Lucene search

Veracode Vulnerability DatabaseVERACODE:26107

HistoryAug 06, 2020 - 9:30 p.m.

Arbitrary Code Execution

2020-08-0621:30:40

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

JSON

tcpdump is vulnerable to arbitrary code execution. The vulnerability exists as the command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file().

CPENameOperatorVersion
tcpdumpeq4.9.2-r4
tcpdumpeq4.9.2__5.el8
tcpdumpeq4.9.2-r4
tcpdumpeq4.9.2__5.el8

Name	Operator	Version
tcpdump	eq	4.9.2-r4
tcpdump	eq	4.9.2__5.el8
tcpdump	eq	4.9.2-r4
tcpdump	eq	4.9.2__5.el8

References

lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html

lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html

seclists.org/fulldisclosure/2019/Dec/26

github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES

github.com/the-tcpdump-group/tcpdump/commit/9ba91381954ad325ea4fd26b9c65a8bd9a2a85b6

lists.debian.org/debian-lts-announce/2019/10/msg00015.html

lists.fedoraproject.org/archives/list/[email protected]/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/

lists.fedoraproject.org/archives/list/[email protected]/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/

lists.fedoraproject.org/archives/list/[email protected]/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/

seclists.org/bugtraq/2019/Dec/23

seclists.org/bugtraq/2019/Oct/28

security.netapp.com/advisory/ntap-20200120-0001/

support.apple.com/kb/HT210788

support.f5.com/csp/article/K51512510?utm_source=f5support&utm_medium=RSS

www.debian.org/security/2019/dsa-4547

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

JSON

Related for VERACODE:26107