", "CVE-2017-13043", "CVE-2017-13044", "CVE-2017-13045", "CVE-2017-13046", "CVE-2017-13047", "CVE-2017-13048", "CVE-2017-13049", "CVE-2017-13050", "CVE-2017-13051", "CVE-2017-13052", "CVE-2017-13053", "CVE-2017-13054", "CVE-2017-13055", "CVE-2017-13687", "CVE-2017-13688", "CVE-2017-13689", "CVE-2017-13690", "CVE-2017-13725"], "modified": "2021-01-04T00:00:00", "cpe": ["cpe:/o:ibm:aix:6.1"], "id": "AIX_IV94728.NASL", "href": "https://www.tenable.com/plugins/nessus/100471", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory tcpdump_advisory3.asc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100471);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-11541\", \"CVE-2017-11542\", \"CVE-2017-11543\", \"CVE-2017-12893\", \"CVE-2017-12894\", \"CVE-2017-12895\", \"CVE-2017-12896\", \"CVE-2017-12897\", \"CVE-2017-12898\", \"CVE-2017-12899\", \"CVE-2017-12900\", \"CVE-2017-12901\", \"CVE-2017-12902\", \"CVE-2017-12985\", \"CVE-2017-12986\", \"CVE-2017-12987\", \"CVE-2017-12988\", \"CVE-2017-12989\", \"CVE-2017-12990\", \"CVE-2017-12991\", \"CVE-2017-12992\", \"CVE-2017-12993\", \"CVE-2017-12994\", \"CVE-2017-12995\", \"CVE-2017-12996\", \"CVE-2017-12997\", \"CVE-2017-12998\", \"CVE-2017-12999\", \"CVE-2017-13000\", \"CVE-2017-13001\", \"CVE-2017-13002\", \"CVE-2017-13003\", \"CVE-2017-13004\", \"CVE-2017-13005\", \"CVE-2017-13006\", \"CVE-2017-13008\", \"CVE-2017-13009\", \"CVE-2017-13010\", \"CVE-2017-13011\", \"CVE-2017-13012\", \"CVE-2017-13013\", \"CVE-2017-13014\", \"CVE-2017-13015\", \"CVE-2017-13016\", \"CVE-2017-13017\", \"CVE-2017-13018\", \"CVE-2017-13019\", \"CVE-2017-13020\", \"CVE-2017-13021\", \"CVE-2017-13022\", \"CVE-2017-13023\", \"CVE-2017-13024\", \"CVE-2017-13025\", \"CVE-2017-13026\", \"CVE-2017-13027\", \"CVE-2017-13028\", \"CVE-2017-13029\", \"CVE-2017-13030\", \"CVE-2017-13031\", \"CVE-2017-13032\", \"CVE-2017-13033\", \"CVE-2017-13034\", \"CVE-2017-13035\", \"CVE-2017-13036\", \"CVE-2017-13037\", \"CVE-2017-13038\", \"CVE-2017-13039\", \"CVE-2017-13040\", \"CVE-2017-13041\", \"CVE-2017-13042\", \"CVE-2017-13043\", \"CVE-2017-13044\", \"CVE-2017-13045\", \"CVE-2017-13046\", \"CVE-2017-13047\", \"CVE-2017-13048\", \"CVE-2017-13049\", \"CVE-2017-13050\", \"CVE-2017-13051\", \"CVE-2017-13052\", \"CVE-2017-13053\", \"CVE-2017-13054\", \"CVE-2017-13055\", \"CVE-2017-13687\", \"CVE-2017-13688\", \"CVE-2017-13689\", \"CVE-2017-13690\", \"CVE-2017-13725\");\n\n script_name(english:\"AIX 6.1 TL 9 : tcpdump (IV94728)\");\n script_summary(english:\"Check for APAR IV94728\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote AIX host is missing a security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vulnerabilities in tcpdump affect AIX :\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12993\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12993 tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the Juniper component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the RIPng component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the BGP\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the telnet component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the IEEE 802.11 component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump could allow a remote attacker to\nobtain sensitive information, caused by a buffer overread memory in\nthe IPv6 routing headers component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the IPv6\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the Zephyr component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the EIGRP component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the\ntok2strbuf component. By sending a specially crafted request, an\nattacker could exploit this vulnerability to obtain sensitive\ninformation. tcpdump could allow a remote attacker to obtain sensitive\ninformation, caused by a buffer overread memory in the DECnet\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the NFS component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the ISO CLNS component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump could allow a remote attacker to\nobtain sensitive information, caused by a buffer overread memory in\nthe ISAKMP component. By sending a specially crafted request, an\nattacker could exploit this vulnerability to obtain sensitive\ninformation. tcpdump could allow a remote attacker to obtain sensitive\ninformation, caused by a buffer overread memory in the ICMP component.\nBy sending a specially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the lookup_bytestring component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the SMB/CIFS component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump is vulnerable to a denial of\nservice, caused by a heap-based buffer over-read in the pimv1_print\nfunction in print-pim.c. An attacker could exploit this vulnerability\nto cause the application to crash. tcpdump is vulnerable to a denial\nof service, caused by a heap-based buffer over-read in the lldp_print\nfunction in print-lldp.c. An attacker could exploit this vulnerability\nto cause the application to crash. tcpdump is vulnerable to a denial\nof service, caused by an error in the LLDP component. By sending\nspecially crafted data, a remote attacker could exploit this\nvulnerability to cause the application to enter into an infinite loop.\ntcpdump is vulnerable to a denial of service, caused by an error in\nthe DNS component. By sending specially crafted data, a remote\nattacker could exploit this vulnerability to cause the application to\nenter into an infinite loop. tcpdump is vulnerable to a denial of\nservice, caused by an error in the ISAKMP component. By sending\nspecially crafted data, a remote attacker could exploit this\nvulnerability to cause the application to enter into an infinite loop.\ntcpdump is vulnerable to a denial of service, caused by an error in\nthe RESP component. By sending specially crafted data, a remote\nattacker could exploit this vulnerability to cause the application to\nenter into an infinite loop. tcpdump is vulnerable to a buffer\noverflow, caused by improper bounds checking by the\nbittok2str_internal component. By sending an overly long string\nargument, a remote attacker could overflow a buffer and execute\narbitrary code on the system or cause the application to crash.\ntcpdump is vulnerable to a denial of service, caused by a buffer\noverflow in the sliplink_print function in print-sl.c. An attacker\ncould exploit this vulnerability to cause the application to crash.\ntcpdump could allow a remote attacker to obtain sensitive information,\ncaused by a buffer overread memory in the PGM component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the DHCPv6 component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump could allow a remote attacker to\nobtain sensitive information, caused by a buffer overread memory in\nthe ISO ES-IS component. By sending a specially crafted request, an\nattacker could exploit this vulnerability to obtain sensitive\ninformation. tcpdump is vulnerable to a denial of service, caused by a\nbuffer overflow in the sliplink_print function in print-sl.c. An\nattacker could exploit this vulnerability to cause the application to\ncrash. tcpdump could allow a remote attacker to obtain sensitive\ninformation, caused by a buffer overread memory in the EAP component.\nBy sending a specially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the White Board component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump could allow a remote attacker to\nobtain sensitive information, caused by a buffer overread memory in\nthe ARP component. By sending a specially crafted request, an attacker\ncould exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information,\ncaused by a buffer overread memory in the ICMP component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the BEEP component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the IPv6\nmobility component. By sending a specially crafted request, an\nattacker could exploit this vulnerability to obtain sensitive\ninformation. tcpdump could allow a remote attacker to obtain sensitive\ninformation, caused by a buffer overread memory in the IEEE 802.11\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the L2TP component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the NFS component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the\nJuniper component. By sending a specially crafted request, an attacker\ncould exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information,\ncaused by a buffer overread memory in the LMP component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the AODV component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the NFS\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the IEEE 802.15.4 component. By sending\na specially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the ISO IS-IS component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump could allow a remote attacker to\nobtain sensitive information, caused by a buffer overread memory in\nthe ISO IS-IS component. By sending a specially crafted request, an\nattacker could exploit this vulnerability to obtain sensitive\ninformation. tcpdump could allow a remote attacker to obtain sensitive\ninformation, caused by a buffer overread memory in the PIMv2\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the BGP component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump is vulnerable\nto a denial of service, caused by a heap-based buffer over-read in the\nlldp_print function in print-lldp.c. An attacker could exploit this\nvulnerability to cause the application to crash. tcpdump is vulnerable\nto a denial of service, caused by a heap-based buffer over-read in the\npimv1_print function in print-pim.c. An attacker could exploit this\nvulnerability to cause the application to crash. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the BGP component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the HNCP\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the ICMPv6 component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the MPTCP component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the\nISAKMP component. By sending a specially crafted request, an attacker\ncould exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information,\ncaused by a buffer overread memory in the PPP component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the IP component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the\nOSPFv3 component. By sending a specially crafted request, an attacker\ncould exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information,\ncaused by a buffer overread memory in the ISO IS-IS component. By\nsending a specially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the PGM component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the VTP\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the RADIUS component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the IPv6 fragmentation header component. By sending\na specially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the PIM component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the PPP\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the BOOTP component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the LLDP component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the ISO\nIS-IS component. By sending a specially crafted request, an attacker\ncould exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information,\ncaused by a buffer overread memory in the IPv6 mobility component. By\nsending a specially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the IPv6 mobility component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump could allow a remote attacker to\nobtain sensitive information, caused by a buffer overread memory in\nthe IPv6 mobility component. By sending a specially crafted request,\nan attacker could exploit this vulnerability to obtain sensitive\ninformation. tcpdump could allow a remote attacker to obtain sensitive\ninformation, caused by a buffer overread memory in the IP component.\nBy sending a specially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the ICMPv6 component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump could allow a remote attacker to\nobtain sensitive information, caused by a buffer overread memory in\nthe VTP component. By sending a specially crafted request, an attacker\ncould exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information,\ncaused by a buffer overread memory in the PGM component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the IPv6 routing headers component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the IKEv2 component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the IKEv1\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the OLSR component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the Cisco HDLC component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump could allow a remote attacker to\nobtain sensitive information, caused by a buffer overread memory in\nthe ISO IS-IS component. By sending a specially crafted request, an\nattacker could exploit this vulnerability to obtain sensitive\ninformation. tcpdump could allow a remote attacker to obtain sensitive\ninformation, caused by a buffer overread memory in the LLDP component.\nBy sending a specially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the BGP component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the CFM\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the RSVP component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the RPKI-Router component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump could allow a remote attacker to\nobtain sensitive information, caused by a buffer overread memory in\nthe Rx component. By sending a specially crafted request, an attacker\ncould exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information,\ncaused by a buffer overread memory in the RSVP component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the ISO ES-IS component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump could allow a remote attacker to\nobtain sensitive information, caused by a buffer overread memory in\nthe BGP component. By sending a specially crafted request, an attacker\ncould exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information,\ncaused by a buffer overread memory in the VQP component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the HNCP component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory3.asc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the appropriate interim fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:6.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"6.1\", ml:\"09\", sp:\"08\", patch:\"IV94728mAa\", package:\"bos.net.tcp.server\", minfilesetver:\"6.1.9.0\", maxfilesetver:\"6.1.9.300\") < 0) flag++;\nif (aix_check_ifix(release:\"6.1\", ml:\"09\", sp:\"09\", patch:\"IV94728mAa\", package:\"bos.net.tcp.server\", minfilesetver:\"6.1.9.0\", maxfilesetver:\"6.1.9.300\") < 0) flag++;\nif (aix_check_ifix(release:\"6.1\", ml:\"09\", sp:\"10\", patch:\"IV94728mAa\", package:\"bos.net.tcp.server\", minfilesetver:\"6.1.9.0\", maxfilesetver:\"6.1.9.300\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:aix_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-18T15:32:42", "description": "Vulnerabilities in tcpdump affect AIX :\n\nhttps://vulners.com/cve/CVE-2017-12993 https://vulners.com/cve/CVE-2017-12993 tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the Juniper component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the RIPng component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the BGP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the telnet component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IEEE 802.11 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IPv6 routing headers component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IPv6 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the Zephyr component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the EIGRP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the tok2strbuf component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the DECnet component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the NFS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISO CLNS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISAKMP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ICMP component.\nBy sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the lookup_bytestring component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the SMB/CIFS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump is vulnerable to a denial of service, caused by a heap-based buffer over-read in the pimv1_print function in print-pim.c. An attacker could exploit this vulnerability to cause the application to crash. tcpdump is vulnerable to a denial of service, caused by a heap-based buffer over-read in the lldp_print function in print-lldp.c. An attacker could exploit this vulnerability to cause the application to crash. tcpdump is vulnerable to a denial of service, caused by an error in the LLDP component. By sending specially crafted data, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.\ntcpdump is vulnerable to a denial of service, caused by an error in the DNS component. By sending specially crafted data, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. tcpdump is vulnerable to a denial of service, caused by an error in the ISAKMP component. By sending specially crafted data, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.\ntcpdump is vulnerable to a denial of service, caused by an error in the RESP component. By sending specially crafted data, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. tcpdump is vulnerable to a buffer overflow, caused by improper bounds checking by the bittok2str_internal component. By sending an overly long string argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.\ntcpdump is vulnerable to a denial of service, caused by a buffer overflow in the sliplink_print function in print-sl.c. An attacker could exploit this vulnerability to cause the application to crash.\ntcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the PGM component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the DHCPv6 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISO ES-IS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump is vulnerable to a denial of service, caused by a buffer overflow in the sliplink_print function in print-sl.c. An attacker could exploit this vulnerability to cause the application to crash. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the EAP component.\nBy sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the White Board component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ARP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ICMP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the BEEP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IPv6 mobility component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IEEE 802.11 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the L2TP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the NFS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the Juniper component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the LMP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the AODV component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the NFS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IEEE 802.15.4 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISO IS-IS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISO IS-IS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the PIMv2 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the BGP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump is vulnerable to a denial of service, caused by a heap-based buffer over-read in the lldp_print function in print-lldp.c. An attacker could exploit this vulnerability to cause the application to crash. tcpdump is vulnerable to a denial of service, caused by a heap-based buffer over-read in the pimv1_print function in print-pim.c. An attacker could exploit this vulnerability to cause the application to crash. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the BGP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the HNCP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ICMPv6 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the MPTCP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISAKMP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the PPP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the OSPFv3 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISO IS-IS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the PGM component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the VTP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the RADIUS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IPv6 fragmentation header component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the PIM component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the PPP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the BOOTP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the LLDP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISO IS-IS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IPv6 mobility component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IPv6 mobility component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IPv6 mobility component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IP component.\nBy sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ICMPv6 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the VTP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the PGM component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IPv6 routing headers component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IKEv2 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IKEv1 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the OLSR component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the Cisco HDLC component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISO IS-IS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the LLDP component.\nBy sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the BGP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the CFM component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the RSVP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the RPKI-Router component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the Rx component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the RSVP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISO ES-IS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the BGP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the VQP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the HNCP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-05-30T00:00:00", "type": "nessus", "title": "AIX 7.1 TL 3 : tcpdump (IV94727)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11541", "CVE-2017-11542", "CVE-2017-11543", "CVE-2017-12893", "CVE-2017-12894", "CVE-2017-12895", "CVE-2017-12896", "CVE-2017-12897", "CVE-2017-12898", "CVE-2017-12899", "CVE-2017-12900", "CVE-2017-12901", "CVE-2017-12902", "CVE-2017-12985", "CVE-2017-12986", "CVE-2017-12987", "CVE-2017-12988", "CVE-2017-12989", "CVE-2017-12990", "CVE-2017-12991", "CVE-2017-12992", "CVE-2017-12993", "CVE-2017-12994", "CVE-2017-12995", "CVE-2017-12996", "CVE-2017-12997", "CVE-2017-12998", "CVE-2017-12999", "CVE-2017-13000", "CVE-2017-13001", "CVE-2017-13002", "CVE-2017-13003", "CVE-2017-13004", "CVE-2017-13005", "CVE-2017-13006", "CVE-2017-13008", "CVE-2017-13009", "CVE-2017-13010", "CVE-2017-13011", "CVE-2017-13012", "CVE-2017-13013", "CVE-2017-13014", "CVE-2017-13015", "CVE-2017-13016", "CVE-2017-13017", "CVE-2017-13018", "CVE-2017-13019", "CVE-2017-13020", "CVE-2017-13021", "CVE-2017-13022", "CVE-2017-13023", "CVE-2017-13024", "CVE-2017-13025", "CVE-2017-13026", "CVE-2017-13027", "CVE-2017-13028", "CVE-2017-13029", "CVE-2017-13030", "CVE-2017-13031", "CVE-2017-13032", "CVE-2017-13033", "CVE-2017-13034", "CVE-2017-13035", "CVE-2017-13036", "CVE-2017-13037", "CVE-2017-13038", "CVE-2017-13039", "CVE-2017-13040", "CVE-2017-13041", "CVE-2017-13042", "CVE-2017-13043", "CVE-2017-13044", "CVE-2017-13045", "CVE-2017-13046", "CVE-2017-13047", "CVE-2017-13048", "CVE-2017-13049", "CVE-2017-13050", "CVE-2017-13051", "CVE-2017-13052", "CVE-2017-13053", "CVE-2017-13054", "CVE-2017-13055", "CVE-2017-13687", "CVE-2017-13688", "CVE-2017-13689", "CVE-2017-13690", "CVE-2017-13725"], "modified": "2021-01-04T00:00:00", "cpe": ["cpe:/o:ibm:aix:7.1"], "id": "AIX_IV94727.NASL", "href": "https://www.tenable.com/plugins/nessus/100470", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory tcpdump_advisory3.asc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100470);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-11541\", \"CVE-2017-11542\", \"CVE-2017-11543\", \"CVE-2017-12893\", \"CVE-2017-12894\", \"CVE-2017-12895\", \"CVE-2017-12896\", \"CVE-2017-12897\", \"CVE-2017-12898\", \"CVE-2017-12899\", \"CVE-2017-12900\", \"CVE-2017-12901\", \"CVE-2017-12902\", \"CVE-2017-12985\", \"CVE-2017-12986\", \"CVE-2017-12987\", \"CVE-2017-12988\", \"CVE-2017-12989\", \"CVE-2017-12990\", \"CVE-2017-12991\", \"CVE-2017-12992\", \"CVE-2017-12993\", \"CVE-2017-12994\", \"CVE-2017-12995\", \"CVE-2017-12996\", \"CVE-2017-12997\", \"CVE-2017-12998\", \"CVE-2017-12999\", \"CVE-2017-13000\", \"CVE-2017-13001\", \"CVE-2017-13002\", \"CVE-2017-13003\", \"CVE-2017-13004\", \"CVE-2017-13005\", \"CVE-2017-13006\", \"CVE-2017-13008\", \"CVE-2017-13009\", \"CVE-2017-13010\", \"CVE-2017-13011\", \"CVE-2017-13012\", \"CVE-2017-13013\", \"CVE-2017-13014\", \"CVE-2017-13015\", \"CVE-2017-13016\", \"CVE-2017-13017\", \"CVE-2017-13018\", \"CVE-2017-13019\", \"CVE-2017-13020\", \"CVE-2017-13021\", \"CVE-2017-13022\", \"CVE-2017-13023\", \"CVE-2017-13024\", \"CVE-2017-13025\", \"CVE-2017-13026\", \"CVE-2017-13027\", \"CVE-2017-13028\", \"CVE-2017-13029\", \"CVE-2017-13030\", \"CVE-2017-13031\", \"CVE-2017-13032\", \"CVE-2017-13033\", \"CVE-2017-13034\", \"CVE-2017-13035\", \"CVE-2017-13036\", \"CVE-2017-13037\", \"CVE-2017-13038\", \"CVE-2017-13039\", \"CVE-2017-13040\", \"CVE-2017-13041\", \"CVE-2017-13042\", \"CVE-2017-13043\", \"CVE-2017-13044\", \"CVE-2017-13045\", \"CVE-2017-13046\", \"CVE-2017-13047\", \"CVE-2017-13048\", \"CVE-2017-13049\", \"CVE-2017-13050\", \"CVE-2017-13051\", \"CVE-2017-13052\", \"CVE-2017-13053\", \"CVE-2017-13054\", \"CVE-2017-13055\", \"CVE-2017-13687\", \"CVE-2017-13688\", \"CVE-2017-13689\", \"CVE-2017-13690\", \"CVE-2017-13725\");\n\n script_name(english:\"AIX 7.1 TL 3 : tcpdump (IV94727)\");\n script_summary(english:\"Check for APAR IV94727\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote AIX host is missing a security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vulnerabilities in tcpdump affect AIX :\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12993\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12993 tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the Juniper component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the RIPng component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the BGP\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the telnet component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the IEEE 802.11 component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump could allow a remote attacker to\nobtain sensitive information, caused by a buffer overread memory in\nthe IPv6 routing headers component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the IPv6\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the Zephyr component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the EIGRP component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the\ntok2strbuf component. By sending a specially crafted request, an\nattacker could exploit this vulnerability to obtain sensitive\ninformation. tcpdump could allow a remote attacker to obtain sensitive\ninformation, caused by a buffer overread memory in the DECnet\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the NFS component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the ISO CLNS component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump could allow a remote attacker to\nobtain sensitive information, caused by a buffer overread memory in\nthe ISAKMP component. By sending a specially crafted request, an\nattacker could exploit this vulnerability to obtain sensitive\ninformation. tcpdump could allow a remote attacker to obtain sensitive\ninformation, caused by a buffer overread memory in the ICMP component.\nBy sending a specially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the lookup_bytestring component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the SMB/CIFS component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump is vulnerable to a denial of\nservice, caused by a heap-based buffer over-read in the pimv1_print\nfunction in print-pim.c. An attacker could exploit this vulnerability\nto cause the application to crash. tcpdump is vulnerable to a denial\nof service, caused by a heap-based buffer over-read in the lldp_print\nfunction in print-lldp.c. An attacker could exploit this vulnerability\nto cause the application to crash. tcpdump is vulnerable to a denial\nof service, caused by an error in the LLDP component. By sending\nspecially crafted data, a remote attacker could exploit this\nvulnerability to cause the application to enter into an infinite loop.\ntcpdump is vulnerable to a denial of service, caused by an error in\nthe DNS component. By sending specially crafted data, a remote\nattacker could exploit this vulnerability to cause the application to\nenter into an infinite loop. tcpdump is vulnerable to a denial of\nservice, caused by an error in the ISAKMP component. By sending\nspecially crafted data, a remote attacker could exploit this\nvulnerability to cause the application to enter into an infinite loop.\ntcpdump is vulnerable to a denial of service, caused by an error in\nthe RESP component. By sending specially crafted data, a remote\nattacker could exploit this vulnerability to cause the application to\nenter into an infinite loop. tcpdump is vulnerable to a buffer\noverflow, caused by improper bounds checking by the\nbittok2str_internal component. By sending an overly long string\nargument, a remote attacker could overflow a buffer and execute\narbitrary code on the system or cause the application to crash.\ntcpdump is vulnerable to a denial of service, caused by a buffer\noverflow in the sliplink_print function in print-sl.c. An attacker\ncould exploit this vulnerability to cause the application to crash.\ntcpdump could allow a remote attacker to obtain sensitive information,\ncaused by a buffer overread memory in the PGM component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the DHCPv6 component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump could allow a remote attacker to\nobtain sensitive information, caused by a buffer overread memory in\nthe ISO ES-IS component. By sending a specially crafted request, an\nattacker could exploit this vulnerability to obtain sensitive\ninformation. tcpdump is vulnerable to a denial of service, caused by a\nbuffer overflow in the sliplink_print function in print-sl.c. An\nattacker could exploit this vulnerability to cause the application to\ncrash. tcpdump could allow a remote attacker to obtain sensitive\ninformation, caused by a buffer overread memory in the EAP component.\nBy sending a specially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the White Board component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump could allow a remote attacker to\nobtain sensitive information, caused by a buffer overread memory in\nthe ARP component. By sending a specially crafted request, an attacker\ncould exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information,\ncaused by a buffer overread memory in the ICMP component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the BEEP component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the IPv6\nmobility component. By sending a specially crafted request, an\nattacker could exploit this vulnerability to obtain sensitive\ninformation. tcpdump could allow a remote attacker to obtain sensitive\ninformation, caused by a buffer overread memory in the IEEE 802.11\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the L2TP component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the NFS component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the\nJuniper component. By sending a specially crafted request, an attacker\ncould exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information,\ncaused by a buffer overread memory in the LMP component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the AODV component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the NFS\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the IEEE 802.15.4 component. By sending\na specially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the ISO IS-IS component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump could allow a remote attacker to\nobtain sensitive information, caused by a buffer overread memory in\nthe ISO IS-IS component. By sending a specially crafted request, an\nattacker could exploit this vulnerability to obtain sensitive\ninformation. tcpdump could allow a remote attacker to obtain sensitive\ninformation, caused by a buffer overread memory in the PIMv2\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the BGP component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump is vulnerable\nto a denial of service, caused by a heap-based buffer over-read in the\nlldp_print function in print-lldp.c. An attacker could exploit this\nvulnerability to cause the application to crash. tcpdump is vulnerable\nto a denial of service, caused by a heap-based buffer over-read in the\npimv1_print function in print-pim.c. An attacker could exploit this\nvulnerability to cause the application to crash. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the BGP component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the HNCP\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the ICMPv6 component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the MPTCP component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the\nISAKMP component. By sending a specially crafted request, an attacker\ncould exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information,\ncaused by a buffer overread memory in the PPP component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the IP component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the\nOSPFv3 component. By sending a specially crafted request, an attacker\ncould exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information,\ncaused by a buffer overread memory in the ISO IS-IS component. By\nsending a specially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the PGM component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the VTP\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the RADIUS component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the IPv6 fragmentation header component. By sending\na specially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the PIM component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the PPP\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the BOOTP component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the LLDP component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the ISO\nIS-IS component. By sending a specially crafted request, an attacker\ncould exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information,\ncaused by a buffer overread memory in the IPv6 mobility component. By\nsending a specially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the IPv6 mobility component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump could allow a remote attacker to\nobtain sensitive information, caused by a buffer overread memory in\nthe IPv6 mobility component. By sending a specially crafted request,\nan attacker could exploit this vulnerability to obtain sensitive\ninformation. tcpdump could allow a remote attacker to obtain sensitive\ninformation, caused by a buffer overread memory in the IP component.\nBy sending a specially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the ICMPv6 component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump could allow a remote attacker to\nobtain sensitive information, caused by a buffer overread memory in\nthe VTP component. By sending a specially crafted request, an attacker\ncould exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information,\ncaused by a buffer overread memory in the PGM component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the IPv6 routing headers component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the IKEv2 component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the IKEv1\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the OLSR component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the Cisco HDLC component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump could allow a remote attacker to\nobtain sensitive information, caused by a buffer overread memory in\nthe ISO IS-IS component. By sending a specially crafted request, an\nattacker could exploit this vulnerability to obtain sensitive\ninformation. tcpdump could allow a remote attacker to obtain sensitive\ninformation, caused by a buffer overread memory in the LLDP component.\nBy sending a specially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the BGP component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the CFM\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the RSVP component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the RPKI-Router component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump could allow a remote attacker to\nobtain sensitive information, caused by a buffer overread memory in\nthe Rx component. By sending a specially crafted request, an attacker\ncould exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information,\ncaused by a buffer overread memory in the RSVP component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the ISO ES-IS component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump could allow a remote attacker to\nobtain sensitive information, caused by a buffer overread memory in\nthe BGP component. By sending a specially crafted request, an attacker\ncould exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information,\ncaused by a buffer overread memory in the VQP component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the HNCP component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory3.asc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the appropriate interim fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:7.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"7.1\", ml:\"03\", sp:\"07\", patch:\"IV94727m9a\", package:\"bos.net.tcp.server\", minfilesetver:\"7.1.3.0\", maxfilesetver:\"7.1.3.49\") < 0) flag++;\nif (aix_check_ifix(release:\"7.1\", ml:\"03\", sp:\"08\", patch:\"IV94727m9a\", package:\"bos.net.tcp.server\", minfilesetver:\"7.1.3.0\", maxfilesetver:\"7.1.3.49\") < 0) flag++;\nif (aix_check_ifix(release:\"7.1\", ml:\"03\", sp:\"09\", patch:\"IV94727m9a\", package:\"bos.net.tcp.server\", minfilesetver:\"7.1.3.0\", maxfilesetver:\"7.1.3.49\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:aix_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-18T15:32:12", "description": "Vulnerabilities in tcpdump affect AIX :\n\nhttps://vulners.com/cve/CVE-2017-12993 https://vulners.com/cve/CVE-2017-12993 tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the Juniper component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the RIPng component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the BGP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the telnet component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IEEE 802.11 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IPv6 routing headers component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IPv6 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the Zephyr component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the EIGRP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the tok2strbuf component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the DECnet component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the NFS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISO CLNS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISAKMP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ICMP component.\nBy sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the lookup_bytestring component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the SMB/CIFS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump is vulnerable to a denial of service, caused by a heap-based buffer over-read in the pimv1_print function in print-pim.c. An attacker could exploit this vulnerability to cause the application to crash. tcpdump is vulnerable to a denial of service, caused by a heap-based buffer over-read in the lldp_print function in print-lldp.c. An attacker could exploit this vulnerability to cause the application to crash. tcpdump is vulnerable to a denial of service, caused by an error in the LLDP component. By sending specially crafted data, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.\ntcpdump is vulnerable to a denial of service, caused by an error in the DNS component. By sending specially crafted data, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. tcpdump is vulnerable to a denial of service, caused by an error in the ISAKMP component. By sending specially crafted data, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.\ntcpdump is vulnerable to a denial of service, caused by an error in the RESP component. By sending specially crafted data, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. tcpdump is vulnerable to a buffer overflow, caused by improper bounds checking by the bittok2str_internal component. By sending an overly long string argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.\ntcpdump is vulnerable to a denial of service, caused by a buffer overflow in the sliplink_print function in print-sl.c. An attacker could exploit this vulnerability to cause the application to crash.\ntcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the PGM component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the DHCPv6 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISO ES-IS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump is vulnerable to a denial of service, caused by a buffer overflow in the sliplink_print function in print-sl.c. An attacker could exploit this vulnerability to cause the application to crash. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the EAP component.\nBy sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the White Board component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ARP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ICMP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the BEEP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IPv6 mobility component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IEEE 802.11 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the L2TP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the NFS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the Juniper component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the LMP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the AODV component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the NFS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IEEE 802.15.4 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISO IS-IS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISO IS-IS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the PIMv2 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the BGP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump is vulnerable to a denial of service, caused by a heap-based buffer over-read in the lldp_print function in print-lldp.c. An attacker could exploit this vulnerability to cause the application to crash. tcpdump is vulnerable to a denial of service, caused by a heap-based buffer over-read in the pimv1_print function in print-pim.c. An attacker could exploit this vulnerability to cause the application to crash. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the BGP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the HNCP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ICMPv6 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the MPTCP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISAKMP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the PPP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the OSPFv3 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISO IS-IS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the PGM component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the VTP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the RADIUS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IPv6 fragmentation header component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the PIM component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the PPP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the BOOTP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the LLDP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISO IS-IS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IPv6 mobility component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IPv6 mobility component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IPv6 mobility component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IP component.\nBy sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ICMPv6 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the VTP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the PGM component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IPv6 routing headers component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IKEv2 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IKEv1 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the OLSR component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the Cisco HDLC component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISO IS-IS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the LLDP component.\nBy sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the BGP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the CFM component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the RSVP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the RPKI-Router component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the Rx component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the RSVP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISO ES-IS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the BGP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the VQP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the HNCP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-05-30T00:00:00", "type": "nessus", "title": "AIX 7.2 TL 0 : tcpdump (IV94724)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11541", "CVE-2017-11542", "CVE-2017-11543", "CVE-2017-12893", "CVE-2017-12894", "CVE-2017-12895", "CVE-2017-12896", "CVE-2017-12897", "CVE-2017-12898", "CVE-2017-12899", "CVE-2017-12900", "CVE-2017-12901", "CVE-2017-12902", "CVE-2017-12985", "CVE-2017-12986", "CVE-2017-12987", "CVE-2017-12988", "CVE-2017-12989", "CVE-2017-12990", "CVE-2017-12991", "CVE-2017-12992", "CVE-2017-12993", "CVE-2017-12994", "CVE-2017-12995", "CVE-2017-12996", "CVE-2017-12997", "CVE-2017-12998", "CVE-2017-12999", "CVE-2017-13000", "CVE-2017-13001", "CVE-2017-13002", "CVE-2017-13003", "CVE-2017-13004", "CVE-2017-13005", "CVE-2017-13006", "CVE-2017-13008", "CVE-2017-13009", "CVE-2017-13010", "CVE-2017-13011", "CVE-2017-13012", "CVE-2017-13013", "CVE-2017-13014", "CVE-2017-13015", "CVE-2017-13016", "CVE-2017-13017", "CVE-2017-13018", "CVE-2017-13019", "CVE-2017-13020", "CVE-2017-13021", "CVE-2017-13022", "CVE-2017-13023", "CVE-2017-13024", "CVE-2017-13025", "CVE-2017-13026", "CVE-2017-13027", "CVE-2017-13028", "CVE-2017-13029", "CVE-2017-13030", "CVE-2017-13031", "CVE-2017-13032", "CVE-2017-13033", "CVE-2017-13034", "CVE-2017-13035", "CVE-2017-13036", "CVE-2017-13037", "CVE-2017-13038", "CVE-2017-13039", "CVE-2017-13040", "CVE-2017-13041", "CVE-2017-13042", "CVE-2017-13043", "CVE-2017-13044", "CVE-2017-13045", "CVE-2017-13046", "CVE-2017-13047", "CVE-2017-13048", "CVE-2017-13049", "CVE-2017-13050", "CVE-2017-13051", "CVE-2017-13052", "CVE-2017-13053", "CVE-2017-13054", "CVE-2017-13055", "CVE-2017-13687", "CVE-2017-13688", "CVE-2017-13689", "CVE-2017-13690", "CVE-2017-13725"], "modified": "2021-01-04T00:00:00", "cpe": ["cpe:/o:ibm:aix:7.2"], "id": "AIX_IV94724.NASL", "href": "https://www.tenable.com/plugins/nessus/100468", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory tcpdump_advisory3.asc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100468);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-11541\", \"CVE-2017-11542\", \"CVE-2017-11543\", \"CVE-2017-12893\", \"CVE-2017-12894\", \"CVE-2017-12895\", \"CVE-2017-12896\", \"CVE-2017-12897\", \"CVE-2017-12898\", \"CVE-2017-12899\", \"CVE-2017-12900\", \"CVE-2017-12901\", \"CVE-2017-12902\", \"CVE-2017-12985\", \"CVE-2017-12986\", \"CVE-2017-12987\", \"CVE-2017-12988\", \"CVE-2017-12989\", \"CVE-2017-12990\", \"CVE-2017-12991\", \"CVE-2017-12992\", \"CVE-2017-12993\", \"CVE-2017-12994\", \"CVE-2017-12995\", \"CVE-2017-12996\", \"CVE-2017-12997\", \"CVE-2017-12998\", \"CVE-2017-12999\", \"CVE-2017-13000\", \"CVE-2017-13001\", \"CVE-2017-13002\", \"CVE-2017-13003\", \"CVE-2017-13004\", \"CVE-2017-13005\", \"CVE-2017-13006\", \"CVE-2017-13008\", \"CVE-2017-13009\", \"CVE-2017-13010\", \"CVE-2017-13011\", \"CVE-2017-13012\", \"CVE-2017-13013\", \"CVE-2017-13014\", \"CVE-2017-13015\", \"CVE-2017-13016\", \"CVE-2017-13017\", \"CVE-2017-13018\", \"CVE-2017-13019\", \"CVE-2017-13020\", \"CVE-2017-13021\", \"CVE-2017-13022\", \"CVE-2017-13023\", \"CVE-2017-13024\", \"CVE-2017-13025\", \"CVE-2017-13026\", \"CVE-2017-13027\", \"CVE-2017-13028\", \"CVE-2017-13029\", \"CVE-2017-13030\", \"CVE-2017-13031\", \"CVE-2017-13032\", \"CVE-2017-13033\", \"CVE-2017-13034\", \"CVE-2017-13035\", \"CVE-2017-13036\", \"CVE-2017-13037\", \"CVE-2017-13038\", \"CVE-2017-13039\", \"CVE-2017-13040\", \"CVE-2017-13041\", \"CVE-2017-13042\", \"CVE-2017-13043\", \"CVE-2017-13044\", \"CVE-2017-13045\", \"CVE-2017-13046\", \"CVE-2017-13047\", \"CVE-2017-13048\", \"CVE-2017-13049\", \"CVE-2017-13050\", \"CVE-2017-13051\", \"CVE-2017-13052\", \"CVE-2017-13053\", \"CVE-2017-13054\", \"CVE-2017-13055\", \"CVE-2017-13687\", \"CVE-2017-13688\", \"CVE-2017-13689\", \"CVE-2017-13690\", \"CVE-2017-13725\");\n\n script_name(english:\"AIX 7.2 TL 0 : tcpdump (IV94724)\");\n script_summary(english:\"Check for APAR IV94724\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote AIX host is missing a security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vulnerabilities in tcpdump affect AIX :\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12993\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12993 tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the Juniper component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the RIPng component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the BGP\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the telnet component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the IEEE 802.11 component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump could allow a remote attacker to\nobtain sensitive information, caused by a buffer overread memory in\nthe IPv6 routing headers component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the IPv6\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the Zephyr component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the EIGRP component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the\ntok2strbuf component. By sending a specially crafted request, an\nattacker could exploit this vulnerability to obtain sensitive\ninformation. tcpdump could allow a remote attacker to obtain sensitive\ninformation, caused by a buffer overread memory in the DECnet\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the NFS component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the ISO CLNS component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump could allow a remote attacker to\nobtain sensitive information, caused by a buffer overread memory in\nthe ISAKMP component. By sending a specially crafted request, an\nattacker could exploit this vulnerability to obtain sensitive\ninformation. tcpdump could allow a remote attacker to obtain sensitive\ninformation, caused by a buffer overread memory in the ICMP component.\nBy sending a specially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the lookup_bytestring component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the SMB/CIFS component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump is vulnerable to a denial of\nservice, caused by a heap-based buffer over-read in the pimv1_print\nfunction in print-pim.c. An attacker could exploit this vulnerability\nto cause the application to crash. tcpdump is vulnerable to a denial\nof service, caused by a heap-based buffer over-read in the lldp_print\nfunction in print-lldp.c. An attacker could exploit this vulnerability\nto cause the application to crash. tcpdump is vulnerable to a denial\nof service, caused by an error in the LLDP component. By sending\nspecially crafted data, a remote attacker could exploit this\nvulnerability to cause the application to enter into an infinite loop.\ntcpdump is vulnerable to a denial of service, caused by an error in\nthe DNS component. By sending specially crafted data, a remote\nattacker could exploit this vulnerability to cause the application to\nenter into an infinite loop. tcpdump is vulnerable to a denial of\nservice, caused by an error in the ISAKMP component. By sending\nspecially crafted data, a remote attacker could exploit this\nvulnerability to cause the application to enter into an infinite loop.\ntcpdump is vulnerable to a denial of service, caused by an error in\nthe RESP component. By sending specially crafted data, a remote\nattacker could exploit this vulnerability to cause the application to\nenter into an infinite loop. tcpdump is vulnerable to a buffer\noverflow, caused by improper bounds checking by the\nbittok2str_internal component. By sending an overly long string\nargument, a remote attacker could overflow a buffer and execute\narbitrary code on the system or cause the application to crash.\ntcpdump is vulnerable to a denial of service, caused by a buffer\noverflow in the sliplink_print function in print-sl.c. An attacker\ncould exploit this vulnerability to cause the application to crash.\ntcpdump could allow a remote attacker to obtain sensitive information,\ncaused by a buffer overread memory in the PGM component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the DHCPv6 component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump could allow a remote attacker to\nobtain sensitive information, caused by a buffer overread memory in\nthe ISO ES-IS component. By sending a specially crafted request, an\nattacker could exploit this vulnerability to obtain sensitive\ninformation. tcpdump is vulnerable to a denial of service, caused by a\nbuffer overflow in the sliplink_print function in print-sl.c. An\nattacker could exploit this vulnerability to cause the application to\ncrash. tcpdump could allow a remote attacker to obtain sensitive\ninformation, caused by a buffer overread memory in the EAP component.\nBy sending a specially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the White Board component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump could allow a remote attacker to\nobtain sensitive information, caused by a buffer overread memory in\nthe ARP component. By sending a specially crafted request, an attacker\ncould exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information,\ncaused by a buffer overread memory in the ICMP component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the BEEP component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the IPv6\nmobility component. By sending a specially crafted request, an\nattacker could exploit this vulnerability to obtain sensitive\ninformation. tcpdump could allow a remote attacker to obtain sensitive\ninformation, caused by a buffer overread memory in the IEEE 802.11\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the L2TP component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the NFS component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the\nJuniper component. By sending a specially crafted request, an attacker\ncould exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information,\ncaused by a buffer overread memory in the LMP component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the AODV component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the NFS\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the IEEE 802.15.4 component. By sending\na specially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the ISO IS-IS component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump could allow a remote attacker to\nobtain sensitive information, caused by a buffer overread memory in\nthe ISO IS-IS component. By sending a specially crafted request, an\nattacker could exploit this vulnerability to obtain sensitive\ninformation. tcpdump could allow a remote attacker to obtain sensitive\ninformation, caused by a buffer overread memory in the PIMv2\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the BGP component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump is vulnerable\nto a denial of service, caused by a heap-based buffer over-read in the\nlldp_print function in print-lldp.c. An attacker could exploit this\nvulnerability to cause the application to crash. tcpdump is vulnerable\nto a denial of service, caused by a heap-based buffer over-read in the\npimv1_print function in print-pim.c. An attacker could exploit this\nvulnerability to cause the application to crash. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the BGP component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the HNCP\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the ICMPv6 component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the MPTCP component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the\nISAKMP component. By sending a specially crafted request, an attacker\ncould exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information,\ncaused by a buffer overread memory in the PPP component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the IP component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the\nOSPFv3 component. By sending a specially crafted request, an attacker\ncould exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information,\ncaused by a buffer overread memory in the ISO IS-IS component. By\nsending a specially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the PGM component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the VTP\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the RADIUS component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the IPv6 fragmentation header component. By sending\na specially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the PIM component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the PPP\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the BOOTP component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the LLDP component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the ISO\nIS-IS component. By sending a specially crafted request, an attacker\ncould exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information,\ncaused by a buffer overread memory in the IPv6 mobility component. By\nsending a specially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the IPv6 mobility component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump could allow a remote attacker to\nobtain sensitive information, caused by a buffer overread memory in\nthe IPv6 mobility component. By sending a specially crafted request,\nan attacker could exploit this vulnerability to obtain sensitive\ninformation. tcpdump could allow a remote attacker to obtain sensitive\ninformation, caused by a buffer overread memory in the IP component.\nBy sending a specially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the ICMPv6 component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump could allow a remote attacker to\nobtain sensitive information, caused by a buffer overread memory in\nthe VTP component. By sending a specially crafted request, an attacker\ncould exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information,\ncaused by a buffer overread memory in the PGM component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the IPv6 routing headers component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the IKEv2 component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the IKEv1\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the OLSR component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the Cisco HDLC component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump could allow a remote attacker to\nobtain sensitive information, caused by a buffer overread memory in\nthe ISO IS-IS component. By sending a specially crafted request, an\nattacker could exploit this vulnerability to obtain sensitive\ninformation. tcpdump could allow a remote attacker to obtain sensitive\ninformation, caused by a buffer overread memory in the LLDP component.\nBy sending a specially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the BGP component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the CFM\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the RSVP component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the RPKI-Router component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump could allow a remote attacker to\nobtain sensitive information, caused by a buffer overread memory in\nthe Rx component. By sending a specially crafted request, an attacker\ncould exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information,\ncaused by a buffer overread memory in the RSVP component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the ISO ES-IS component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump could allow a remote attacker to\nobtain sensitive information, caused by a buffer overread memory in\nthe BGP component. By sending a specially crafted request, an attacker\ncould exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information,\ncaused by a buffer overread memory in the VQP component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the HNCP component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory3.asc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the appropriate interim fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:7.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"7.2\", ml:\"00\", sp:\"03\", patch:\"IV94724m5a\", package:\"bos.net.tcp.tcpdump\", minfilesetver:\"7.2.0.0\", maxfilesetver:\"7.2.0.3\") < 0) flag++;\nif (aix_check_ifix(release:\"7.2\", ml:\"00\", sp:\"04\", patch:\"IV94724m5a\", package:\"bos.net.tcp.tcpdump\", minfilesetver:\"7.2.0.0\", maxfilesetver:\"7.2.0.3\") < 0) flag++;\nif (aix_check_ifix(release:\"7.2\", ml:\"00\", sp:\"05\", patch:\"IV94724m5a\", package:\"bos.net.tcp.tcpdump\", minfilesetver:\"7.2.0.0\", maxfilesetver:\"7.2.0.3\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:aix_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-18T15:32:00", "description": "Vulnerabilities in tcpdump affect AIX :\n\nhttps://vulners.com/cve/CVE-2017-12993 https://vulners.com/cve/CVE-2017-12993 tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the Juniper component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the RIPng component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the BGP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the telnet component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IEEE 802.11 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IPv6 routing headers component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IPv6 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the Zephyr component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the EIGRP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the tok2strbuf component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the DECnet component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the NFS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISO CLNS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISAKMP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ICMP component.\nBy sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the lookup_bytestring component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the SMB/CIFS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump is vulnerable to a denial of service, caused by a heap-based buffer over-read in the pimv1_print function in print-pim.c. An attacker could exploit this vulnerability to cause the application to crash. tcpdump is vulnerable to a denial of service, caused by a heap-based buffer over-read in the lldp_print function in print-lldp.c. An attacker could exploit this vulnerability to cause the application to crash. tcpdump is vulnerable to a denial of service, caused by an error in the LLDP component. By sending specially crafted data, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.\ntcpdump is vulnerable to a denial of service, caused by an error in the DNS component. By sending specially crafted data, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. tcpdump is vulnerable to a denial of service, caused by an error in the ISAKMP component. By sending specially crafted data, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.\ntcpdump is vulnerable to a denial of service, caused by an error in the RESP component. By sending specially crafted data, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. tcpdump is vulnerable to a buffer overflow, caused by improper bounds checking by the bittok2str_internal component. By sending an overly long string argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.\ntcpdump is vulnerable to a denial of service, caused by a buffer overflow in the sliplink_print function in print-sl.c. An attacker could exploit this vulnerability to cause the application to crash.\ntcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the PGM component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the DHCPv6 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISO ES-IS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump is vulnerable to a denial of service, caused by a buffer overflow in the sliplink_print function in print-sl.c. An attacker could exploit this vulnerability to cause the application to crash. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the EAP component.\nBy sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the White Board component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ARP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ICMP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the BEEP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IPv6 mobility component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IEEE 802.11 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the L2TP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the NFS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the Juniper component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the LMP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the AODV component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the NFS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IEEE 802.15.4 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISO IS-IS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISO IS-IS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the PIMv2 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the BGP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump is vulnerable to a denial of service, caused by a heap-based buffer over-read in the lldp_print function in print-lldp.c. An attacker could exploit this vulnerability to cause the application to crash. tcpdump is vulnerable to a denial of service, caused by a heap-based buffer over-read in the pimv1_print function in print-pim.c. An attacker could exploit this vulnerability to cause the application to crash. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the BGP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the HNCP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ICMPv6 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the MPTCP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISAKMP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the PPP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the OSPFv3 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISO IS-IS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the PGM component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the VTP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the RADIUS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IPv6 fragmentation header component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the PIM component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the PPP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the BOOTP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the LLDP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISO IS-IS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IPv6 mobility component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IPv6 mobility component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IPv6 mobility component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IP component.\nBy sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ICMPv6 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the VTP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the PGM component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IPv6 routing headers component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IKEv2 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IKEv1 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the OLSR component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the Cisco HDLC component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISO IS-IS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the LLDP component.\nBy sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the BGP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the CFM component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the RSVP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the RPKI-Router component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the Rx component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the RSVP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISO ES-IS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the BGP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the VQP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the HNCP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-05-30T00:00:00", "type": "nessus", "title": "AIX 7.2 TL 1 : tcpdump (IV94723)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11541", "CVE-2017-11542", "CVE-2017-11543", "CVE-2017-12893", "CVE-2017-12894", "CVE-2017-12895", "CVE-2017-12896", "CVE-2017-12897", "CVE-2017-12898", "CVE-2017-12899", "CVE-2017-12900", "CVE-2017-12901", "CVE-2017-12902", "CVE-2017-12985", "CVE-2017-12986", "CVE-2017-12987", "CVE-2017-12988", "CVE-2017-12989", "CVE-2017-12990", "CVE-2017-12991", "CVE-2017-12992", "CVE-2017-12993", "CVE-2017-12994", "CVE-2017-12995", "CVE-2017-12996", "CVE-2017-12997", "CVE-2017-12998", "CVE-2017-12999", "CVE-2017-13000", "CVE-2017-13001", "CVE-2017-13002", "CVE-2017-13003", "CVE-2017-13004", "CVE-2017-13005", "CVE-2017-13006", "CVE-2017-13008", "CVE-2017-13009", "CVE-2017-13010", "CVE-2017-13011", "CVE-2017-13012", "CVE-2017-13013", "CVE-2017-13014", "CVE-2017-13015", "CVE-2017-13016", "CVE-2017-13017", "CVE-2017-13018", "CVE-2017-13019", "CVE-2017-13020", "CVE-2017-13021", "CVE-2017-13022", "CVE-2017-13023", "CVE-2017-13024", "CVE-2017-13025", "CVE-2017-13026", "CVE-2017-13027", "CVE-2017-13028", "CVE-2017-13029", "CVE-2017-13030", "CVE-2017-13031", "CVE-2017-13032", "CVE-2017-13033", "CVE-2017-13034", "CVE-2017-13035", "CVE-2017-13036", "CVE-2017-13037", "CVE-2017-13038", "CVE-2017-13039", "CVE-2017-13040", "CVE-2017-13041", "CVE-2017-13042", "CVE-2017-13043", "CVE-2017-13044", "CVE-2017-13045", "CVE-2017-13046", "CVE-2017-13047", "CVE-2017-13048", "CVE-2017-13049", "CVE-2017-13050", "CVE-2017-13051", "CVE-2017-13052", "CVE-2017-13053", "CVE-2017-13054", "CVE-2017-13055", "CVE-2017-13687", "CVE-2017-13688", "CVE-2017-13689", "CVE-2017-13690", "CVE-2017-13725"], "modified": "2021-01-04T00:00:00", "cpe": ["cpe:/o:ibm:aix:7.2"], "id": "AIX_IV94723.NASL", "href": "https://www.tenable.com/plugins/nessus/100467", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory tcpdump_advisory3.asc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100467);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-11541\", \"CVE-2017-11542\", \"CVE-2017-11543\", \"CVE-2017-12893\", \"CVE-2017-12894\", \"CVE-2017-12895\", \"CVE-2017-12896\", \"CVE-2017-12897\", \"CVE-2017-12898\", \"CVE-2017-12899\", \"CVE-2017-12900\", \"CVE-2017-12901\", \"CVE-2017-12902\", \"CVE-2017-12985\", \"CVE-2017-12986\", \"CVE-2017-12987\", \"CVE-2017-12988\", \"CVE-2017-12989\", \"CVE-2017-12990\", \"CVE-2017-12991\", \"CVE-2017-12992\", \"CVE-2017-12993\", \"CVE-2017-12994\", \"CVE-2017-12995\", \"CVE-2017-12996\", \"CVE-2017-12997\", \"CVE-2017-12998\", \"CVE-2017-12999\", \"CVE-2017-13000\", \"CVE-2017-13001\", \"CVE-2017-13002\", \"CVE-2017-13003\", \"CVE-2017-13004\", \"CVE-2017-13005\", \"CVE-2017-13006\", \"CVE-2017-13008\", \"CVE-2017-13009\", \"CVE-2017-13010\", \"CVE-2017-13011\", \"CVE-2017-13012\", \"CVE-2017-13013\", \"CVE-2017-13014\", \"CVE-2017-13015\", \"CVE-2017-13016\", \"CVE-2017-13017\", \"CVE-2017-13018\", \"CVE-2017-13019\", \"CVE-2017-13020\", \"CVE-2017-13021\", \"CVE-2017-13022\", \"CVE-2017-13023\", \"CVE-2017-13024\", \"CVE-2017-13025\", \"CVE-2017-13026\", \"CVE-2017-13027\", \"CVE-2017-13028\", \"CVE-2017-13029\", \"CVE-2017-13030\", \"CVE-2017-13031\", \"CVE-2017-13032\", \"CVE-2017-13033\", \"CVE-2017-13034\", \"CVE-2017-13035\", \"CVE-2017-13036\", \"CVE-2017-13037\", \"CVE-2017-13038\", \"CVE-2017-13039\", \"CVE-2017-13040\", \"CVE-2017-13041\", \"CVE-2017-13042\", \"CVE-2017-13043\", \"CVE-2017-13044\", \"CVE-2017-13045\", \"CVE-2017-13046\", \"CVE-2017-13047\", \"CVE-2017-13048\", \"CVE-2017-13049\", \"CVE-2017-13050\", \"CVE-2017-13051\", \"CVE-2017-13052\", \"CVE-2017-13053\", \"CVE-2017-13054\", \"CVE-2017-13055\", \"CVE-2017-13687\", \"CVE-2017-13688\", \"CVE-2017-13689\", \"CVE-2017-13690\", \"CVE-2017-13725\");\n\n script_name(english:\"AIX 7.2 TL 1 : tcpdump (IV94723)\");\n script_summary(english:\"Check for APAR IV94723\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote AIX host is missing a security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vulnerabilities in tcpdump affect AIX :\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12993\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12993 tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the Juniper component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the RIPng component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the BGP\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the telnet component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the IEEE 802.11 component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump could allow a remote attacker to\nobtain sensitive information, caused by a buffer overread memory in\nthe IPv6 routing headers component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the IPv6\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the Zephyr component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the EIGRP component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the\ntok2strbuf component. By sending a specially crafted request, an\nattacker could exploit this vulnerability to obtain sensitive\ninformation. tcpdump could allow a remote attacker to obtain sensitive\ninformation, caused by a buffer overread memory in the DECnet\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the NFS component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the ISO CLNS component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump could allow a remote attacker to\nobtain sensitive information, caused by a buffer overread memory in\nthe ISAKMP component. By sending a specially crafted request, an\nattacker could exploit this vulnerability to obtain sensitive\ninformation. tcpdump could allow a remote attacker to obtain sensitive\ninformation, caused by a buffer overread memory in the ICMP component.\nBy sending a specially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the lookup_bytestring component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the SMB/CIFS component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump is vulnerable to a denial of\nservice, caused by a heap-based buffer over-read in the pimv1_print\nfunction in print-pim.c. An attacker could exploit this vulnerability\nto cause the application to crash. tcpdump is vulnerable to a denial\nof service, caused by a heap-based buffer over-read in the lldp_print\nfunction in print-lldp.c. An attacker could exploit this vulnerability\nto cause the application to crash. tcpdump is vulnerable to a denial\nof service, caused by an error in the LLDP component. By sending\nspecially crafted data, a remote attacker could exploit this\nvulnerability to cause the application to enter into an infinite loop.\ntcpdump is vulnerable to a denial of service, caused by an error in\nthe DNS component. By sending specially crafted data, a remote\nattacker could exploit this vulnerability to cause the application to\nenter into an infinite loop. tcpdump is vulnerable to a denial of\nservice, caused by an error in the ISAKMP component. By sending\nspecially crafted data, a remote attacker could exploit this\nvulnerability to cause the application to enter into an infinite loop.\ntcpdump is vulnerable to a denial of service, caused by an error in\nthe RESP component. By sending specially crafted data, a remote\nattacker could exploit this vulnerability to cause the application to\nenter into an infinite loop. tcpdump is vulnerable to a buffer\noverflow, caused by improper bounds checking by the\nbittok2str_internal component. By sending an overly long string\nargument, a remote attacker could overflow a buffer and execute\narbitrary code on the system or cause the application to crash.\ntcpdump is vulnerable to a denial of service, caused by a buffer\noverflow in the sliplink_print function in print-sl.c. An attacker\ncould exploit this vulnerability to cause the application to crash.\ntcpdump could allow a remote attacker to obtain sensitive information,\ncaused by a buffer overread memory in the PGM component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the DHCPv6 component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump could allow a remote attacker to\nobtain sensitive information, caused by a buffer overread memory in\nthe ISO ES-IS component. By sending a specially crafted request, an\nattacker could exploit this vulnerability to obtain sensitive\ninformation. tcpdump is vulnerable to a denial of service, caused by a\nbuffer overflow in the sliplink_print function in print-sl.c. An\nattacker could exploit this vulnerability to cause the application to\ncrash. tcpdump could allow a remote attacker to obtain sensitive\ninformation, caused by a buffer overread memory in the EAP component.\nBy sending a specially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the White Board component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump could allow a remote attacker to\nobtain sensitive information, caused by a buffer overread memory in\nthe ARP component. By sending a specially crafted request, an attacker\ncould exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information,\ncaused by a buffer overread memory in the ICMP component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the BEEP component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the IPv6\nmobility component. By sending a specially crafted request, an\nattacker could exploit this vulnerability to obtain sensitive\ninformation. tcpdump could allow a remote attacker to obtain sensitive\ninformation, caused by a buffer overread memory in the IEEE 802.11\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the L2TP component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the NFS component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the\nJuniper component. By sending a specially crafted request, an attacker\ncould exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information,\ncaused by a buffer overread memory in the LMP component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the AODV component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the NFS\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the IEEE 802.15.4 component. By sending\na specially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the ISO IS-IS component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump could allow a remote attacker to\nobtain sensitive information, caused by a buffer overread memory in\nthe ISO IS-IS component. By sending a specially crafted request, an\nattacker could exploit this vulnerability to obtain sensitive\ninformation. tcpdump could allow a remote attacker to obtain sensitive\ninformation, caused by a buffer overread memory in the PIMv2\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the BGP component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump is vulnerable\nto a denial of service, caused by a heap-based buffer over-read in the\nlldp_print function in print-lldp.c. An attacker could exploit this\nvulnerability to cause the application to crash. tcpdump is vulnerable\nto a denial of service, caused by a heap-based buffer over-read in the\npimv1_print function in print-pim.c. An attacker could exploit this\nvulnerability to cause the application to crash. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the BGP component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the HNCP\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the ICMPv6 component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the MPTCP component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the\nISAKMP component. By sending a specially crafted request, an attacker\ncould exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information,\ncaused by a buffer overread memory in the PPP component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the IP component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the\nOSPFv3 component. By sending a specially crafted request, an attacker\ncould exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information,\ncaused by a buffer overread memory in the ISO IS-IS component. By\nsending a specially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the PGM component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the VTP\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the RADIUS component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the IPv6 fragmentation header component. By sending\na specially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the PIM component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the PPP\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the BOOTP component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the LLDP component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the ISO\nIS-IS component. By sending a specially crafted request, an attacker\ncould exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information,\ncaused by a buffer overread memory in the IPv6 mobility component. By\nsending a specially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the IPv6 mobility component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump could allow a remote attacker to\nobtain sensitive information, caused by a buffer overread memory in\nthe IPv6 mobility component. By sending a specially crafted request,\nan attacker could exploit this vulnerability to obtain sensitive\ninformation. tcpdump could allow a remote attacker to obtain sensitive\ninformation, caused by a buffer overread memory in the IP component.\nBy sending a specially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the ICMPv6 component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump could allow a remote attacker to\nobtain sensitive information, caused by a buffer overread memory in\nthe VTP component. By sending a specially crafted request, an attacker\ncould exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information,\ncaused by a buffer overread memory in the PGM component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the IPv6 routing headers component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the IKEv2 component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the IKEv1\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the OLSR component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the Cisco HDLC component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump could allow a remote attacker to\nobtain sensitive information, caused by a buffer overread memory in\nthe ISO IS-IS component. By sending a specially crafted request, an\nattacker could exploit this vulnerability to obtain sensitive\ninformation. tcpdump could allow a remote attacker to obtain sensitive\ninformation, caused by a buffer overread memory in the LLDP component.\nBy sending a specially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the BGP component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the CFM\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the RSVP component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the RPKI-Router component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump could allow a remote attacker to\nobtain sensitive information, caused by a buffer overread memory in\nthe Rx component. By sending a specially crafted request, an attacker\ncould exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information,\ncaused by a buffer overread memory in the RSVP component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the ISO ES-IS component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump could allow a remote attacker to\nobtain sensitive information, caused by a buffer overread memory in\nthe BGP component. By sending a specially crafted request, an attacker\ncould exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information,\ncaused by a buffer overread memory in the VQP component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the HNCP component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory3.asc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the appropriate interim fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:7.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"7.2\", ml:\"01\", sp:\"01\", patch:\"IV94723m3a\", package:\"bos.net.tcp.tcpdump\", minfilesetver:\"7.2.1.0\", maxfilesetver:\"7.2.1.1\") < 0) flag++;\nif (aix_check_ifix(release:\"7.2\", ml:\"01\", sp:\"02\", patch:\"IV94723m3a\", package:\"bos.net.tcp.tcpdump\", minfilesetver:\"7.2.1.0\", maxfilesetver:\"7.2.1.1\") < 0) flag++;\nif (aix_check_ifix(release:\"7.2\", ml:\"01\", sp:\"03\", patch:\"IV94723m3a\", package:\"bos.net.tcp.tcpdump\", minfilesetver:\"7.2.1.0\", maxfilesetver:\"7.2.1.1\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:aix_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-18T15:32:11", "description": "Vulnerabilities in tcpdump affect AIX :\n\nhttps://vulners.com/cve/CVE-2017-12993 https://vulners.com/cve/CVE-2017-12993 tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the Juniper component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the RIPng component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the BGP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the telnet component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IEEE 802.11 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IPv6 routing headers component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IPv6 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the Zephyr component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the EIGRP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the tok2strbuf component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the DECnet component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the NFS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISO CLNS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISAKMP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ICMP component.\nBy sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the lookup_bytestring component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the SMB/CIFS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump is vulnerable to a denial of service, caused by a heap-based buffer over-read in the pimv1_print function in print-pim.c. An attacker could exploit this vulnerability to cause the application to crash. tcpdump is vulnerable to a denial of service, caused by a heap-based buffer over-read in the lldp_print function in print-lldp.c. An attacker could exploit this vulnerability to cause the application to crash. tcpdump is vulnerable to a denial of service, caused by an error in the LLDP component. By sending specially crafted data, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.\ntcpdump is vulnerable to a denial of service, caused by an error in the DNS component. By sending specially crafted data, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. tcpdump is vulnerable to a denial of service, caused by an error in the ISAKMP component. By sending specially crafted data, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.\ntcpdump is vulnerable to a denial of service, caused by an error in the RESP component. By sending specially crafted data, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. tcpdump is vulnerable to a buffer overflow, caused by improper bounds checking by the bittok2str_internal component. By sending an overly long string argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.\ntcpdump is vulnerable to a denial of service, caused by a buffer overflow in the sliplink_print function in print-sl.c. An attacker could exploit this vulnerability to cause the application to crash.\ntcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the PGM component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the DHCPv6 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISO ES-IS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump is vulnerable to a denial of service, caused by a buffer overflow in the sliplink_print function in print-sl.c. An attacker could exploit this vulnerability to cause the application to crash. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the EAP component.\nBy sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the White Board component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ARP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ICMP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the BEEP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IPv6 mobility component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IEEE 802.11 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the L2TP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the NFS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the Juniper component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the LMP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the AODV component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the NFS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IEEE 802.15.4 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISO IS-IS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISO IS-IS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the PIMv2 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the BGP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump is vulnerable to a denial of service, caused by a heap-based buffer over-read in the lldp_print function in print-lldp.c. An attacker could exploit this vulnerability to cause the application to crash. tcpdump is vulnerable to a denial of service, caused by a heap-based buffer over-read in the pimv1_print function in print-pim.c. An attacker could exploit this vulnerability to cause the application to crash. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the BGP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the HNCP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ICMPv6 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the MPTCP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISAKMP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the PPP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the OSPFv3 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISO IS-IS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the PGM component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the VTP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the RADIUS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IPv6 fragmentation header component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the PIM component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the PPP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the BOOTP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the LLDP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISO IS-IS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IPv6 mobility component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IPv6 mobility component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IPv6 mobility component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IP component.\nBy sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ICMPv6 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the VTP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the PGM component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IPv6 routing headers component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IKEv2 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IKEv1 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the OLSR component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the Cisco HDLC component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISO IS-IS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the LLDP component.\nBy sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the BGP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the CFM component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the RSVP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the RPKI-Router component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the Rx component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the RSVP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISO ES-IS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the BGP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the VQP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the HNCP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-05-30T00:00:00", "type": "nessus", "title": "AIX 5.3 TL 12 : tcpdump (IV94729)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11541", "CVE-2017-11542", "CVE-2017-11543", "CVE-2017-12893", "CVE-2017-12894", "CVE-2017-12895", "CVE-2017-12896", "CVE-2017-12897", "CVE-2017-12898", "CVE-2017-12899", "CVE-2017-12900", "CVE-2017-12901", "CVE-2017-12902", "CVE-2017-12985", "CVE-2017-12986", "CVE-2017-12987", "CVE-2017-12988", "CVE-2017-12989", "CVE-2017-12990", "CVE-2017-12991", "CVE-2017-12992", "CVE-2017-12993", "CVE-2017-12994", "CVE-2017-12995", "CVE-2017-12996", "CVE-2017-12997", "CVE-2017-12998", "CVE-2017-12999", "CVE-2017-13000", "CVE-2017-13001", "CVE-2017-13002", "CVE-2017-13003", "CVE-2017-13004", "CVE-2017-13005", "CVE-2017-13006", "CVE-2017-13008", "CVE-2017-13009", "CVE-2017-13010", "CVE-2017-13011", "CVE-2017-13012", "CVE-2017-13013", "CVE-2017-13014", "CVE-2017-13015", "CVE-2017-13016", "CVE-2017-13017", "CVE-2017-13018", "CVE-2017-13019", "CVE-2017-13020", "CVE-2017-13021", "CVE-2017-13022", "CVE-2017-13023", "CVE-2017-13024", "CVE-2017-13025", "CVE-2017-13026", "CVE-2017-13027", "CVE-2017-13028", "CVE-2017-13029", "CVE-2017-13030", "CVE-2017-13031", "CVE-2017-13032", "CVE-2017-13033", "CVE-2017-13034", "CVE-2017-13035", "CVE-2017-13036", "CVE-2017-13037", "CVE-2017-13038", "CVE-2017-13039", "CVE-2017-13040", "CVE-2017-13041", "CVE-2017-13042", "CVE-2017-13043", "CVE-2017-13044", "CVE-2017-13045", "CVE-2017-13046", "CVE-2017-13047", "CVE-2017-13048", "CVE-2017-13049", "CVE-2017-13050", "CVE-2017-13051", "CVE-2017-13052", "CVE-2017-13053", "CVE-2017-13054", "CVE-2017-13055", "CVE-2017-13687", "CVE-2017-13688", "CVE-2017-13689", "CVE-2017-13690", "CVE-2017-13725"], "modified": "2021-01-04T00:00:00", "cpe": ["cpe:/o:ibm:aix:5.3"], "id": "AIX_IV94729.NASL", "href": "https://www.tenable.com/plugins/nessus/100472", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory tcpdump_advisory3.asc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100472);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-11541\", \"CVE-2017-11542\", \"CVE-2017-11543\", \"CVE-2017-12893\", \"CVE-2017-12894\", \"CVE-2017-12895\", \"CVE-2017-12896\", \"CVE-2017-12897\", \"CVE-2017-12898\", \"CVE-2017-12899\", \"CVE-2017-12900\", \"CVE-2017-12901\", \"CVE-2017-12902\", \"CVE-2017-12985\", \"CVE-2017-12986\", \"CVE-2017-12987\", \"CVE-2017-12988\", \"CVE-2017-12989\", \"CVE-2017-12990\", \"CVE-2017-12991\", \"CVE-2017-12992\", \"CVE-2017-12993\", \"CVE-2017-12994\", \"CVE-2017-12995\", \"CVE-2017-12996\", \"CVE-2017-12997\", \"CVE-2017-12998\", \"CVE-2017-12999\", \"CVE-2017-13000\", \"CVE-2017-13001\", \"CVE-2017-13002\", \"CVE-2017-13003\", \"CVE-2017-13004\", \"CVE-2017-13005\", \"CVE-2017-13006\", \"CVE-2017-13008\", \"CVE-2017-13009\", \"CVE-2017-13010\", \"CVE-2017-13011\", \"CVE-2017-13012\", \"CVE-2017-13013\", \"CVE-2017-13014\", \"CVE-2017-13015\", \"CVE-2017-13016\", \"CVE-2017-13017\", \"CVE-2017-13018\", \"CVE-2017-13019\", \"CVE-2017-13020\", \"CVE-2017-13021\", \"CVE-2017-13022\", \"CVE-2017-13023\", \"CVE-2017-13024\", \"CVE-2017-13025\", \"CVE-2017-13026\", \"CVE-2017-13027\", \"CVE-2017-13028\", \"CVE-2017-13029\", \"CVE-2017-13030\", \"CVE-2017-13031\", \"CVE-2017-13032\", \"CVE-2017-13033\", \"CVE-2017-13034\", \"CVE-2017-13035\", \"CVE-2017-13036\", \"CVE-2017-13037\", \"CVE-2017-13038\", \"CVE-2017-13039\", \"CVE-2017-13040\", \"CVE-2017-13041\", \"CVE-2017-13042\", \"CVE-2017-13043\", \"CVE-2017-13044\", \"CVE-2017-13045\", \"CVE-2017-13046\", \"CVE-2017-13047\", \"CVE-2017-13048\", \"CVE-2017-13049\", \"CVE-2017-13050\", \"CVE-2017-13051\", \"CVE-2017-13052\", \"CVE-2017-13053\", \"CVE-2017-13054\", \"CVE-2017-13055\", \"CVE-2017-13687\", \"CVE-2017-13688\", \"CVE-2017-13689\", \"CVE-2017-13690\", \"CVE-2017-13725\");\n\n script_name(english:\"AIX 5.3 TL 12 : tcpdump (IV94729)\");\n script_summary(english:\"Check for APAR IV94729\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote AIX host is missing a security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vulnerabilities in tcpdump affect AIX :\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12993\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12993 tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the Juniper component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the RIPng component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the BGP\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the telnet component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the IEEE 802.11 component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump could allow a remote attacker to\nobtain sensitive information, caused by a buffer overread memory in\nthe IPv6 routing headers component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the IPv6\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the Zephyr component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the EIGRP component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the\ntok2strbuf component. By sending a specially crafted request, an\nattacker could exploit this vulnerability to obtain sensitive\ninformation. tcpdump could allow a remote attacker to obtain sensitive\ninformation, caused by a buffer overread memory in the DECnet\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the NFS component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the ISO CLNS component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump could allow a remote attacker to\nobtain sensitive information, caused by a buffer overread memory in\nthe ISAKMP component. By sending a specially crafted request, an\nattacker could exploit this vulnerability to obtain sensitive\ninformation. tcpdump could allow a remote attacker to obtain sensitive\ninformation, caused by a buffer overread memory in the ICMP component.\nBy sending a specially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the lookup_bytestring component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the SMB/CIFS component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump is vulnerable to a denial of\nservice, caused by a heap-based buffer over-read in the pimv1_print\nfunction in print-pim.c. An attacker could exploit this vulnerability\nto cause the application to crash. tcpdump is vulnerable to a denial\nof service, caused by a heap-based buffer over-read in the lldp_print\nfunction in print-lldp.c. An attacker could exploit this vulnerability\nto cause the application to crash. tcpdump is vulnerable to a denial\nof service, caused by an error in the LLDP component. By sending\nspecially crafted data, a remote attacker could exploit this\nvulnerability to cause the application to enter into an infinite loop.\ntcpdump is vulnerable to a denial of service, caused by an error in\nthe DNS component. By sending specially crafted data, a remote\nattacker could exploit this vulnerability to cause the application to\nenter into an infinite loop. tcpdump is vulnerable to a denial of\nservice, caused by an error in the ISAKMP component. By sending\nspecially crafted data, a remote attacker could exploit this\nvulnerability to cause the application to enter into an infinite loop.\ntcpdump is vulnerable to a denial of service, caused by an error in\nthe RESP component. By sending specially crafted data, a remote\nattacker could exploit this vulnerability to cause the application to\nenter into an infinite loop. tcpdump is vulnerable to a buffer\noverflow, caused by improper bounds checking by the\nbittok2str_internal component. By sending an overly long string\nargument, a remote attacker could overflow a buffer and execute\narbitrary code on the system or cause the application to crash.\ntcpdump is vulnerable to a denial of service, caused by a buffer\noverflow in the sliplink_print function in print-sl.c. An attacker\ncould exploit this vulnerability to cause the application to crash.\ntcpdump could allow a remote attacker to obtain sensitive information,\ncaused by a buffer overread memory in the PGM component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the DHCPv6 component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump could allow a remote attacker to\nobtain sensitive information, caused by a buffer overread memory in\nthe ISO ES-IS component. By sending a specially crafted request, an\nattacker could exploit this vulnerability to obtain sensitive\ninformation. tcpdump is vulnerable to a denial of service, caused by a\nbuffer overflow in the sliplink_print function in print-sl.c. An\nattacker could exploit this vulnerability to cause the application to\ncrash. tcpdump could allow a remote attacker to obtain sensitive\ninformation, caused by a buffer overread memory in the EAP component.\nBy sending a specially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the White Board component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump could allow a remote attacker to\nobtain sensitive information, caused by a buffer overread memory in\nthe ARP component. By sending a specially crafted request, an attacker\ncould exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information,\ncaused by a buffer overread memory in the ICMP component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the BEEP component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the IPv6\nmobility component. By sending a specially crafted request, an\nattacker could exploit this vulnerability to obtain sensitive\ninformation. tcpdump could allow a remote attacker to obtain sensitive\ninformation, caused by a buffer overread memory in the IEEE 802.11\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the L2TP component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the NFS component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the\nJuniper component. By sending a specially crafted request, an attacker\ncould exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information,\ncaused by a buffer overread memory in the LMP component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the AODV component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the NFS\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the IEEE 802.15.4 component. By sending\na specially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the ISO IS-IS component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump could allow a remote attacker to\nobtain sensitive information, caused by a buffer overread memory in\nthe ISO IS-IS component. By sending a specially crafted request, an\nattacker could exploit this vulnerability to obtain sensitive\ninformation. tcpdump could allow a remote attacker to obtain sensitive\ninformation, caused by a buffer overread memory in the PIMv2\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the BGP component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump is vulnerable\nto a denial of service, caused by a heap-based buffer over-read in the\nlldp_print function in print-lldp.c. An attacker could exploit this\nvulnerability to cause the application to crash. tcpdump is vulnerable\nto a denial of service, caused by a heap-based buffer over-read in the\npimv1_print function in print-pim.c. An attacker could exploit this\nvulnerability to cause the application to crash. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the BGP component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the HNCP\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the ICMPv6 component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the MPTCP component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the\nISAKMP component. By sending a specially crafted request, an attacker\ncould exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information,\ncaused by a buffer overread memory in the PPP component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the IP component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the\nOSPFv3 component. By sending a specially crafted request, an attacker\ncould exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information,\ncaused by a buffer overread memory in the ISO IS-IS component. By\nsending a specially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the PGM component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the VTP\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the RADIUS component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the IPv6 fragmentation header component. By sending\na specially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the PIM component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the PPP\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the BOOTP component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the LLDP component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the ISO\nIS-IS component. By sending a specially crafted request, an attacker\ncould exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information,\ncaused by a buffer overread memory in the IPv6 mobility component. By\nsending a specially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the IPv6 mobility component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump could allow a remote attacker to\nobtain sensitive information, caused by a buffer overread memory in\nthe IPv6 mobility component. By sending a specially crafted request,\nan attacker could exploit this vulnerability to obtain sensitive\ninformation. tcpdump could allow a remote attacker to obtain sensitive\ninformation, caused by a buffer overread memory in the IP component.\nBy sending a specially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the ICMPv6 component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump could allow a remote attacker to\nobtain sensitive information, caused by a buffer overread memory in\nthe VTP component. By sending a specially crafted request, an attacker\ncould exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information,\ncaused by a buffer overread memory in the PGM component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the IPv6 routing headers component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the IKEv2 component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the IKEv1\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the OLSR component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the Cisco HDLC component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump could allow a remote attacker to\nobtain sensitive information, caused by a buffer overread memory in\nthe ISO IS-IS component. By sending a specially crafted request, an\nattacker could exploit this vulnerability to obtain sensitive\ninformation. tcpdump could allow a remote attacker to obtain sensitive\ninformation, caused by a buffer overread memory in the LLDP component.\nBy sending a specially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the BGP component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information. tcpdump could allow a remote attacker to obtain\nsensitive information, caused by a buffer overread memory in the CFM\ncomponent. By sending a specially crafted request, an attacker could\nexploit this vulnerability to obtain sensitive information. tcpdump\ncould allow a remote attacker to obtain sensitive information, caused\nby a buffer overread memory in the RSVP component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the RPKI-Router component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump could allow a remote attacker to\nobtain sensitive information, caused by a buffer overread memory in\nthe Rx component. By sending a specially crafted request, an attacker\ncould exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information,\ncaused by a buffer overread memory in the RSVP component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the ISO ES-IS component. By sending a specially\ncrafted request, an attacker could exploit this vulnerability to\nobtain sensitive information. tcpdump could allow a remote attacker to\nobtain sensitive information, caused by a buffer overread memory in\nthe BGP component. By sending a specially crafted request, an attacker\ncould exploit this vulnerability to obtain sensitive information.\ntcpdump could allow a remote attacker to obtain sensitive information,\ncaused by a buffer overread memory in the VQP component. By sending a\nspecially crafted request, an attacker could exploit this\nvulnerability to obtain sensitive information. tcpdump could allow a\nremote attacker to obtain sensitive information, caused by a buffer\noverread memory in the HNCP component. By sending a specially crafted\nrequest, an attacker could exploit this vulnerability to obtain\nsensitive information.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory3.asc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the appropriate interim fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:5.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"5.3\", ml:\"12\", sp:\"09\", patch:\"IV94729m9a\", package:\"bos.net.tcp.server\", minfilesetver:\"5.3.12.0\", maxfilesetver:\"5.3.12.6\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:aix_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-17T23:19:51", "description": "The remote host is running a version of Mac OS X that is 10.13.x prior to 10.13.1. It is, therefore, affected by multiple vulnerabilities in the following components :\n\n - APFS\n - curl\n - Dictionary Widget\n - Kernel\n - StreamingZip\n - tcpdump\n - Wi-Fi\n\nNote that successful exploitation of the most serious issues can result in arbitrary code execution.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-04-10T00:00:00", "type": "nessus", "title": "macOS 10.13.x < 10.13.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000100", "CVE-2017-1000101", "CVE-2017-11108", "CVE-2017-11541", "CVE-2017-11542", "CVE-2017-11543", "CVE-2017-12893", "CVE-2017-12894", "CVE-2017-12895", "CVE-2017-12896", "CVE-2017-12897", "CVE-2017-12898", "CVE-2017-12899", "CVE-2017-12900", "CVE-2017-12901", "CVE-2017-12902", "CVE-2017-12985", "CVE-2017-12986", "CVE-2017-12987", "CVE-2017-12988", "CVE-2017-12989", "CVE-2017-12990", "CVE-2017-12991", "CVE-2017-12992", "CVE-2017-12993", "CVE-2017-12994", "CVE-2017-12995", "CVE-2017-12996", "CVE-2017-12997", "CVE-2017-12998", "CVE-2017-12999", "CVE-2017-13000", "CVE-2017-13001", "CVE-2017-13002", "CVE-2017-13003", "CVE-2017-13004", "CVE-2017-13005", "CVE-2017-13006", "CVE-2017-13007", "CVE-2017-13008", "CVE-2017-13009", "CVE-2017-13010", "CVE-2017-13011", "CVE-2017-13012", "CVE-2017-13013", "CVE-2017-13014", "CVE-2017-13015", "CVE-2017-13016", "CVE-2017-13017", "CVE-2017-13018", "CVE-2017-13019", "CVE-2017-13020", "CVE-2017-13021", "CVE-2017-13022", "CVE-2017-13023", "CVE-2017-13024", "CVE-2017-13025", "CVE-2017-13026", "CVE-2017-13027", "CVE-2017-13028", "CVE-2017-13029", "CVE-2017-13030", "CVE-2017-13031", "CVE-2017-13032", "CVE-2017-13033", "CVE-2017-13034", "CVE-2017-13035", "CVE-2017-13036", "CVE-2017-13037", "CVE-2017-13038", "CVE-2017-13039", "CVE-2017-13040", "CVE-2017-13041", "CVE-2017-13042", "CVE-2017-13043", "CVE-2017-13044", "CVE-2017-13045", "CVE-2017-13046", "CVE-2017-13047", "CVE-2017-13048", "CVE-2017-13049", "CVE-2017-13050", "CVE-2017-13051", "CVE-2017-13052", "CVE-2017-13053", "CVE-2017-13054", "CVE-2017-13055", "CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13080", "CVE-2017-13687", "CVE-2017-13688", "CVE-2017-13689", "CVE-2017-13690", "CVE-2017-13725", "CVE-2017-13786", "CVE-2017-13799", "CVE-2017-13800", "CVE-2017-13801", "CVE-2017-13804", "CVE-2017-13852"], "modified": "2019-04-10T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "700512.PRM", "href": "https://www.tenable.com/plugins/nnm/700512", "sourceData": "Binary data 700512.prm", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:38:53", "description": "The remote host is running a version of Mac OS X that is 10.13.x prior to 10.13.1. It is, therefore, affected by multiple vulnerabilities in the following components :\n\n - APFS\n - curl\n - Dictionary Widget\n - Kernel\n - StreamingZip\n - tcpdump\n - Wi-Fi\n\nNote that successful exploitation of the most serious issues can result in arbitrary code execution.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-11-03T00:00:00", "type": "nessus", "title": "macOS 10.13.x < 10.13.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000100", "CVE-2017-1000101", "CVE-2017-11108", "CVE-2017-11541", "CVE-2017-11542", "CVE-2017-11543", "CVE-2017-12893", "CVE-2017-12894", "CVE-2017-12895", "CVE-2017-12896", "CVE-2017-12897", "CVE-2017-12898", "CVE-2017-12899", "CVE-2017-12900", "CVE-2017-12901", "CVE-2017-12902", "CVE-2017-12985", "CVE-2017-12986", "CVE-2017-12987", "CVE-2017-12988", "CVE-2017-12989", "CVE-2017-12990", "CVE-2017-12991", "CVE-2017-12992", "CVE-2017-12993", "CVE-2017-12994", "CVE-2017-12995", "CVE-2017-12996", "CVE-2017-12997", "CVE-2017-12998", "CVE-2017-12999", "CVE-2017-13000", "CVE-2017-13001", "CVE-2017-13002", "CVE-2017-13003", "CVE-2017-13004", "CVE-2017-13005", "CVE-2017-13006", "CVE-2017-13007", "CVE-2017-13008", "CVE-2017-13009", "CVE-2017-13010", "CVE-2017-13011", "CVE-2017-13012", "CVE-2017-13013", "CVE-2017-13014", "CVE-2017-13015", "CVE-2017-13016", "CVE-2017-13017", "CVE-2017-13018", "CVE-2017-13019", "CVE-2017-13020", "CVE-2017-13021", "CVE-2017-13022", "CVE-2017-13023", "CVE-2017-13024", "CVE-2017-13025", "CVE-2017-13026", "CVE-2017-13027", "CVE-2017-13028", "CVE-2017-13029", "CVE-2017-13030", "CVE-2017-13031", "CVE-2017-13032", "CVE-2017-13033", "CVE-2017-13034", "CVE-2017-13035", "CVE-2017-13036", "CVE-2017-13037", "CVE-2017-13038", "CVE-2017-13039", "CVE-2017-13040", "CVE-2017-13041", "CVE-2017-13042", "CVE-2017-13043", "CVE-2017-13044", "CVE-2017-13045", "CVE-2017-13046", "CVE-2017-13047", "CVE-2017-13048", "CVE-2017-13049", "CVE-2017-13050", "CVE-2017-13051", "CVE-2017-13052", "CVE-2017-13053", "CVE-2017-13054", "CVE-2017-13055", "CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13080", "CVE-2017-13687", "CVE-2017-13688", "CVE-2017-13689", "CVE-2017-13690", "CVE-2017-13725", "CVE-2017-13786", "CVE-2017-13799", "CVE-2017-13800", "CVE-2017-13801", "CVE-2017-13804", "CVE-2017-13808", "CVE-2017-13811", "CVE-2017-13852", "CVE-2017-13907", "CVE-2017-7170", "CVE-2018-4390", "CVE-2018-4391"], "modified": "2019-06-19T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x", "cpe:/o:apple:macos"], "id": "MACOS_10_13_1.NASL", "href": "https://www.tenable.com/plugins/nessus/104378", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104378);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/06/19 15:17:43\");\n\n script_cve_id(\n \"CVE-2017-1000100\",\n \"CVE-2017-1000101\",\n \"CVE-2017-11108\",\n \"CVE-2017-11541\",\n \"CVE-2017-11542\",\n \"CVE-2017-11543\",\n \"CVE-2017-12893\",\n \"CVE-2017-12894\",\n \"CVE-2017-12895\",\n \"CVE-2017-12896\",\n \"CVE-2017-12897\",\n \"CVE-2017-12898\",\n \"CVE-2017-12899\",\n \"CVE-2017-12900\",\n \"CVE-2017-12901\",\n \"CVE-2017-12902\",\n \"CVE-2017-12985\",\n \"CVE-2017-12986\",\n \"CVE-2017-12987\",\n \"CVE-2017-12988\",\n \"CVE-2017-12989\",\n \"CVE-2017-12990\",\n \"CVE-2017-12991\",\n \"CVE-2017-12992\",\n \"CVE-2017-12993\",\n \"CVE-2017-12994\",\n \"CVE-2017-12995\",\n \"CVE-2017-12996\",\n \"CVE-2017-12997\",\n \"CVE-2017-12998\",\n \"CVE-2017-12999\",\n \"CVE-2017-13000\",\n \"CVE-2017-13001\",\n \"CVE-2017-13002\",\n \"CVE-2017-13003\",\n \"CVE-2017-13004\",\n \"CVE-2017-13005\",\n \"CVE-2017-13006\",\n \"CVE-2017-13007\",\n \"CVE-2017-13008\",\n \"CVE-2017-13009\",\n \"CVE-2017-13010\",\n \"CVE-2017-13011\",\n \"CVE-2017-13012\",\n \"CVE-2017-13013\",\n \"CVE-2017-13014\",\n \"CVE-2017-13015\",\n \"CVE-2017-13016\",\n \"CVE-2017-13017\",\n \"CVE-2017-13018\",\n \"CVE-2017-13019\",\n \"CVE-2017-13020\",\n \"CVE-2017-13021\",\n \"CVE-2017-13022\",\n \"CVE-2017-13023\",\n \"CVE-2017-13024\",\n \"CVE-2017-13025\",\n \"CVE-2017-13026\",\n \"CVE-2017-13027\",\n \"CVE-2017-13028\",\n \"CVE-2017-13029\",\n \"CVE-2017-13030\",\n \"CVE-2017-13031\",\n \"CVE-2017-13032\",\n \"CVE-2017-13033\",\n \"CVE-2017-13034\",\n \"CVE-2017-13035\",\n \"CVE-2017-13036\",\n \"CVE-2017-13037\",\n \"CVE-2017-13038\",\n \"CVE-2017-13039\",\n \"CVE-2017-13040\",\n \"CVE-2017-13041\",\n \"CVE-2017-13042\",\n \"CVE-2017-13043\",\n \"CVE-2017-13044\",\n \"CVE-2017-13045\",\n \"CVE-2017-13046\",\n \"CVE-2017-13047\",\n \"CVE-2017-13048\",\n \"CVE-2017-13049\",\n \"CVE-2017-13050\",\n \"CVE-2017-13051\",\n \"CVE-2017-13052\",\n \"CVE-2017-13053\",\n \"CVE-2017-13054\",\n \"CVE-2017-13055\",\n \"CVE-2017-13077\",\n \"CVE-2017-13078\",\n \"CVE-2017-13080\",\n \"CVE-2017-13687\",\n \"CVE-2017-13688\",\n \"CVE-2017-13689\",\n \"CVE-2017-13690\",\n \"CVE-2017-13725\",\n \"CVE-2017-13786\",\n \"CVE-2017-13799\",\n \"CVE-2017-13800\",\n \"CVE-2017-13801\",\n \"CVE-2017-13804\",\n \"CVE-2017-13808\",\n \"CVE-2017-13811\",\n \"CVE-2017-13852\",\n \"CVE-2017-13907\",\n \"CVE-2017-7170\",\n \"CVE-2018-4390\",\n \"CVE-2018-4391\"\n );\n script_bugtraq_id(\n 100249,\n 100286,\n 100913,\n 100914,\n 101274,\n 99938,\n 99939,\n 99940,\n 99941\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2017-10-31-2\");\n script_xref(name:\"IAVA\", value:\"2017-A-0310\");\n\n script_name(english:\"macOS 10.13.x < 10.13.1 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Mac OS X / macOS.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a macOS update that fixes multiple security\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X that is 10.13.x\nprior to 10.13.1. It is, therefore, affected by multiple\nvulnerabilities in the following components :\n\n - APFS\n - curl\n - Dictionary Widget\n - Kernel\n - StreamingZip\n - tcpdump\n - Wi-Fi\n\nNote that successful exploitation of the most serious issues can\nresult in arbitrary code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT208221\");\n # https://lists.apple.com/archives/security-announce/2017/Oct/msg00001.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3881783e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to macOS version 10.13.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-7170\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:macos\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n script_require_ports(\"Host/MacOSX/Version\", \"Host/OS\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os)\n{\n os = get_kb_item_or_exit(\"Host/OS\");\n if (\"Mac OS X\" >!< os) audit(AUDIT_OS_NOT, \"macOS / Mac OS X\");\n\n c = get_kb_item(\"Host/OS/Confidence\");\n if (c <= 70) exit(1, \"Can't determine the host's OS with sufficient confidence.\");\n}\nif (!os) audit(AUDIT_OS_NOT, \"macOS / Mac OS X\");\n\nmatches = pregmatch(pattern:\"Mac OS X ([0-9]+(\\.[0-9]+)+)\", string:os);\nif (empty_or_null(matches)) exit(1, \"Failed to parse the macOS / Mac OS X version ('\" + os + \"').\");\n\nversion = matches[1];\nfixed_version = \"10.13.1\";\n\nif (version !~\"^10\\.13($|[^0-9])\")\n audit(AUDIT_OS_NOT, \"macOS 10.13.x\");\n\nif (ver_compare(ver:version, fix:'10.13.1', strict:FALSE) == -1)\n{\n security_report_v4(\n port:0,\n severity:SECURITY_HOLE,\n extra:\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version +\n '\\n'\n );\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"macOS / Mac OS X\", version);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:48:59", "description": "An update of the tcpdump package has been released.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-07T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Tcpdump PHSA-2017-0034", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12893", "CVE-2017-12894", "CVE-2017-12895", "CVE-2017-12896", "CVE-2017-12897", "CVE-2017-12898", "CVE-2017-12899", "CVE-2017-12900", "CVE-2017-12901", "CVE-2017-12902", "CVE-2017-12989", "CVE-2017-12990", "CVE-2017-12995", "CVE-2017-12997"], "modified": "2019-02-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:tcpdump", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2017-0034_TCPDUMP.NASL", "href": "https://www.tenable.com/plugins/nessus/121732", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2017-0034. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121732);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2019/02/07\");\n\n script_cve_id(\n \"CVE-2017-12893\",\n \"CVE-2017-12894\",\n \"CVE-2017-12895\",\n \"CVE-2017-12896\",\n \"CVE-2017-12897\",\n \"CVE-2017-12898\",\n \"CVE-2017-12899\",\n \"CVE-2017-12900\",\n \"CVE-2017-12901\",\n \"CVE-2017-12902\",\n \"CVE-2017-12989\",\n \"CVE-2017-12990\",\n \"CVE-2017-12995\",\n \"CVE-2017-12997\"\n );\n\n script_name(english:\"Photon OS 1.0: Tcpdump PHSA-2017-0034\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the tcpdump package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-70.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-12895\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"tcpdump-4.9.2-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"tcpdump-4.9.2-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"tcpdump-4.9.2-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"tcpdump-4.9.2-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"tcpdump-4.9.2-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"tcpdump-4.9.2-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"tcpdump-4.9.2-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"tcpdump-4.9.2-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"tcpdump-4.9.2-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"tcpdump-4.9.2-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"tcpdump-4.9.2-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"tcpdump-4.9.2-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"tcpdump-4.9.2-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"tcpdump-4.9.2-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"tcpdump-debuginfo-4.9.2-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"tcpdump-debuginfo-4.9.2-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"tcpdump-debuginfo-4.9.2-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"tcpdump-debuginfo-4.9.2-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"tcpdump-debuginfo-4.9.2-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"tcpdump-debuginfo-4.9.2-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"tcpdump-debuginfo-4.9.2-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"tcpdump-debuginfo-4.9.2-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"tcpdump-debuginfo-4.9.2-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"tcpdump-debuginfo-4.9.2-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"tcpdump-debuginfo-4.9.2-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"tcpdump-debuginfo-4.9.2-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"tcpdump-debuginfo-4.9.2-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"tcpdump-debuginfo-4.9.2-1.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tcpdump\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:51:07", "description": "The remote SUSE Linux SLES11 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2019:14191-1 advisory.\n\n - The SMB/CIFS parser in tcpdump before 4.9.2 has a buffer over-read in smbutil.c:name_len().\n (CVE-2017-12893)\n\n - Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in addrtoname.c:lookup_bytestring(). (CVE-2017-12894)\n\n - The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:isakmp_rfc3948_print().\n (CVE-2017-12896)\n\n - The ISO CLNS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isoclns_print().\n (CVE-2017-12897)\n\n - The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:interp_reply().\n (CVE-2017-12898)\n\n - The DECnet parser in tcpdump before 4.9.2 has a buffer over-read in print-decnet.c:decnet_print().\n (CVE-2017-12899)\n\n - Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in util- print.c:tok2strbuf(). (CVE-2017-12900)\n\n - The EIGRP parser in tcpdump before 4.9.2 has a buffer over-read in print-eigrp.c:eigrp_print().\n (CVE-2017-12901)\n\n - The Zephyr parser in tcpdump before 4.9.2 has a buffer over-read in print-zephyr.c, several functions.\n (CVE-2017-12902)\n\n - The IPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-ip6.c:ip6_print().\n (CVE-2017-12985)\n\n - The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print().\n (CVE-2017-12986, CVE-2017-13725)\n\n - The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements().\n (CVE-2017-12987, CVE-2017-13008)\n\n - The telnet parser in tcpdump before 4.9.2 has a buffer over-read in print-telnet.c:telnet_parse().\n (CVE-2017-12988)\n\n - The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print().\n (CVE-2017-12991)\n\n - The RIPng parser in tcpdump before 4.9.2 has a buffer over-read in print-ripng.c:ripng_print().\n (CVE-2017-12992)\n\n - The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print-juniper.c, several functions. (CVE-2017-12993)\n\n - The DNS parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print- domain.c:ns_print(). (CVE-2017-12995)\n\n - The PIMv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c:pimv2_print().\n (CVE-2017-12996)\n\n - The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print- isoclns.c:isis_print_extd_ip_reach(). (CVE-2017-12998)\n\n - The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print().\n (CVE-2017-12999)\n\n - The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:nfs_printfh().\n (CVE-2017-13001)\n\n - The AODV parser in tcpdump before 4.9.2 has a buffer over-read in print-aodv.c:aodv_extension().\n (CVE-2017-13002)\n\n - The LMP parser in tcpdump before 4.9.2 has a buffer over-read in print-lmp.c:lmp_print(). (CVE-2017-13003)\n\n - The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print- juniper.c:juniper_parse_header(). (CVE-2017-13004)\n\n - The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:xid_map_enter().\n (CVE-2017-13005)\n\n - The L2TP parser in tcpdump before 4.9.2 has a buffer over-read in print-l2tp.c, several functions.\n (CVE-2017-13006)\n\n - The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print- mobility.c:mobility_print(). (CVE-2017-13009)\n\n - The BEEP parser in tcpdump before 4.9.2 has a buffer over-read in print-beep.c:l_strnstart().\n (CVE-2017-13010)\n\n - The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp.c:icmp_print().\n (CVE-2017-13012)\n\n - The ARP parser in tcpdump before 4.9.2 has a buffer over-read in print-arp.c, several functions.\n (CVE-2017-13013)\n\n - The White Board protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-wb.c:wb_prep(), several functions. (CVE-2017-13014)\n\n - The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esis_print().\n (CVE-2017-13016, CVE-2017-13047)\n\n - The DHCPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-dhcp6.c:dhcp6opt_print().\n (CVE-2017-13017)\n\n - The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print(). (CVE-2017-13018, CVE-2017-13019, CVE-2017-13034)\n\n - The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_print().\n (CVE-2017-13021)\n\n - The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printroute().\n (CVE-2017-13022)\n\n - The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print- mobility.c:mobility_opt_print(). (CVE-2017-13023, CVE-2017-13024, CVE-2017-13025)\n\n - The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_mgmt_addr_tlv_print().\n (CVE-2017-13027)\n\n - The BOOTP parser in tcpdump before 4.9.2 has a buffer over-read in print-bootp.c:bootp_print().\n (CVE-2017-13028)\n\n - The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:print_ccp_config_options().\n (CVE-2017-13029)\n\n - The PIM parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c, several functions.\n (CVE-2017-13030)\n\n - The IPv6 fragmentation header parser in tcpdump before 4.9.2 has a buffer over-read in print- frag6.c:frag6_print(). (CVE-2017-13031)\n\n - The RADIUS parser in tcpdump before 4.9.2 has a buffer over-read in print-radius.c:print_attr_string().\n (CVE-2017-13032)\n\n - The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_id().\n (CVE-2017-13035)\n\n - The OSPFv3 parser in tcpdump before 4.9.2 has a buffer over-read in print-ospf6.c:ospf6_decode_v3().\n (CVE-2017-13036)\n\n - The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printts(). (CVE-2017-13037)\n\n - The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:handle_mlppp().\n (CVE-2017-13038)\n\n - The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_nodeinfo_print().\n (CVE-2017-13041)\n\n - The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvp_obj_print().\n (CVE-2017-13048, CVE-2017-13051)\n\n - The Rx protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-rx.c:ubik_print().\n (CVE-2017-13049)\n\n - The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_rt_routing_info().\n (CVE-2017-13053)\n\n - The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print- isoclns.c:isis_print_is_reach_subtlv(). (CVE-2017-13055)\n\n - The Cisco HDLC parser in tcpdump before 4.9.2 has a buffer over-read in print-chdlc.c:chdlc_print().\n (CVE-2017-13687)\n\n - The OLSR parser in tcpdump before 4.9.2 has a buffer over-read in print-olsr.c:olsr_print().\n (CVE-2017-13688)\n\n - The IKEv1 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:ikev1_id_print().\n (CVE-2017-13689)\n\n - tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2). (CVE-2018-10103)\n\n - tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2). (CVE-2018-10105)\n\n - The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print().\n (CVE-2018-14461)\n\n - The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().\n (CVE-2018-14462)\n\n - The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print().\n (CVE-2018-14463)\n\n - The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print- lmp.c:lmp_print_data_link_subobjs(). (CVE-2018-14464)\n\n - The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().\n (CVE-2018-14465)\n\n - The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert(). (CVE-2018-14466)\n\n - The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP). (CVE-2018-14467)\n\n - The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().\n (CVE-2018-14468)\n\n - The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().\n (CVE-2018-14469)\n\n - The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART). (CVE-2018-14881)\n\n - The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c. (CVE-2018-14882)\n\n - The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().\n (CVE-2018-16229)\n\n - The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI). (CVE-2018-16230)\n\n - The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion. (CVE-2018-16300)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. (CVE-2018-16301)\n\n - The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN. (CVE-2018-16451)\n\n - The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion.\n (CVE-2018-16452)\n\n - lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.\n (CVE-2019-15166)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-06-10T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : tcpdump (SUSE-SU-2019:14191-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12893", "CVE-2017-12894", "CVE-2017-12896", "CVE-2017-12897", "CVE-2017-12898", "CVE-2017-12899", "CVE-2017-12900", "CVE-2017-12901", "CVE-2017-12902", "CVE-2017-12985", "CVE-2017-12986", "CVE-2017-12987", "CVE-2017-12988", "CVE-2017-12991", "CVE-2017-12992", "CVE-2017-12993", "CVE-2017-12995", "CVE-2017-12996", "CVE-2017-12998", "CVE-2017-12999", "CVE-2017-13001", "CVE-2017-13002", "CVE-2017-13003", "CVE-2017-13004", "CVE-2017-13005", "CVE-2017-13006", "CVE-2017-13008", "CVE-2017-13009", "CVE-2017-13010", "CVE-2017-13012", "CVE-2017-13013", "CVE-2017-13014", "CVE-2017-13016", "CVE-2017-13017", "CVE-2017-13018", "CVE-2017-13019", "CVE-2017-13021", "CVE-2017-13022", "CVE-2017-13023", "CVE-2017-13024", "CVE-2017-13025", "CVE-2017-13027", "CVE-2017-13028", "CVE-2017-13029", "CVE-2017-13030", "CVE-2017-13031", "CVE-2017-13032", "CVE-2017-13034", "CVE-2017-13035", "CVE-2017-13036", "CVE-2017-13037", "CVE-2017-13038", "CVE-2017-13041", "CVE-2017-13047", "CVE-2017-13048", "CVE-2017-13049", "CVE-2017-13051", "CVE-2017-13053", "CVE-2017-13055", "CVE-2017-13687", "CVE-2017-13688", "CVE-2017-13689", "CVE-2017-13725", "CVE-2018-10103", "CVE-2018-10105", "CVE-2018-14461", "CVE-2018-14462", "CVE-2018-14463", "CVE-2018-14464", "CVE-2018-14465", "CVE-2018-14466", "CVE-2018-14467", "CVE-2018-14468", "CVE-2018-14469", "CVE-2018-14881", "CVE-2018-14882", "CVE-2018-16229", "CVE-2018-16230", "CVE-2018-16300", "CVE-2018-16301", "CVE-2018-16451", "CVE-2018-16452", "CVE-2019-15166"], "modified": "2021-06-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:tcpdump", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2019-14191-1.NASL", "href": "https://www.tenable.com/plugins/nessus/150563", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2019:14191-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150563);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/10\");\n\n script_cve_id(\n \"CVE-2017-12893\",\n \"CVE-2017-12894\",\n \"CVE-2017-12896\",\n \"CVE-2017-12897\",\n \"CVE-2017-12898\",\n \"CVE-2017-12899\",\n \"CVE-2017-12900\",\n \"CVE-2017-12901\",\n \"CVE-2017-12902\",\n \"CVE-2017-12985\",\n \"CVE-2017-12986\",\n \"CVE-2017-12987\",\n \"CVE-2017-12988\",\n \"CVE-2017-12991\",\n \"CVE-2017-12992\",\n \"CVE-2017-12993\",\n \"CVE-2017-12995\",\n \"CVE-2017-12996\",\n \"CVE-2017-12998\",\n \"CVE-2017-12999\",\n \"CVE-2017-13001\",\n \"CVE-2017-13002\",\n \"CVE-2017-13003\",\n \"CVE-2017-13004\",\n \"CVE-2017-13005\",\n \"CVE-2017-13006\",\n \"CVE-2017-13008\",\n \"CVE-2017-13009\",\n \"CVE-2017-13010\",\n \"CVE-2017-13012\",\n \"CVE-2017-13013\",\n \"CVE-2017-13014\",\n \"CVE-2017-13016\",\n \"CVE-2017-13017\",\n \"CVE-2017-13018\",\n \"CVE-2017-13019\",\n \"CVE-2017-13021\",\n \"CVE-2017-13022\",\n \"CVE-2017-13023\",\n \"CVE-2017-13024\",\n \"CVE-2017-13025\",\n \"CVE-2017-13027\",\n \"CVE-2017-13028\",\n \"CVE-2017-13029\",\n \"CVE-2017-13030\",\n \"CVE-2017-13031\",\n \"CVE-2017-13032\",\n \"CVE-2017-13034\",\n \"CVE-2017-13035\",\n \"CVE-2017-13036\",\n \"CVE-2017-13037\",\n \"CVE-2017-13038\",\n \"CVE-2017-13041\",\n \"CVE-2017-13047\",\n \"CVE-2017-13048\",\n \"CVE-2017-13049\",\n \"CVE-2017-13051\",\n \"CVE-2017-13053\",\n \"CVE-2017-13055\",\n \"CVE-2017-13687\",\n \"CVE-2017-13688\",\n \"CVE-2017-13689\",\n \"CVE-2017-13725\",\n \"CVE-2018-10103\",\n \"CVE-2018-10105\",\n \"CVE-2018-14461\",\n \"CVE-2018-14462\",\n \"CVE-2018-14463\",\n \"CVE-2018-14464\",\n \"CVE-2018-14465\",\n \"CVE-2018-14466\",\n \"CVE-2018-14467\",\n \"CVE-2018-14468\",\n \"CVE-2018-14469\",\n \"CVE-2018-14881\",\n \"CVE-2018-14882\",\n \"CVE-2018-16229\",\n \"CVE-2018-16230\",\n \"CVE-2018-16300\",\n \"CVE-2018-16301\",\n \"CVE-2018-16451\",\n \"CVE-2018-16452\",\n \"CVE-2019-15166\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2019:14191-1\");\n\n script_name(english:\"SUSE SLES11 Security Update : tcpdump (SUSE-SU-2019:14191-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES11 host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2019:14191-1 advisory.\n\n - The SMB/CIFS parser in tcpdump before 4.9.2 has a buffer over-read in smbutil.c:name_len().\n (CVE-2017-12893)\n\n - Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in\n addrtoname.c:lookup_bytestring(). (CVE-2017-12894)\n\n - The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:isakmp_rfc3948_print().\n (CVE-2017-12896)\n\n - The ISO CLNS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isoclns_print().\n (CVE-2017-12897)\n\n - The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:interp_reply().\n (CVE-2017-12898)\n\n - The DECnet parser in tcpdump before 4.9.2 has a buffer over-read in print-decnet.c:decnet_print().\n (CVE-2017-12899)\n\n - Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in util-\n print.c:tok2strbuf(). (CVE-2017-12900)\n\n - The EIGRP parser in tcpdump before 4.9.2 has a buffer over-read in print-eigrp.c:eigrp_print().\n (CVE-2017-12901)\n\n - The Zephyr parser in tcpdump before 4.9.2 has a buffer over-read in print-zephyr.c, several functions.\n (CVE-2017-12902)\n\n - The IPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-ip6.c:ip6_print().\n (CVE-2017-12985)\n\n - The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print().\n (CVE-2017-12986, CVE-2017-13725)\n\n - The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements().\n (CVE-2017-12987, CVE-2017-13008)\n\n - The telnet parser in tcpdump before 4.9.2 has a buffer over-read in print-telnet.c:telnet_parse().\n (CVE-2017-12988)\n\n - The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print().\n (CVE-2017-12991)\n\n - The RIPng parser in tcpdump before 4.9.2 has a buffer over-read in print-ripng.c:ripng_print().\n (CVE-2017-12992)\n\n - The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print-juniper.c, several\n functions. (CVE-2017-12993)\n\n - The DNS parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-\n domain.c:ns_print(). (CVE-2017-12995)\n\n - The PIMv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c:pimv2_print().\n (CVE-2017-12996)\n\n - The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-\n isoclns.c:isis_print_extd_ip_reach(). (CVE-2017-12998)\n\n - The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print().\n (CVE-2017-12999)\n\n - The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:nfs_printfh().\n (CVE-2017-13001)\n\n - The AODV parser in tcpdump before 4.9.2 has a buffer over-read in print-aodv.c:aodv_extension().\n (CVE-2017-13002)\n\n - The LMP parser in tcpdump before 4.9.2 has a buffer over-read in print-lmp.c:lmp_print(). (CVE-2017-13003)\n\n - The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print-\n juniper.c:juniper_parse_header(). (CVE-2017-13004)\n\n - The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:xid_map_enter().\n (CVE-2017-13005)\n\n - The L2TP parser in tcpdump before 4.9.2 has a buffer over-read in print-l2tp.c, several functions.\n (CVE-2017-13006)\n\n - The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-\n mobility.c:mobility_print(). (CVE-2017-13009)\n\n - The BEEP parser in tcpdump before 4.9.2 has a buffer over-read in print-beep.c:l_strnstart().\n (CVE-2017-13010)\n\n - The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp.c:icmp_print().\n (CVE-2017-13012)\n\n - The ARP parser in tcpdump before 4.9.2 has a buffer over-read in print-arp.c, several functions.\n (CVE-2017-13013)\n\n - The White Board protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-wb.c:wb_prep(),\n several functions. (CVE-2017-13014)\n\n - The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esis_print().\n (CVE-2017-13016, CVE-2017-13047)\n\n - The DHCPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-dhcp6.c:dhcp6opt_print().\n (CVE-2017-13017)\n\n - The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print(). (CVE-2017-13018,\n CVE-2017-13019, CVE-2017-13034)\n\n - The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_print().\n (CVE-2017-13021)\n\n - The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printroute().\n (CVE-2017-13022)\n\n - The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-\n mobility.c:mobility_opt_print(). (CVE-2017-13023, CVE-2017-13024, CVE-2017-13025)\n\n - The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_mgmt_addr_tlv_print().\n (CVE-2017-13027)\n\n - The BOOTP parser in tcpdump before 4.9.2 has a buffer over-read in print-bootp.c:bootp_print().\n (CVE-2017-13028)\n\n - The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:print_ccp_config_options().\n (CVE-2017-13029)\n\n - The PIM parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c, several functions.\n (CVE-2017-13030)\n\n - The IPv6 fragmentation header parser in tcpdump before 4.9.2 has a buffer over-read in print-\n frag6.c:frag6_print(). (CVE-2017-13031)\n\n - The RADIUS parser in tcpdump before 4.9.2 has a buffer over-read in print-radius.c:print_attr_string().\n (CVE-2017-13032)\n\n - The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_id().\n (CVE-2017-13035)\n\n - The OSPFv3 parser in tcpdump before 4.9.2 has a buffer over-read in print-ospf6.c:ospf6_decode_v3().\n (CVE-2017-13036)\n\n - The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printts(). (CVE-2017-13037)\n\n - The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:handle_mlppp().\n (CVE-2017-13038)\n\n - The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_nodeinfo_print().\n (CVE-2017-13041)\n\n - The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvp_obj_print().\n (CVE-2017-13048, CVE-2017-13051)\n\n - The Rx protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-rx.c:ubik_print().\n (CVE-2017-13049)\n\n - The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_rt_routing_info().\n (CVE-2017-13053)\n\n - The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-\n isoclns.c:isis_print_is_reach_subtlv(). (CVE-2017-13055)\n\n - The Cisco HDLC parser in tcpdump before 4.9.2 has a buffer over-read in print-chdlc.c:chdlc_print().\n (CVE-2017-13687)\n\n - The OLSR parser in tcpdump before 4.9.2 has a buffer over-read in print-olsr.c:olsr_print().\n (CVE-2017-13688)\n\n - The IKEv1 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:ikev1_id_print().\n (CVE-2017-13689)\n\n - tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2). (CVE-2018-10103)\n\n - tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2). (CVE-2018-10105)\n\n - The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print().\n (CVE-2018-14461)\n\n - The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().\n (CVE-2018-14462)\n\n - The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print().\n (CVE-2018-14463)\n\n - The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-\n lmp.c:lmp_print_data_link_subobjs(). (CVE-2018-14464)\n\n - The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().\n (CVE-2018-14465)\n\n - The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and\n rx_cache_insert(). (CVE-2018-14466)\n\n - The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print()\n (BGP_CAPCODE_MP). (CVE-2018-14467)\n\n - The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().\n (CVE-2018-14468)\n\n - The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().\n (CVE-2018-14469)\n\n - The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print()\n (BGP_CAPCODE_RESTART). (CVE-2018-14881)\n\n - The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c. (CVE-2018-14882)\n\n - The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().\n (CVE-2018-16229)\n\n - The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print()\n (MP_REACH_NLRI). (CVE-2018-16230)\n\n - The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of\n unlimited recursion. (CVE-2018-16300)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by\n its CNA. Further investigation showed that it was not a security issue. Notes: none. (CVE-2018-16301)\n\n - The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for\n \\MAILSLOT\\BROWSE and \\PIPE\\LANMAN. (CVE-2018-16451)\n\n - The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion.\n (CVE-2018-16452)\n\n - lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.\n (CVE-2019-15166)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1057247\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1153098\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1153332\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-201914191-1.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e03f0e89\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-12893\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-12894\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-12896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-12897\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-12898\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-12899\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-12900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-12901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-12902\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-12985\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-12986\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-12987\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-12988\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-12991\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-12992\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-12993\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-12995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-12996\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-12998\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-12999\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-13001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-13002\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-13003\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-13004\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-13005\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-13006\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-13008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-13009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-13010\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-13012\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-13013\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-13014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-13016\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-13017\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-13018\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-13019\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-13021\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-13022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-13023\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-13024\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-13025\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-13027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-13028\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-13029\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-13030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-13031\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-13032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-13034\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-13035\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-13036\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-13037\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-13038\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-13041\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-13047\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-13048\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-13049\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-13051\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-13053\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-13055\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-13687\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-13688\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-13689\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-13725\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-10103\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-10105\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-14461\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-14462\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-14463\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-14464\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-14465\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-14466\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-14467\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-14468\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-14469\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-14881\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-14882\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-16229\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-16230\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-16300\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-16301\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-16451\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-16452\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15166\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected tcpdump package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16301\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES11', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\npkgs = [\n {'reference':'tcpdump-3.9.8-1.30.13', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'tcpdump-3.9.8-1.30.13', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n exists_check = NULL;\n rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release && exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n else if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'tcpdump');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:39:20", "description": "The remote host is running Mac OS X 10.11.6 or Mac OS X 10.12.6 and is missing a security update. It is therefore, affected by multiple vulnerabilities affecting the following components :\n\n - 802.1X\n - apache\n - AppleScript\n - ATS\n - Audio\n - CFString\n - CoreText\n - curl\n - Dictionary Widget\n - file\n - Fonts\n - fsck_msdos\n - HFS\n - Heimdal\n - HelpViewer\n - ImageIO\n - Kernel\n - libarchive\n - Open Scripting Architecture\n - PCRE\n - Postfix\n - Quick Look\n - QuickTime\n - Remote Management\n - Sandbox\n - StreamingZip\n - tcpdump\n - Wi-Fi", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-11-03T00:00:00", "type": "nessus", "title": "macOS and Mac OS X Multiple Vulnerabilities (Security Update 2017-001 and 2017-004)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0736", "CVE-2016-2161", "CVE-2016-4736", "CVE-2016-5387", "CVE-2016-8740", "CVE-2016-8743", "CVE-2017-1000100", "CVE-2017-1000101", "CVE-2017-10140", "CVE-2017-11103", "CVE-2017-11108", "CVE-2017-11541", "CVE-2017-11542", "CVE-2017-11543", "CVE-2017-12893", "CVE-2017-12894", "CVE-2017-12895", "CVE-2017-12896", "CVE-2017-12897", "CVE-2017-12898", "CVE-2017-12899", "CVE-2017-12900", "CVE-2017-12901", "CVE-2017-12902", "CVE-2017-12985", "CVE-2017-12986", "CVE-2017-12987", "CVE-2017-12988", "CVE-2017-12989", "CVE-2017-12990", "CVE-2017-12991", "CVE-2017-12992", "CVE-2017-12993", "CVE-2017-12994", "CVE-2017-12995", "CVE-2017-12996", "CVE-2017-12997", "CVE-2017-12998", "CVE-2017-12999", "CVE-2017-13000", "CVE-2017-13001", "CVE-2017-13002", "CVE-2017-13003", "CVE-2017-13004", "CVE-2017-13005", "CVE-2017-13006", "CVE-2017-13007", "CVE-2017-13008", "CVE-2017-13009", "CVE-2017-13010", "CVE-2017-13011", "CVE-2017-13012", "CVE-2017-13013", "CVE-2017-13014", "CVE-2017-13015", "CVE-2017-13016", "CVE-2017-13017", "CVE-2017-13018", "CVE-2017-13019", "CVE-2017-13020", "CVE-2017-13021", "CVE-2017-13022", "CVE-2017-13023", "CVE-2017-13024", "CVE-2017-13025", "CVE-2017-13026", "CVE-2017-13027", "CVE-2017-13028", "CVE-2017-13029", "CVE-2017-13030", "CVE-2017-13031", "CVE-2017-13032", "CVE-2017-13033", "CVE-2017-13034", "CVE-2017-13035", "CVE-2017-13036", "CVE-2017-13037", "CVE-2017-13038", "CVE-2017-13039", "CVE-2017-13040", "CVE-2017-13041", "CVE-2017-13042", "CVE-2017-13043", "CVE-2017-13044", "CVE-2017-13045", "CVE-2017-13046", "CVE-2017-13047", "CVE-2017-13048", "CVE-2017-13049", "CVE-2017-13050", "CVE-2017-13051", "CVE-2017-13052", "CVE-2017-13053", "CVE-2017-13054", "CVE-2017-13055", "CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13080", "CVE-2017-13687", "CVE-2017-13688", "CVE-2017-13689", "CVE-2017-13690", "CVE-2017-13725", "CVE-2017-13782", "CVE-2017-13799", "CVE-2017-13801", "CVE-2017-13804", "CVE-2017-13807", "CVE-2017-13808", "CVE-2017-13809", "CVE-2017-13810", "CVE-2017-13811", "CVE-2017-13812", "CVE-2017-13813", "CVE-2017-13814", "CVE-2017-13815", "CVE-2017-13817", "CVE-2017-13818", "CVE-2017-13819", "CVE-2017-13820", "CVE-2017-13821", "CVE-2017-13822", "CVE-2017-13823", "CVE-2017-13824", "CVE-2017-13825", "CVE-2017-13828", "CVE-2017-13829", "CVE-2017-13830", "CVE-2017-13831", "CVE-2017-13833", "CVE-2017-13834", "CVE-2017-13836", "CVE-2017-13838", "CVE-2017-13840", "CVE-2017-13841", "CVE-2017-13842", "CVE-2017-13843", "CVE-2017-13846", "CVE-2017-13906", "CVE-2017-13908", "CVE-2017-3167", "CVE-2017-3169", "CVE-2017-5130", "CVE-2017-5969", "CVE-2017-7132", "CVE-2017-7150", "CVE-2017-7170", "CVE-2017-7376", "CVE-2017-7659", "CVE-2017-7668", "CVE-2017-7679", "CVE-2017-9049", "CVE-2017-9050", "CVE-2017-9788", "CVE-2017-9789"], "modified": "2019-06-19T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x", "cpe:/o:apple:macos"], "id": "MACOSX_SECUPD2017-004.NASL", "href": "https://www.tenable.com/plugins/nessus/104379", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104379);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/06/19 15:17:43\");\n\n script_cve_id(\n \"CVE-2016-0736\",\n \"CVE-2016-2161\",\n \"CVE-2016-4736\",\n \"CVE-2016-5387\",\n \"CVE-2016-8740\",\n \"CVE-2016-8743\",\n \"CVE-2017-1000100\",\n \"CVE-2017-1000101\",\n \"CVE-2017-10140\",\n \"CVE-2017-11103\",\n \"CVE-2017-11108\",\n \"CVE-2017-11541\",\n \"CVE-2017-11542\",\n \"CVE-2017-11543\",\n \"CVE-2017-12893\",\n \"CVE-2017-12894\",\n \"CVE-2017-12895\",\n \"CVE-2017-12896\",\n \"CVE-2017-12897\",\n \"CVE-2017-12898\",\n \"CVE-2017-12899\",\n \"CVE-2017-12900\",\n \"CVE-2017-12901\",\n \"CVE-2017-12902\",\n \"CVE-2017-12985\",\n \"CVE-2017-12986\",\n \"CVE-2017-12987\",\n \"CVE-2017-12988\",\n \"CVE-2017-12989\",\n \"CVE-2017-12990\",\n \"CVE-2017-12991\",\n \"CVE-2017-12992\",\n \"CVE-2017-12993\",\n \"CVE-2017-12994\",\n \"CVE-2017-12995\",\n \"CVE-2017-12996\",\n \"CVE-2017-12997\",\n \"CVE-2017-12998\",\n \"CVE-2017-12999\",\n \"CVE-2017-13000\",\n \"CVE-2017-13001\",\n \"CVE-2017-13002\",\n \"CVE-2017-13003\",\n \"CVE-2017-13004\",\n \"CVE-2017-13005\",\n \"CVE-2017-13006\",\n \"CVE-2017-13007\",\n \"CVE-2017-13008\",\n \"CVE-2017-13009\",\n \"CVE-2017-13010\",\n \"CVE-2017-13011\",\n \"CVE-2017-13012\",\n \"CVE-2017-13013\",\n \"CVE-2017-13014\",\n \"CVE-2017-13015\",\n \"CVE-2017-13016\",\n \"CVE-2017-13017\",\n \"CVE-2017-13018\",\n \"CVE-2017-13019\",\n \"CVE-2017-13020\",\n \"CVE-2017-13021\",\n \"CVE-2017-13022\",\n \"CVE-2017-13023\",\n \"CVE-2017-13024\",\n \"CVE-2017-13025\",\n \"CVE-2017-13026\",\n \"CVE-2017-13027\",\n \"CVE-2017-13028\",\n \"CVE-2017-13029\",\n \"CVE-2017-13030\",\n \"CVE-2017-13031\",\n \"CVE-2017-13032\",\n \"CVE-2017-13033\",\n \"CVE-2017-13034\",\n \"CVE-2017-13035\",\n \"CVE-2017-13036\",\n \"CVE-2017-13037\",\n \"CVE-2017-13038\",\n \"CVE-2017-13039\",\n \"CVE-2017-13040\",\n \"CVE-2017-13041\",\n \"CVE-2017-13042\",\n \"CVE-2017-13043\",\n \"CVE-2017-13044\",\n \"CVE-2017-13045\",\n \"CVE-2017-13046\",\n \"CVE-2017-13047\",\n \"CVE-2017-13048\",\n \"CVE-2017-13049\",\n \"CVE-2017-13050\",\n \"CVE-2017-13051\",\n \"CVE-2017-13052\",\n \"CVE-2017-13053\",\n \"CVE-2017-13054\",\n \"CVE-2017-13055\",\n \"CVE-2017-13077\",\n \"CVE-2017-13078\",\n \"CVE-2017-13080\",\n \"CVE-2017-13687\",\n \"CVE-2017-13688\",\n \"CVE-2017-13689\",\n \"CVE-2017-13690\",\n \"CVE-2017-13725\",\n \"CVE-2017-13782\",\n \"CVE-2017-13799\",\n \"CVE-2017-13801\",\n \"CVE-2017-13804\",\n \"CVE-2017-13807\",\n \"CVE-2017-13808\",\n \"CVE-2017-13809\",\n \"CVE-2017-13810\",\n \"CVE-2017-13811\",\n \"CVE-2017-13812\",\n \"CVE-2017-13813\",\n \"CVE-2017-13814\",\n \"CVE-2017-13815\",\n \"CVE-2017-13817\",\n \"CVE-2017-13818\",\n \"CVE-2017-13819\",\n \"CVE-2017-13820\",\n \"CVE-2017-13821\",\n \"CVE-2017-13822\",\n \"CVE-2017-13823\",\n \"CVE-2017-13824\",\n \"CVE-2017-13825\",\n \"CVE-2017-13828\",\n \"CVE-2017-13829\",\n \"CVE-2017-13830\",\n \"CVE-2017-13831\",\n \"CVE-2017-13833\",\n \"CVE-2017-13834\",\n \"CVE-2017-13836\",\n \"CVE-2017-13838\",\n \"CVE-2017-13840\",\n \"CVE-2017-13841\",\n \"CVE-2017-13842\",\n \"CVE-2017-13843\",\n \"CVE-2017-13846\",\n \"CVE-2017-13906\",\n \"CVE-2017-13908\",\n \"CVE-2017-3167\",\n \"CVE-2017-3169\",\n \"CVE-2017-5130\",\n \"CVE-2017-5969\",\n \"CVE-2017-7132\",\n \"CVE-2017-7150\",\n \"CVE-2017-7170\",\n \"CVE-2017-7376\",\n \"CVE-2017-7659\",\n \"CVE-2017-7668\",\n \"CVE-2017-7679\",\n \"CVE-2017-9049\",\n \"CVE-2017-9050\",\n \"CVE-2017-9788\",\n \"CVE-2017-9789\"\n );\n script_bugtraq_id(\n 100249,\n 100286,\n 100913,\n 100914,\n 101177,\n 101274,\n 101482,\n 102100,\n 91816,\n 93055,\n 94650,\n 95076,\n 95077,\n 95078,\n 96188,\n 98568,\n 98601,\n 98877,\n 99132,\n 99134,\n 99135,\n 99137,\n 99170,\n 99551,\n 99568,\n 99569,\n 99938,\n 99939,\n 99940,\n 99941\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2017-10-31-2\");\n script_xref(name:\"IAVA\", value:\"2017-A-0310\");\n\n script_name(english:\"macOS and Mac OS X Multiple Vulnerabilities (Security Update 2017-001 and 2017-004)\");\n script_summary(english:\"Checks for the presence of Security Update 2017-004.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a macOS or Mac OS X security update that\nfixes multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running Mac OS X 10.11.6 or Mac OS X 10.12.6 and is\nmissing a security update. It is therefore, affected by multiple\nvulnerabilities affecting the following components :\n\n - 802.1X\n - apache\n - AppleScript\n - ATS\n - Audio\n - CFString\n - CoreText\n - curl\n - Dictionary Widget\n - file\n - Fonts\n - fsck_msdos\n - HFS\n - Heimdal\n - HelpViewer\n - ImageIO\n - Kernel\n - libarchive\n - Open Scripting Architecture\n - PCRE\n - Postfix\n - Quick Look\n - QuickTime\n - Remote Management\n - Sandbox\n - StreamingZip\n - tcpdump\n - Wi-Fi\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT208221\");\n # https://lists.apple.com/archives/security-announce/2017/Oct/msg00001.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3881783e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Install Security Update 2017-004 or later for 10.11.x or\nSecurity Update 2017-001 or later for 10.12.x.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-7376\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:macos\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# Compare 2 patch numbers to determine if patch requirements are satisfied.\n# Return true if this patch or a later patch is applied\n# Return false otherwise\nfunction check_patch(year, number)\n{\n local_var p_split = split(patch, sep:\"-\");\n local_var p_year = int( p_split[0]);\n local_var p_num = int( p_split[1]);\n\n if (year > p_year) return TRUE;\n else if (year < p_year) return FALSE;\n else if (number >= p_num) return TRUE;\n else return FALSE;\n}\n\nget_kb_item_or_exit(\"Host/local_checks_enabled\");\nos = get_kb_item_or_exit(\"Host/MacOSX/Version\");\n\nif (!preg(pattern:\"Mac OS X 10\\.(11\\.6|12\\.6)([^0-9]|$)\", string:os))\n audit(AUDIT_OS_NOT, \"Mac OS X 10.11.6 or Mac OS X 10.12.6\");\n\nif (\"10.11.6\" >< os)\n patch = \"2017-004\";\nelse\n patch = \"2017-001\";\n\npackages = get_kb_item_or_exit(\"Host/MacOSX/packages/boms\", exit_code:1);\nsec_boms_report = pgrep(\n pattern:\"^com\\.apple\\.pkg\\.update\\.(security\\.|os\\.SecUpd).*bom$\",\n string:packages\n);\nsec_boms = split(sec_boms_report, sep:'\\n');\n\nforeach package (sec_boms)\n{\n # Grab patch year and number\n match = pregmatch(pattern:\"[^0-9](20[0-9][0-9])[-.]([0-9]{3})[^0-9]\", string:package);\n if (empty_or_null(match[1]) || empty_or_null(match[2]))\n continue;\n\n patch_found = check_patch(year:int(match[1]), number:int(match[2]));\n if (patch_found) exit(0, \"The host has Security Update \" + patch + \" or later installed and is therefore not affected.\");\n}\n\nreport = '\\n Missing security update : ' + patch;\nreport += '\\n Installed security BOMs : ';\nif (sec_boms_report) report += str_replace(find:'\\n', replace:'\\n ', string:sec_boms_report);\nelse report += 'n/a';\nreport += '\\n';\n\nsecurity_report_v4(port:0, severity:SECURITY_HOLE, extra:report, xss:TRUE);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-18T15:36:10", "description": "This update for tcpdump fixes the following issues: Security issues fixed :\n\n - CVE-2017-11108: Crafted input allowed remote DoS (bsc#1047873)\n\n - CVE-2017-11541: Prevent a heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c (bsc#1057247).\n\n - CVE-2017-11542: Prevent a heap-based buffer over-read in the pimv1_print function in print-pim.c (bsc#1057247).\n\n - CVE-2017-11543: Prevent a buffer overflow in the sliplink_print function in print-sl.c (bsc#1057247).\n\n - CVE-2017-13011: Several protocol parsers in tcpdump could have caused a buffer overflow in util-print.c:bittok2str_internal() (bsc#1057247).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-10-11T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : tcpdump (SUSE-SU-2017:2690-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11108", "CVE-2017-11541", "CVE-2017-11542", "CVE-2017-11543", "CVE-2017-13011"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:tcpdump", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2017-2690-1.NASL", "href": "https://www.tenable.com/plugins/nessus/103769", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2690-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103769);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-11108\", \"CVE-2017-11541\", \"CVE-2017-11542\", \"CVE-2017-11543\", \"CVE-2017-13011\");\n\n script_name(english:\"SUSE SLES11 Security Update : tcpdump (SUSE-SU-2017:2690-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for tcpdump fixes the following issues: Security issues\nfixed :\n\n - CVE-2017-11108: Crafted input allowed remote DoS\n (bsc#1047873)\n\n - CVE-2017-11541: Prevent a heap-based buffer over-read in\n the lldp_print function in print-lldp.c, related to\n util-print.c (bsc#1057247).\n\n - CVE-2017-11542: Prevent a heap-based buffer over-read in\n the pimv1_print function in print-pim.c (bsc#1057247).\n\n - CVE-2017-11543: Prevent a buffer overflow in the\n sliplink_print function in print-sl.c (bsc#1057247).\n\n - CVE-2017-13011: Several protocol parsers in tcpdump\n could have caused a buffer overflow in\n util-print.c:bittok2str_internal() (bsc#1057247).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047873\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057247\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11108/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11541/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11542/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11543/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13011/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172690-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?42bdbfc6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-tcpdump-13305=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-tcpdump-13305=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"tcpdump-3.9.8-1.30.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tcpdump\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-18T15:35:35", "description": "Several vulnerabilities have been discovered in tcpdump, a command-line network traffic analyzer. These vulnerabilities might result in denial of service (application crash).\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 4.9.0-1~deb7u2.\n\nWe recommend that you upgrade your tcpdump packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-09-07T00:00:00", "type": "nessus", "title": "Debian DLA-1090-1 : tcpdump security update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11108", "CVE-2017-11541", "CVE-2017-11542", "CVE-2017-11543"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:tcpdump", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-1090.NASL", "href": "https://www.tenable.com/plugins/nessus/102982", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1090-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102982);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-11108\", \"CVE-2017-11541\", \"CVE-2017-11542\", \"CVE-2017-11543\");\n\n script_name(english:\"Debian DLA-1090-1 : tcpdump security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in tcpdump, a\ncommand-line network traffic analyzer. These vulnerabilities might\nresult in denial of service (application crash).\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n4.9.0-1~deb7u2.\n\nWe recommend that you upgrade your tcpdump packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/09/msg00006.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/tcpdump\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected tcpdump package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"tcpdump\", reference:\"4.9.0-1~deb7u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-17T23:50:15", "description": "According to the versions of the tcpdump package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - tcpdump 4.9.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packet data. The crash occurs in the EXTRACT_16BITS function, called from the stp_print function for the Spanning Tree Protocol.(CVE-2017-11108)\n\n - tcpdump 4.9.0 has a heap-based buffer over-read in the pimv1_print function in print-pim.c.(CVE-2017-11542)\n\n - tcpdump 4.9.0 has a heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c.(CVE-2017-11541)\n\n - tcpdump 4.9.0 has a buffer overflow in the sliplink_print function in print-sl.c.(CVE-2017-11543)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-12-04T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : tcpdump (EulerOS-SA-2019-2435)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11108", "CVE-2017-11541", "CVE-2017-11542", "CVE-2017-11543"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:tcpdump", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2435.NASL", "href": "https://www.tenable.com/plugins/nessus/131589", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131589);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-11108\",\n \"CVE-2017-11541\",\n \"CVE-2017-11542\",\n \"CVE-2017-11543\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : tcpdump (EulerOS-SA-2019-2435)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the tcpdump package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - tcpdump 4.9.0 allows remote attackers to cause a denial\n of service (heap-based buffer over-read and application\n crash) via crafted packet data. The crash occurs in the\n EXTRACT_16BITS function, called from the stp_print\n function for the Spanning Tree\n Protocol.(CVE-2017-11108)\n\n - tcpdump 4.9.0 has a heap-based buffer over-read in the\n pimv1_print function in print-pim.c.(CVE-2017-11542)\n\n - tcpdump 4.9.0 has a heap-based buffer over-read in the\n lldp_print function in print-lldp.c, related to\n util-print.c.(CVE-2017-11541)\n\n - tcpdump 4.9.0 has a buffer overflow in the\n sliplink_print function in print-sl.c.(CVE-2017-11543)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2435\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d089fb06\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected tcpdump packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"tcpdump-4.9.0-5.h176\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tcpdump\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-20T15:50:09", "description": "According to the versions of the tcpdump package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - tcpdump 4.9.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packet data. The crash occurs in the EXTRACT_16BITS function, called from the stp_print function for the Spanning Tree Protocol.(CVE-2017-11108)\n\n - tcpdump 4.9.0 has a buffer overflow in the sliplink_print function in print-sl.c.(CVE-2017-11543)\n\n - tcpdump 4.9.0 has a heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c.(CVE-2017-11541)\n\n - tcpdump 4.9.0 has a heap-based buffer over-read in the pimv1_print function in print-pim.c.(CVE-2017-11542)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-12-18T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : tcpdump (EulerOS-SA-2019-2674)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11108", "CVE-2017-11541", "CVE-2017-11542", "CVE-2017-11543"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:tcpdump", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2674.NASL", "href": "https://www.tenable.com/plugins/nessus/132209", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132209);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-11108\",\n \"CVE-2017-11541\",\n \"CVE-2017-11542\",\n \"CVE-2017-11543\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : tcpdump (EulerOS-SA-2019-2674)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the tcpdump package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - tcpdump 4.9.0 allows remote attackers to cause a denial\n of service (heap-based buffer over-read and application\n crash) via crafted packet data. The crash occurs in the\n EXTRACT_16BITS function, called from the stp_print\n function for the Spanning Tree\n Protocol.(CVE-2017-11108)\n\n - tcpdump 4.9.0 has a buffer overflow in the\n sliplink_print function in print-sl.c.(CVE-2017-11543)\n\n - tcpdump 4.9.0 has a heap-based buffer over-read in the\n lldp_print function in print-lldp.c, related to\n util-print.c.(CVE-2017-11541)\n\n - tcpdump 4.9.0 has a heap-based buffer over-read in the\n pimv1_print function in print-pim.c.(CVE-2017-11542)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2674\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f2765935\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected tcpdump packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"tcpdump-4.9.0-5.h177\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tcpdump\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-19T14:43:45", "description": "An update of [tcpdump] packages for PhotonOS has been released.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-08-17T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Tcpdump PHSA-2017-0033 (deprecated)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11541", "CVE-2017-11542", "CVE-2017-11543"], "modified": "2019-02-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:tcpdump", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2017-0033.NASL", "href": "https://www.tenable.com/plugins/nessus/111882", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2/7/2019\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2017-0033. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111882);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/02/07 18:59:50\");\n\n script_cve_id(\"CVE-2017-11541\", \"CVE-2017-11542\", \"CVE-2017-11543\");\n\n script_name(english:\"Photon OS 1.0: Tcpdump PHSA-2017-0033 (deprecated)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"This plugin has been deprecated.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of [tcpdump] packages for PhotonOS has been released.\");\n # https://github.com/vmware/photon/wiki/Security-Updates-67\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a58dc0ed\");\n script_set_attribute(attribute:\"solution\", value:\"n/a.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-11541\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated.\");\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\npkgs = [\n \"tcpdump-4.9.1-2.ph1\",\n \"tcpdump-debuginfo-4.9.1-2.ph1\"\n];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"PhotonOS-1.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tcpdump\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-18T14:45:57", "description": "An update of the tcpdump package has been released.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-07T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Tcpdump PHSA-2017-0033", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11541", "CVE-2017-11542", "CVE-2017-11543"], "modified": "2019-02-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:tcpdump", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2017-0033_TCPDUMP.NASL", "href": "https://www.tenable.com/plugins/nessus/121730", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2017-0033. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121730);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2019/02/07\");\n\n script_cve_id(\"CVE-2017-11541\", \"CVE-2017-11542\", \"CVE-2017-11543\");\n\n script_name(english:\"Photon OS 1.0: Tcpdump PHSA-2017-0033\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the tcpdump package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-67.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-11543\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:tcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"tcpdump-4.9.1-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"tcpdump-4.9.1-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"tcpdump-4.9.1-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"tcpdump-debuginfo-4.9.1-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"tcpdump-debuginfo-4.9.1-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"tcpdump-debuginfo-4.9.1-2.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tcpdump\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2020-01-27T18:35:45", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for tcpdump (EulerOS-SA-2017-1280)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13008", "CVE-2017-13038", "CVE-2017-13040", "CVE-2017-12902", "CVE-2017-12986", "CVE-2017-13036", "CVE-2017-13031", "CVE-2017-13037", "CVE-2017-13053", "CVE-2017-12998", "CVE-2017-13006", "CVE-2017-13049", "CVE-2017-13026", "CVE-2017-13017", "CVE-2017-12991", "CVE-2017-13016", "CVE-2017-12897", "CVE-2017-13051", "CVE-2017-13029", "CVE-2017-13035", "CVE-2017-13689", "CVE-2017-13027", "CVE-2017-13010", "CVE-2017-12900", "CVE-2017-13046", "CVE-2017-12901", "CVE-2017-13022", "CVE-2017-13019", "CVE-2017-13043", "CVE-2017-13054", "CVE-2017-13688", "CVE-2017-13050", "CVE-2017-12895", "CVE-2017-12997", "CVE-2017-13013", "CVE-2017-13048", "CVE-2017-12985", "CVE-2017-12996", "CVE-2017-13690", "CVE-2017-12992", "CVE-2017-13005", "CVE-2017-13014", "CVE-2017-13052", "CVE-2017-12993", "CVE-2017-12990", "CVE-2017-13725", "CVE-2017-13024", "CVE-2017-13028", "CVE-2017-13000", "CVE-2017-13041", "CVE-2017-13015", "CVE-2017-12988", "CVE-2017-13018", "CVE-2017-12999", "CVE-2017-13020", "CVE-2017-13032", "CVE-2017-13025", "CVE-2017-13011", "CVE-2017-13042", "CVE-2017-13003", "CVE-2017-13047", "CVE-2017-13012", "CVE-2017-13044", "CVE-2017-13004", "CVE-2017-13033", "CVE-2017-13009", "CVE-2017-13007", "CVE-2017-13055", "CVE-2017-13001", "CVE-2017-12987", "CVE-2017-13030", "CVE-2017-13023", "CVE-2017-13002", "CVE-2017-13039", "CVE-2017-12994", "CVE-2017-12995", "CVE-2017-12989", "CVE-2017-12894", "CVE-2017-13021", "CVE-2017-13045", "CVE-2017-13034"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171280", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171280", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1280\");\n script_version(\"2020-01-23T15:42:05+0000\");\n script_cve_id(\"CVE-2017-12894\", \"CVE-2017-12895\", \"CVE-2017-12897\", \"CVE-2017-12900\", \"CVE-2017-12901\", \"CVE-2017-12902\", \"CVE-2017-12985\", \"CVE-2017-12986\", \"CVE-2017-12987\", \"CVE-2017-12988\", \"CVE-2017-12989\", \"CVE-2017-12990\", \"CVE-2017-12991\", \"CVE-2017-12992\", \"CVE-2017-12993\", \"CVE-2017-12994\", \"CVE-2017-12995\", \"CVE-2017-12996\", \"CVE-2017-12997\", \"CVE-2017-12998\", \"CVE-2017-12999\", \"CVE-2017-13000\", \"CVE-2017-13001\", \"CVE-2017-13002\", \"CVE-2017-13003\", \"CVE-2017-13004\", \"CVE-2017-13005\", \"CVE-2017-13006\", \"CVE-2017-13007\", \"CVE-2017-13008\", \"CVE-2017-13009\", \"CVE-2017-13010\", \"CVE-2017-13011\", \"CVE-2017-13012\", \"CVE-2017-13013\", \"CVE-2017-13014\", \"CVE-2017-13015\", \"CVE-2017-13016\", \"CVE-2017-13017\", \"CVE-2017-13018\", \"CVE-2017-13019\", \"CVE-2017-13020\", \"CVE-2017-13021\", \"CVE-2017-13022\", \"CVE-2017-13023\", \"CVE-2017-13024\", \"CVE-2017-13025\", \"CVE-2017-13026\", \"CVE-2017-13027\", \"CVE-2017-13028\", \"CVE-2017-13029\", \"CVE-2017-13030\", \"CVE-2017-13031\", \"CVE-2017-13032\", \"CVE-2017-13033\", \"CVE-2017-13034\", \"CVE-2017-13035\", \"CVE-2017-13036\", \"CVE-2017-13037\", \"CVE-2017-13038\", \"CVE-2017-13039\", \"CVE-2017-13040\", \"CVE-2017-13041\", \"CVE-2017-13042\", \"CVE-2017-13043\", \"CVE-2017-13044\", \"CVE-2017-13045\", \"CVE-2017-13046\", \"CVE-2017-13047\", \"CVE-2017-13048\", \"CVE-2017-13049\", \"CVE-2017-13050\", \"CVE-2017-13051\", \"CVE-2017-13052\", \"CVE-2017-13053\", \"CVE-2017-13054\", \"CVE-2017-13055\", \"CVE-2017-13688\", \"CVE-2017-13689\", \"CVE-2017-13690\", \"CVE-2017-13725\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 15:42:05 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:03:00 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for tcpdump (EulerOS-SA-2017-1280)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1280\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1280\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'tcpdump' package(s) announced via the EulerOS-SA-2017-1280 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvp_obj_print().(CVE-2017-13048)\n\nThe ARP parser in tcpdump before 4.9.2 has a buffer over-read in print-arp.c, several functions.(CVE-2017-13013)\n\nThe VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print().(CVE-2017-13033)\n\nThe OSPFv3 parser in tcpdump before 4.9.2 has a buffer over-read in print-ospf6.c:ospf6_decode_v3().(CVE-2017-13036)\n\nThe ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esis_print().(CVE-2017-13047)\n\nThe IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print().(CVE-2017-13025)\n\nThe PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print().(CVE-2017-13019)\n\nThe IPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-ip6.c:ip6_print().(CVE-2017-12985)\n\nThe IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print().(CVE-2017-13725)\n\nThe telnet parser in tcpdump before 4.9.2 has a buffer over-read in print-telnet.c:telnet_parse().(CVE-2017-12988)\n\nThe BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print().(CVE-2017-12991)\n\nThe MPTCP parser in tcpdump before 4.9.2 has a buffer over-read in print-mptcp.c, several functions.(CVE-2017-13040)\n\nThe PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:print_ccp_config_options().(CVE-2017-13029)\n\nThe IEEE 802.15.4 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_15_4.c:ieee802_15_4_if_print().(CVE-2017-13000)\n\nThe IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printroute().(CVE-2017-13022)\n\nThe ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions.(CVE-2017-13039)\n\nThe IPv6 fragmentation header parser in tcpdump before 4.9.2 has a buffer over-read in print-frag6.c:frag6_print().(CVE-2017-13031)\n\nThe PIM parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c, several functions.(CVE-2017-13030)\n\nThe BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print().(CVE-2017-12994)\n\nThe BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_multicast_vpn().(CVE-2017-13043)\n\nThe VQP parser in tcpdump before 4.9.2 has a buffer over-read in print-vqp.c:vqp_print().(CVE-2017-13045)\n\nThe LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_private_8023_print().(CVE-2017-13054, CVE-2017-12998, CVE-2017-13014, CVE-2017-13037, CVE-2017-13690 ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'tcpdump' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"tcpdump\", rpm:\"tcpdump~4.9.0~5.h175\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:35:25", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for tcpdump (EulerOS-SA-2017-1281)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13008", "CVE-2017-13038", "CVE-2017-13040", "CVE-2017-12902", "CVE-2017-12986", "CVE-2017-13036", "CVE-2017-13031", "CVE-2017-13037", "CVE-2017-13053", "CVE-2017-12998", "CVE-2017-13006", "CVE-2017-13049", "CVE-2017-13026", "CVE-2017-13017", "CVE-2017-12991", "CVE-2017-13016", "CVE-2017-12897", "CVE-2017-13051", "CVE-2017-13029", "CVE-2017-13035", "CVE-2017-13689", "CVE-2017-13027", "CVE-2017-13010", "CVE-2017-12900", "CVE-2017-13046", "CVE-2017-12901", "CVE-2017-13022", "CVE-2017-13019", "CVE-2017-13043", "CVE-2017-13054", "CVE-2017-13688", "CVE-2017-13050", "CVE-2017-12895", "CVE-2017-12997", "CVE-2017-13013", "CVE-2017-13048", "CVE-2017-12985", "CVE-2017-12996", "CVE-2017-13690", "CVE-2017-12992", "CVE-2017-13005", "CVE-2017-13014", "CVE-2017-13052", "CVE-2017-12993", "CVE-2017-12990", "CVE-2017-13725", "CVE-2017-13024", "CVE-2017-13028", "CVE-2017-13000", "CVE-2017-13041", "CVE-2017-13015", "CVE-2017-12988", "CVE-2017-13018", "CVE-2017-12999", "CVE-2017-13020", "CVE-2017-13032", "CVE-2017-13025", "CVE-2017-13011", "CVE-2017-13042", "CVE-2017-13003", "CVE-2017-13047", "CVE-2017-13012", "CVE-2017-13044", "CVE-2017-13004", "CVE-2017-13033", "CVE-2017-13009", "CVE-2017-13007", "CVE-2017-13055", "CVE-2017-13001", "CVE-2017-12987", "CVE-2017-13030", "CVE-2017-13023", "CVE-2017-13002", "CVE-2017-13039", "CVE-2017-12994", "CVE-2017-12995", "CVE-2017-12989", "CVE-2017-12894", "CVE-2017-13021", "CVE-2017-13045", "CVE-2017-13034"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171281", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171281", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1281\");\n script_version(\"2020-01-23T15:42:05+0000\");\n script_cve_id(\"CVE-2017-12894\", \"CVE-2017-12895\", \"CVE-2017-12897\", \"CVE-2017-12900\", \"CVE-2017-12901\", \"CVE-2017-12902\", \"CVE-2017-12985\", \"CVE-2017-12986\", \"CVE-2017-12987\", \"CVE-2017-12988\", \"CVE-2017-12989\", \"CVE-2017-12990\", \"CVE-2017-12991\", \"CVE-2017-12992\", \"CVE-2017-12993\", \"CVE-2017-12994\", \"CVE-2017-12995\", \"CVE-2017-12996\", \"CVE-2017-12997\", \"CVE-2017-12998\", \"CVE-2017-12999\", \"CVE-2017-13000\", \"CVE-2017-13001\", \"CVE-2017-13002\", \"CVE-2017-13003\", \"CVE-2017-13004\", \"CVE-2017-13005\", \"CVE-2017-13006\", \"CVE-2017-13007\", \"CVE-2017-13008\", \"CVE-2017-13009\", \"CVE-2017-13010\", \"CVE-2017-13011\", \"CVE-2017-13012\", \"CVE-2017-13013\", \"CVE-2017-13014\", \"CVE-2017-13015\", \"CVE-2017-13016\", \"CVE-2017-13017\", \"CVE-2017-13018\", \"CVE-2017-13019\", \"CVE-2017-13020\", \"CVE-2017-13021\", \"CVE-2017-13022\", \"CVE-2017-13023\", \"CVE-2017-13024\", \"CVE-2017-13025\", \"CVE-2017-13026\", \"CVE-2017-13027\", \"CVE-2017-13028\", \"CVE-2017-13029\", \"CVE-2017-13030\", \"CVE-2017-13031\", \"CVE-2017-13032\", \"CVE-2017-13033\", \"CVE-2017-13034\", \"CVE-2017-13035\", \"CVE-2017-13036\", \"CVE-2017-13037\", \"CVE-2017-13038\", \"CVE-2017-13039\", \"CVE-2017-13040\", \"CVE-2017-13041\", \"CVE-2017-13042\", \"CVE-2017-13043\", \"CVE-2017-13044\", \"CVE-2017-13045\", \"CVE-2017-13046\", \"CVE-2017-13047\", \"CVE-2017-13048\", \"CVE-2017-13049\", \"CVE-2017-13050\", \"CVE-2017-13051\", \"CVE-2017-13052\", \"CVE-2017-13053\", \"CVE-2017-13054\", \"CVE-2017-13055\", \"CVE-2017-13688\", \"CVE-2017-13689\", \"CVE-2017-13690\", \"CVE-2017-13725\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 15:42:05 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:04:12 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for tcpdump (EulerOS-SA-2017-1281)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1281\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1281\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'tcpdump' package(s) announced via the EulerOS-SA-2017-1281 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvp_obj_print().(CVE-2017-13048)\n\nThe ARP parser in tcpdump before 4.9.2 has a buffer over-read in print-arp.c, several functions.(CVE-2017-13013)\n\nThe VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print().(CVE-2017-13033)\n\nThe OSPFv3 parser in tcpdump before 4.9.2 has a buffer over-read in print-ospf6.c:ospf6_decode_v3().(CVE-2017-13036)\n\nThe ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esis_print().(CVE-2017-13047)\n\nThe IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print().(CVE-2017-13025)\n\nThe PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print().(CVE-2017-13019)\n\nThe IPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-ip6.c:ip6_print().(CVE-2017-12985)\n\nThe IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print().(CVE-2017-13725)\n\nThe telnet parser in tcpdump before 4.9.2 has a buffer over-read in print-telnet.c:telnet_parse().(CVE-2017-12988)\n\nThe BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print().(CVE-2017-12991)\n\nThe MPTCP parser in tcpdump before 4.9.2 has a buffer over-read in print-mptcp.c, several functions.(CVE-2017-13040)\n\nThe PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:print_ccp_config_options().(CVE-2017-13029)\n\nThe IEEE 802.15.4 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_15_4.c:ieee802_15_4_if_print().(CVE-2017-13000)\n\nThe IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printroute().(CVE-2017-13022)\n\nThe ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions.(CVE-2017-13039)\n\nThe IPv6 fragmentation header parser in tcpdump before 4.9.2 has a buffer over-read in print-frag6.c:frag6_print().(CVE-2017-13031)\n\nThe PIM parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c, several functions.(CVE-2017-13030)\n\nThe BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print().(CVE-2017-12994)\n\nThe BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_multicast_vpn().(CVE-2017-13043)\n\nThe VQP parser in tcpdump before 4.9.2 has a buffer over-read in print-vqp.c:vqp_print().(CVE-2017-13045)\n\nThe LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_private_8023_print().(CVE-2017-13054, CVE-2017-12998, CVE-2017-13014, CVE-2017-13037, CVE-2017-13690 ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'tcpdump' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"tcpdump\", rpm:\"tcpdump~4.9.0~5.h175\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-29T20:07:14", "description": "Several vulnerabilities have been discovered in tcpdump, a command-line\nnetwork traffic analyzer. These vulnerabilities might result in denial\nof service or, potentially, execution of arbitrary code.", "cvss3": {}, "published": "2018-02-07T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for tcpdump (DLA-1097-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13008", "CVE-2017-13038", "CVE-2017-13040", "CVE-2017-12902", "CVE-2017-12986", "CVE-2017-13036", "CVE-2017-13031", "CVE-2017-12896", "CVE-2017-12893", "CVE-2017-13037", "CVE-2017-13053", "CVE-2017-12998", "CVE-2017-13006", "CVE-2017-13049", "CVE-2017-13026", "CVE-2017-13017", "CVE-2017-13687", "CVE-2017-12991", "CVE-2017-13016", "CVE-2017-12897", "CVE-2017-13051", "CVE-2017-13029", "CVE-2017-13035", "CVE-2017-13689", "CVE-2017-13027", "CVE-2017-13010", "CVE-2017-12900", "CVE-2017-13046", "CVE-2017-12901", "CVE-2017-13022", "CVE-2017-13019", "CVE-2017-13043", "CVE-2017-13054", "CVE-2017-13688", "CVE-2017-13050", "CVE-2017-12895", "CVE-2017-12997", "CVE-2017-13013", "CVE-2017-13048", "CVE-2017-12985", "CVE-2017-12996", "CVE-2017-13690", "CVE-2017-12992", "CVE-2017-13005", "CVE-2017-13014", "CVE-2017-13052", "CVE-2017-12993", "CVE-2017-12990", "CVE-2017-13725", "CVE-2017-13024", "CVE-2017-13028", "CVE-2017-13000", "CVE-2017-13041", "CVE-2017-13015", "CVE-2017-12988", "CVE-2017-13018", "CVE-2017-12999", "CVE-2017-12899", "CVE-2017-13020", "CVE-2017-13032", "CVE-2017-13025", "CVE-2017-13011", "CVE-2017-13042", "CVE-2017-13003", "CVE-2017-13047", "CVE-2017-13012", "CVE-2017-13044", "CVE-2017-13004", "CVE-2017-13033", "CVE-2017-13009", "CVE-2017-13007", "CVE-2017-13055", "CVE-2017-13001", "CVE-2017-12987", "CVE-2017-13030", "CVE-2017-13023", "CVE-2017-13002", "CVE-2017-13039", "CVE-2017-12994", "CVE-2017-12995", "CVE-2017-12989", "CVE-2017-12894", "CVE-2017-13021", "CVE-2017-12898", "CVE-2017-13045", "CVE-2017-13034"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891097", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891097", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891097\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-12893\", \"CVE-2017-12894\", \"CVE-2017-12895\", \"CVE-2017-12896\", \"CVE-2017-12897\", \"CVE-2017-12898\", \"CVE-2017-12899\", \"CVE-2017-12900\", \"CVE-2017-12901\", \"CVE-2017-12902\", \"CVE-2017-12985\", \"CVE-2017-12986\", \"CVE-2017-12987\", \"CVE-2017-12988\", \"CVE-2017-12989\", \"CVE-2017-12990\", \"CVE-2017-12991\", \"CVE-2017-12992\", \"CVE-2017-12993\", \"CVE-2017-12994\", \"CVE-2017-12995\", \"CVE-2017-12996\", \"CVE-2017-12997\", \"CVE-2017-12998\", \"CVE-2017-12999\", \"CVE-2017-13000\", \"CVE-2017-13001\", \"CVE-2017-13002\", \"CVE-2017-13003\", \"CVE-2017-13004\", \"CVE-2017-13005\", \"CVE-2017-13006\", \"CVE-2017-13007\", \"CVE-2017-13008\", \"CVE-2017-13009\", \"CVE-2017-13010\", \"CVE-2017-13011\", \"CVE-2017-13012\", \"CVE-2017-13013\", \"CVE-2017-13014\", \"CVE-2017-13015\", \"CVE-2017-13016\", \"CVE-2017-13017\", \"CVE-2017-13018\", \"CVE-2017-13019\", \"CVE-2017-13020\", \"CVE-2017-13021\", \"CVE-2017-13022\", \"CVE-2017-13023\", \"CVE-2017-13024\", \"CVE-2017-13025\", \"CVE-2017-13026\", \"CVE-2017-13027\", \"CVE-2017-13028\", \"CVE-2017-13029\", \"CVE-2017-13030\", \"CVE-2017-13031\", \"CVE-2017-13032\", \"CVE-2017-13033\", \"CVE-2017-13034\", \"CVE-2017-13035\", \"CVE-2017-13036\", \"CVE-2017-13037\", \"CVE-2017-13038\", \"CVE-2017-13039\", \"CVE-2017-13040\", \"CVE-2017-13041\", \"CVE-2017-13042\", \"CVE-2017-13043\", \"CVE-2017-13044\", \"CVE-2017-13045\", \"CVE-2017-13046\", \"CVE-2017-13047\", \"CVE-2017-13048\", \"CVE-2017-13049\", \"CVE-2017-13050\", \"CVE-2017-13051\", \"CVE-2017-13052\", \"CVE-2017-13053\", \"CVE-2017-13054\", \"CVE-2017-13055\", \"CVE-2017-13687\", \"CVE-2017-13688\", \"CVE-2017-13689\", \"CVE-2017-13690\", \"CVE-2017-13725\");\n script_name(\"Debian LTS: Security Advisory for tcpdump (DLA-1097-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-02-07 00:00:00 +0100 (Wed, 07 Feb 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/09/msg00014.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"tcpdump on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n4.9.2-1~deb7u1.\n\nWe recommend that you upgrade your tcpdump packages.\");\n\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been discovered in tcpdump, a command-line\nnetwork traffic analyzer. These vulnerabilities might result in denial\nof service or, potentially, execution of arbitrary code.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"tcpdump\", ver:\"4.9.2-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:40", "description": "This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2017-11-02T00:00:00", "type": "openvas", "title": "Apple MacOSX Multiple Vulnerabilities - 01 HT208221", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13008", "CVE-2017-13038", "CVE-2017-13040", "CVE-2017-12902", "CVE-2017-12986", "CVE-2017-13036", "CVE-2017-13031", "CVE-2017-12896", "CVE-2017-12893", "CVE-2017-13037", "CVE-2017-13053", "CVE-2017-13799", "CVE-2017-12998", "CVE-2017-13006", "CVE-2017-11543", "CVE-2017-13049", "CVE-2017-13026", "CVE-2017-13017", "CVE-2017-13687", "CVE-2017-12991", "CVE-2017-13016", "CVE-2017-12897", "CVE-2017-13051", "CVE-2017-13029", "CVE-2017-13035", "CVE-2017-13689", "CVE-2017-13027", "CVE-2017-13010", "CVE-2017-12900", "CVE-2017-13046", "CVE-2017-12901", "CVE-2017-13022", "CVE-2017-13019", "CVE-2017-13043", "CVE-2017-11108", "CVE-2017-13054", "CVE-2017-13688", "CVE-2017-13050", "CVE-2017-12895", "CVE-2017-12997", "CVE-2017-13013", "CVE-2017-13048", "CVE-2017-12985", "CVE-2017-12996", "CVE-2017-13690", "CVE-2017-12992", "CVE-2017-13005", "CVE-2017-13014", "CVE-2017-13052", "CVE-2017-12993", "CVE-2017-12990", "CVE-2017-13725", "CVE-2017-13024", "CVE-2017-11542", "CVE-2017-13028", "CVE-2017-11541", "CVE-2017-13000", "CVE-2017-13041", "CVE-2017-13015", "CVE-2017-12988", "CVE-2017-13018", "CVE-2017-12999", "CVE-2017-12899", "CVE-2017-13020", "CVE-2017-13032", "CVE-2017-13025", "CVE-2017-13011", "CVE-2017-13042", "CVE-2017-13003", "CVE-2017-13047", "CVE-2017-13012", "CVE-2017-13044", "CVE-2017-13004", "CVE-2017-13033", "CVE-2017-13009", "CVE-2017-13007", "CVE-2017-13055", "CVE-2017-13001", "CVE-2017-12987", "CVE-2017-13030", "CVE-2017-13023", "CVE-2017-13002", "CVE-2017-13039", "CVE-2017-12994", "CVE-2017-12995", "CVE-2017-12989", "CVE-2017-12894", "CVE-2017-13021", "CVE-2017-12898", "CVE-2017-13045", "CVE-2017-13034"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310811961", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811961", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apple_macosx_mult_vuln01_HT208221.nasl 14295 2019-03-18 20:16:46Z cfischer $\n#\n# Apple MacOSX Multiple Vulnerabilities - 01 HT208221\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811961\");\n script_version(\"$Revision: 14295 $\");\n script_cve_id(\"CVE-2017-13799\", \"CVE-2017-11108\", \"CVE-2017-11541\", \"CVE-2017-11542\",\n \t\t\"CVE-2017-11543\", \"CVE-2017-12893\", \"CVE-2017-12894\", \"CVE-2017-12895\",\n\t\t\"CVE-2017-12896\", \"CVE-2017-12897\", \"CVE-2017-12898\", \"CVE-2017-12899\",\n\t\t\"CVE-2017-12900\", \"CVE-2017-12901\", \"CVE-2017-12902\", \"CVE-2017-12985\",\n\t\t\"CVE-2017-12986\", \"CVE-2017-12987\", \"CVE-2017-12988\", \"CVE-2017-12989\",\n\t\t\"CVE-2017-12990\", \"CVE-2017-12991\", \"CVE-2017-12992\", \"CVE-2017-12993\",\n\t\t\"CVE-2017-12994\", \"CVE-2017-12995\", \"CVE-2017-12996\", \"CVE-2017-12997\",\n\t\t\"CVE-2017-12998\", \"CVE-2017-12999\", \"CVE-2017-13000\", \"CVE-2017-13001\",\n\t\t\"CVE-2017-13002\", \"CVE-2017-13003\", \"CVE-2017-13004\", \"CVE-2017-13005\",\n\t\t\"CVE-2017-13006\", \"CVE-2017-13007\", \"CVE-2017-13008\", \"CVE-2017-13009\",\n\t\t\"CVE-2017-13010\", \"CVE-2017-13011\", \"CVE-2017-13012\", \"CVE-2017-13013\",\n\t\t\"CVE-2017-13014\", \"CVE-2017-13015\", \"CVE-2017-13016\", \"CVE-2017-13017\",\n\t\t\"CVE-2017-13018\", \"CVE-2017-13019\", \"CVE-2017-13020\", \"CVE-2017-13021\",\n\t\t\"CVE-2017-13022\", \"CVE-2017-13023\", \"CVE-2017-13024\", \"CVE-2017-13025\",\n\t\t\"CVE-2017-13026\", \"CVE-2017-13027\", \"CVE-2017-13028\", \"CVE-2017-13029\",\n\t\t\"CVE-2017-13030\", \"CVE-2017-13031\", \"CVE-2017-13032\", \"CVE-2017-13033\",\n\t\t\"CVE-2017-13034\", \"CVE-2017-13035\", \"CVE-2017-13036\", \"CVE-2017-13037\",\n\t\t\"CVE-2017-13038\", \"CVE-2017-13039\", \"CVE-2017-13040\", \"CVE-2017-13041\",\n\t\t\"CVE-2017-13042\", \"CVE-2017-13043\", \"CVE-2017-13044\", \"CVE-2017-13045\",\n\t\t\"CVE-2017-13046\", \"CVE-2017-13047\", \"CVE-2017-13048\", \"CVE-2017-13049\",\n\t\t\"CVE-2017-13050\", \"CVE-2017-13051\", \"CVE-2017-13052\", \"CVE-2017-13053\",\n\t\t\"CVE-2017-13054\", \"CVE-2017-13055\", \"CVE-2017-13687\", \"CVE-2017-13688\",\n\t\t\"CVE-2017-13689\", \"CVE-2017-13690\", \"CVE-2017-13725\");\n script_bugtraq_id(99938, 99941, 99940, 99939, 100913, 100914);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 21:16:46 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-02 12:40:42 +0530 (Thu, 02 Nov 2017)\");\n script_name(\"Apple MacOSX Multiple Vulnerabilities - 01 HT208221\");\n\n script_tag(name:\"summary\", value:\"This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Multiple issues in tcpdump.\n\n - A memory corruption issue.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker\n to execute arbitrary code with system privileges and disclose sensitive information.\");\n\n script_tag(name:\"affected\", value:\"Apple Mac OS X version 10.13, 10.12.x\n through 10.12.6\");\n\n script_tag(name:\"solution\", value:\"For Apple Mac OS X version 10.13 update to\n version 10.13.1 and for versions 10.12.x through 10.12.6 apply the appropriate\n security patch from the reference links.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT208221\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.1[23]\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName)\n exit(0);\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer || osVer !~ \"^10\\.1[23]\" || \"Mac OS X\" >!< osName){\n exit(0);\n}\n\n# if 10.12.x before 10.12.6 is running, update to 10.12.6 first and then apply patch\nif(osVer =~ \"^10\\.12\")\n{\n if(version_in_range(version:osVer, test_version:\"10.12\", test_version2:\"10.12.5\")){\n fix = \"Upgrade to latest OS release and apply patch from vendor\";\n }\n\n else if(osVer == \"10.12.6\")\n {\n buildVer = get_kb_item(\"ssh/login/osx_build\");\n # applying patch on 10.12.6 will upgrade build version to 16G1036\n # http://www.xlr8yourmac.com/index.html#MacNvidiaDriverUpdates\n if(buildVer)\n {\n if(version_is_less(version:buildVer, test_version:\"16G1036\"))\n {\n fix = \"Apply patch from vendor\";\n osVer = osVer + \" Build \" + buildVer;\n }\n }\n }\n}\n\nelse if(osVer == \"10.13\"){\n fix = \"10.13.1\";\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:osVer, fixed_version:fix);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:29", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-14T00:00:00", "type": "openvas", "title": "Ubuntu Update for tcpdump USN-3415-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13008", "CVE-2017-13038", "CVE-2017-13040", "CVE-2017-12902", "CVE-2017-12986", "CVE-2017-13036", "CVE-2017-13031", "CVE-2017-12896", "CVE-2017-12893", "CVE-2017-13037", "CVE-2017-13053", "CVE-2017-12998", "CVE-2017-13006", "CVE-2017-11543", "CVE-2017-13049", "CVE-2017-13026", "CVE-2017-13017", "CVE-2017-13687", "CVE-2017-12991", "CVE-2017-13016", "CVE-2017-12897", "CVE-2017-13051", "CVE-2017-13029", "CVE-2017-13035", "CVE-2017-13689", "CVE-2017-13027", "CVE-2017-13010", "CVE-2017-12900", "CVE-2017-13046", "CVE-2017-12901", "CVE-2017-13022", "CVE-2017-13019", "CVE-2017-13043", "CVE-2017-11108", "CVE-2017-13054", "CVE-2017-13688", "CVE-2017-13050", "CVE-2017-12895", "CVE-2017-12997", "CVE-2017-13013", "CVE-2017-13048", "CVE-2017-12985", "CVE-2017-12996", "CVE-2017-13690", "CVE-2017-12992", "CVE-2017-13005", "CVE-2017-13014", "CVE-2017-13052", "CVE-2017-12993", "CVE-2017-12990", "CVE-2017-13725", "CVE-2017-13024", "CVE-2017-11542", "CVE-2017-13028", "CVE-2017-11541", "CVE-2017-13000", "CVE-2017-13041", "CVE-2017-13015", "CVE-2017-12988", "CVE-2017-13018", "CVE-2017-12999", "CVE-2017-12899", "CVE-2017-13020", "CVE-2017-13032", "CVE-2017-13025", "CVE-2017-13011", "CVE-2017-13042", "CVE-2017-13003", "CVE-2017-13047", "CVE-2017-13012", "CVE-2017-13044", "CVE-2017-13004", "CVE-2017-13033", "CVE-2017-13009", "CVE-2017-13007", "CVE-2017-13055", "CVE-2017-13001", "CVE-2017-12987", "CVE-2017-13030", "CVE-2017-13023", "CVE-2017-13002", "CVE-2017-13039", "CVE-2017-12994", "CVE-2017-12995", "CVE-2017-12989", "CVE-2017-12894", "CVE-2017-13021", "CVE-2017-12898", "CVE-2017-13045", "CVE-2017-13034"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843302", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843302", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3415_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for tcpdump USN-3415-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843302\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-14 07:16:21 +0200 (Thu, 14 Sep 2017)\");\n script_cve_id(\"CVE-2017-11543\", \"CVE-2017-13011\", \"CVE-2017-12989\",\n \"CVE-2017-12990\", \"CVE-2017-12995\", \"CVE-2017-12997\", \"CVE-2017-11108\",\n \"CVE-2017-11541\", \"CVE-2017-11542\", \"CVE-2017-12893\", \"CVE-2017-12894\",\n \"CVE-2017-12895\", \"CVE-2017-12896\", \"CVE-2017-12897\", \"CVE-2017-12898\",\n \"CVE-2017-12899\", \"CVE-2017-12900\", \"CVE-2017-12901\", \"CVE-2017-12902\",\n \"CVE-2017-12985\", \"CVE-2017-12986\", \"CVE-2017-12987\", \"CVE-2017-12988\",\n \"CVE-2017-12991\", \"CVE-2017-12992\", \"CVE-2017-12993\", \"CVE-2017-12994\",\n \"CVE-2017-12996\", \"CVE-2017-12998\", \"CVE-2017-12999\", \"CVE-2017-13000\",\n \"CVE-2017-13001\", \"CVE-2017-13002\", \"CVE-2017-13003\", \"CVE-2017-13004\",\n \"CVE-2017-13005\", \"CVE-2017-13006\", \"CVE-2017-13007\", \"CVE-2017-13008\",\n \"CVE-2017-13009\", \"CVE-2017-13010\", \"CVE-2017-13012\", \"CVE-2017-13013\",\n \"CVE-2017-13014\", \"CVE-2017-13015\", \"CVE-2017-13016\", \"CVE-2017-13017\",\n \"CVE-2017-13018\", \"CVE-2017-13019\", \"CVE-2017-13020\", \"CVE-2017-13021\",\n \"CVE-2017-13022\", \"CVE-2017-13023\", \"CVE-2017-13024\", \"CVE-2017-13025\",\n \"CVE-2017-13026\", \"CVE-2017-13027\", \"CVE-2017-13028\", \"CVE-2017-13029\",\n \"CVE-2017-13030\", \"CVE-2017-13031\", \"CVE-2017-13032\", \"CVE-2017-13033\",\n \"CVE-2017-13034\", \"CVE-2017-13035\", \"CVE-2017-13036\", \"CVE-2017-13037\",\n \"CVE-2017-13038\", \"CVE-2017-13039\", \"CVE-2017-13040\", \"CVE-2017-13041\",\n \"CVE-2017-13042\", \"CVE-2017-13043\", \"CVE-2017-13044\", \"CVE-2017-13045\",\n \"CVE-2017-13046\", \"CVE-2017-13047\", \"CVE-2017-13048\", \"CVE-2017-13049\",\n \"CVE-2017-13050\", \"CVE-2017-13051\", \"CVE-2017-13052\", \"CVE-2017-13053\",\n \"CVE-2017-13054\", \"CVE-2017-13055\", \"CVE-2017-13687\", \"CVE-2017-13688\",\n \"CVE-2017-13689\", \"CVE-2017-13690\", \"CVE-2017-13725\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for tcpdump USN-3415-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tcpdump'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Wilfried Kirsch discovered a buffer overflow\n in the SLIP decoder in tcpdump. A remote attacker could use this to cause a\n denial of service (application crash) or possibly execute arbitrary code.\n (CVE-2017-11543) Bhargava Shastry discovered a buffer overflow in the bitfield\n converter utility function bittok2str_internal() in tcpdump. A remote attacker\n could use this to cause a denial of service (application crash) or possibly\n execute arbitrary code. (CVE-2017-13011) Otto Airamo and Antti Levomki\n discovered logic errors in different protocol parsers in tcpdump that could lead\n to an infinite loop. A remote attacker could use these to cause a denial of\n service (application hang). CVE-2017-12989, CVE-2017-12990, CVE-2017-12995,\n CVE-2017-12997) Otto Airamo, Brian Carpenter, Yannick Formaggio, Kamil\n Frankowicz, Katie Holly, Kim Gwan Yeong, Antti Levomki, Henri Salo, and\n Bhargava Shastry discovered out-of-bounds reads in muliptle protocol parsers in\n tcpdump. A remote attacker could use these to cause a denial of service\n (application crash). (CVE-2017-11108, CVE-2017-11541, CVE-2017-11542,\n CVE-2017-12893, CVE-2017-12894, CVE-2017-12895, CVE-2017-12896, CVE-2017-12897,\n CVE-2017-12898, CVE-2017-12899, CVE-2017-12900, CVE-2017-12901, CVE-2017-12902,\n CVE-2017-12985, CVE-2017-12986, CVE-2017-12987, CVE-2017-12988, CVE-2017-12991,\n CVE-2017-12992, CVE-2017-12993, CVE-2017-12994, CVE-2017-12996, CVE-2017-12998,\n CVE-2017-12999, CVE-2017-13000, CVE-2017-13001, CVE-2017-13002, CVE-2017-13003,\n CVE-2017-13004, CVE-2017-13005, CVE-2017-13006, CVE-2017-13007, CVE-2017-13008,\n CVE-2017-13009, CVE-2017-13010, CVE-2017-13012, CVE-2017-13013, CVE-2017-13014,\n CVE-2017-13015, CVE-2017-13016, CVE-2017-13017, CVE-2017-13018, CVE-2017-13019,\n CVE-2017-13020, CVE-2017-13021, CVE-2017-13022, CVE-2017-13023, CVE-2017-13024,\n CVE-2017-13025, CVE-2017-13026, CVE-2017-13027, CVE-2017-13028, CVE-2017-13029,\n CVE-2017-13030, CVE-2017-13031, CVE-2017-13032, CVE-2017-13033, CVE-2017-13034,\n CVE-2017-13035, CVE-2017-13036, CVE-2017-13037, CVE-2017-13038, CVE-2017-13039,\n CVE-2017-13040, CVE-2017-13041, CVE-2017-13042, CVE-2017-13043, CVE-2017-13044,\n CVE-2017-13045, CVE-2017-13046, CVE-2017-13047, CVE-2017-13048, CVE-2017-13049,\n CVE-2017-13050, CVE-2017-13051, CVE-2017-13052, CVE-2017-13053, CVE-2017-13054,\n CVE-2017-13055, CVE-2017-13687, CVE-2017-13688, CVE-2017-13689, CVE-2017-13690,\n CVE-2017-13725)\");\n script_tag(name:\"affected\", value:\"tcpdump on Ubuntu 17.04,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3415-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3415-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.04|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"tcpdump\", ver:\"4.9.2-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"tcpdump\", ver:\"4.9.2-0ubuntu0.17.04.2\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"tcpdump\", ver:\"4.9.2-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:57", "description": "Several vulnerabilities have been discovered in tcpdump, a command-line\nnetwork traffic analyzer. These vulnerabilities might result in denial\nof service or, potentially, execution of arbitrary code.", "cvss3": {}, "published": "2017-09-13T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3971-1 (tcpdump - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13008", "CVE-2017-13038", "CVE-2017-13040", "CVE-2017-12902", "CVE-2017-12986", "CVE-2017-13036", "CVE-2017-13031", "CVE-2017-12896", "CVE-2017-12893", "CVE-2017-13037", "CVE-2017-13053", "CVE-2017-12998", "CVE-2017-13006", "CVE-2017-11543", "CVE-2017-13049", "CVE-2017-13026", "CVE-2017-13017", "CVE-2017-13687", "CVE-2017-12991", "CVE-2017-13016", "CVE-2017-12897", "CVE-2017-13051", "CVE-2017-13029", "CVE-2017-13035", "CVE-2017-13689", "CVE-2017-13027", "CVE-2017-13010", "CVE-2017-12900", "CVE-2017-13046", "CVE-2017-12901", "CVE-2017-13022", "CVE-2017-13019", "CVE-2017-13043", "CVE-2017-11108", "CVE-2017-13054", "CVE-2017-13688", "CVE-2017-13050", "CVE-2017-12895", "CVE-2017-12997", "CVE-2017-13013", "CVE-2017-13048", "CVE-2017-12985", "CVE-2017-12996", "CVE-2017-13690", "CVE-2017-12992", "CVE-2017-13005", "CVE-2017-13014", "CVE-2017-13052", "CVE-2017-12993", "CVE-2017-12990", "CVE-2017-13725", "CVE-2017-13024", "CVE-2017-11542", "CVE-2017-13028", "CVE-2017-11541", "CVE-2017-13000", "CVE-2017-13041", "CVE-2017-13015", "CVE-2017-12988", "CVE-2017-13018", "CVE-2017-12999", "CVE-2017-12899", "CVE-2017-13020", "CVE-2017-13032", "CVE-2017-13025", "CVE-2017-13011", "CVE-2017-13042", "CVE-2017-13003", "CVE-2017-13047", "CVE-2017-13012", "CVE-2017-13044", "CVE-2017-13004", "CVE-2017-13033", "CVE-2017-13009", "CVE-2017-13007", "CVE-2017-13055", "CVE-2017-13001", "CVE-2017-12987", "CVE-2017-13030", "CVE-2017-13023", "CVE-2017-13002", "CVE-2017-13039", "CVE-2017-12994", "CVE-2017-12995", "CVE-2017-12989", "CVE-2017-12894", "CVE-2017-13021", "CVE-2017-12898", "CVE-2017-13045", "CVE-2017-13034"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703971", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703971", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_3971.nasl 14280 2019-03-18 14:50:45Z cfischer $\n#\n# Auto-generated from advisory DSA 3971-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703971\");\n script_version(\"$Revision: 14280 $\");\n script_cve_id(\"CVE-2017-11108\", \"CVE-2017-11541\", \"CVE-2017-11542\", \"CVE-2017-11543\", \"CVE-2017-12893\", \"CVE-2017-12894\", \"CVE-2017-12895\", \"CVE-2017-12896\", \"CVE-2017-12897\", \"CVE-2017-12898\", \"CVE-2017-12899\", \"CVE-2017-12900\", \"CVE-2017-12901\", \"CVE-2017-12902\", \"CVE-2017-12985\", \"CVE-2017-12986\", \"CVE-2017-12987\", \"CVE-2017-12988\", \"CVE-2017-12989\", \"CVE-2017-12990\", \"CVE-2017-12991\", \"CVE-2017-12992\", \"CVE-2017-12993\", \"CVE-2017-12994\", \"CVE-2017-12995\", \"CVE-2017-12996\", \"CVE-2017-12997\", \"CVE-2017-12998\", \"CVE-2017-12999\", \"CVE-2017-13000\", \"CVE-2017-13001\", \"CVE-2017-13002\", \"CVE-2017-13003\", \"CVE-2017-13004\", \"CVE-2017-13005\", \"CVE-2017-13006\", \"CVE-2017-13007\", \"CVE-2017-13008\", \"CVE-2017-13009\", \"CVE-2017-13010\", \"CVE-2017-13011\", \"CVE-2017-13012\", \"CVE-2017-13013\", \"CVE-2017-13014\", \"CVE-2017-13015\", \"CVE-2017-13016\", \"CVE-2017-13017\", \"CVE-2017-13018\", \"CVE-2017-13019\", \"CVE-2017-13020\", \"CVE-2017-13021\", \"CVE-2017-13022\", \"CVE-2017-13023\", \"CVE-2017-13024\", \"CVE-2017-13025\", \"CVE-2017-13026\", \"CVE-2017-13027\", \"CVE-2017-13028\", \"CVE-2017-13029\", \"CVE-2017-13030\", \"CVE-2017-13031\", \"CVE-2017-13032\", \"CVE-2017-13033\", \"CVE-2017-13034\", \"CVE-2017-13035\", \"CVE-2017-13036\", \"CVE-2017-13037\", \"CVE-2017-13038\", \"CVE-2017-13039\", \"CVE-2017-13040\", \"CVE-2017-13041\", \"CVE-2017-13042\", \"CVE-2017-13043\", \"CVE-2017-13044\", \"CVE-2017-13045\", \"CVE-2017-13046\", \"CVE-2017-13047\", \"CVE-2017-13048\", \"CVE-2017-13049\", \"CVE-2017-13050\", \"CVE-2017-13051\", \"CVE-2017-13052\", \"CVE-2017-13053\", \"CVE-2017-13054\", \"CVE-2017-13055\", \"CVE-2017-13687\", \"CVE-2017-13688\", \"CVE-2017-13689\", \"CVE-2017-13690\", \"CVE-2017-13725\");\n script_name(\"Debian Security Advisory DSA 3971-1 (tcpdump - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:50:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-13 00:00:00 +0200 (Wed, 13 Sep 2017)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2017/dsa-3971.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(8|9)\");\n script_tag(name:\"affected\", value:\"tcpdump on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), these problems have been fixed\nin version 4.9.2-1~deb8u1.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 4.9.2-1~deb9u1.\n\nFor the testing distribution (buster), these problems have been fixed\nin version 4.9.2-1 or earlier versions.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4.9.2-1 or earlier versions.\n\nWe recommend that you upgrade your tcpdump packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been discovered in tcpdump, a command-line\nnetwork traffic analyzer. These vulnerabilities might result in denial\nof service or, potentially, execution of arbitrary code.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"tcpdump\", ver:\"4.9.2-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"tcpdump\", ver:\"4.9.2-1~deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:39:19", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", &q

tcpdump vulnerabilities

Description

Affected Package

Related