CVE-2014-8769

MEDIUM

Description

tcpdump 3.8 through 4.6.2 might allow remote attackers to obtain sensitive information from memory or cause a denial of service (packet loss or segmentation fault) via a crafted Ad hoc On-Demand Distance Vector (AODV) packet, which triggers an out-of-bounds memory access.

References

http://advisories.mageia.org/MGASA-2014-0503.html

http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html

http://lists.opensuse.org/opensuse-updates/2015-02/msg00062.html

http://packetstormsecurity.com/files/129157/tcpdump-4.6.2-AOVD-Unreliable-Output.html

http://seclists.org/fulldisclosure/2014/Nov/49

http://www.debian.org/security/2014/dsa-3086

http://www.mandriva.com/security/advisories?name=MDVSA-2014:240

http://www.mandriva.com/security/advisories?name=MDVSA-2015:125

http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

http://www.securityfocus.com/archive/1/534009/100/0/threaded

http://www.securityfocus.com/bid/71153

http://www.ubuntu.com/usn/USN-2433-1

https://exchange.xforce.ibmcloud.com/vulnerabilities/98764

https://support.apple.com/kb/HT205031

Details

Source: MITRE

Published: 2014-11-20

Updated: 2018-10-09

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 6.4

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P

Impact Score: 4.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:redhat:tcpdump:3.8.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:tcpdump:3.8.2:*:*:*:*:*:*:*

cpe:2.3:a:redhat:tcpdump:3.9.2:*:*:*:*:*:*:*

cpe:2.3:a:redhat:tcpdump:3.9.3:*:*:*:*:*:*:*

cpe:2.3:a:redhat:tcpdump:3.9.4:*:*:*:*:*:*:*

cpe:2.3:a:redhat:tcpdump:3.9.5:*:*:*:*:*:*:*

cpe:2.3:a:redhat:tcpdump:3.9.6:*:*:*:*:*:*:*

cpe:2.3:a:redhat:tcpdump:3.9.7:*:*:*:*:*:*:*

cpe:2.3:a:redhat:tcpdump:3.9.8:*:*:*:*:*:*:*

cpe:2.3:a:redhat:tcpdump:4.0.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:tcpdump:4.1.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:tcpdump:4.1.1:*:*:*:*:*:*:*

cpe:2.3:a:redhat:tcpdump:4.1.2:*:*:*:*:*:*:*

cpe:2.3:a:redhat:tcpdump:4.2.1:*:*:*:*:*:*:*

cpe:2.3:a:redhat:tcpdump:4.3.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:tcpdump:4.3.1:*:*:*:*:*:*:*

cpe:2.3:a:redhat:tcpdump:4.4.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:tcpdump:4.5.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:tcpdump:4.5.1:*:*:*:*:*:*:*

cpe:2.3:a:redhat:tcpdump:4.5.2:*:*:*:*:*:*:*

cpe:2.3:a:redhat:tcpdump:4.6.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:tcpdump:4.6.1:*:*:*:*:*:*:*

cpe:2.3:a:redhat:tcpdump:4.6.2:*:*:*:*:*:*:*

Tenable Plugins

View all (19 total)

IDNameProductFamilySeverity
100040openSUSE Security Update : tcpdump / libpcap (openSUSE-2017-557)NessusSuSE Local Security Checks
high
99705SUSE SLED12 / SLES12 Security Update : tcpdump, libpcap (SUSE-SU-2017:1110-1)NessusSuSE Local Security Checks
high
8981Mac OS X < 10.10.5 Multiple VulnerabilitiesNessus Network MonitorOperating System Detection
high
85408Mac OS X 10.10.x < 10.10.5 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
high
82378Mandriva Linux Security Advisory : tcpdump (MDVSA-2015:125)NessusMandriva Local Security Checks
high
82086Debian DLA-102-1 : tcpdump security updateNessusDebian Local Security Checks
medium
81923AIX 6.1 TL 9 : tcpdump (IV68992)NessusAIX Local Security Checks
medium
81922AIX 7.1 TL 2 : tcpdump (IV68951)NessusAIX Local Security Checks
medium
81921AIX 6.1 TL 8 : tcpdump (IV68950)NessusAIX Local Security Checks
medium
81920AIX 7.1 TL 3 : tcpdump (IV67588)NessusAIX Local Security Checks
medium
81371openSUSE Security Update : tcpdump (openSUSE-2015-146)NessusSuSE Local Security Checks
medium
81228GLSA-201502-05 : tcpdump: Multiple vulnerabilitiesNessusGentoo Local Security Checks
medium
80253SuSE 11.3 Security Update : tcpdump (SAT Patch Number 10093)NessusSuSE Local Security Checks
medium
79985Mandriva Linux Security Advisory : tcpdump (MDVSA-2014:240)NessusMandriva Local Security Checks
medium
79778Fedora 21 : tcpdump-4.6.2-2.fc21 (2014-15609)NessusFedora Local Security Checks
medium
79741Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : tcpdump vulnerabilities (USN-2433-1)NessusUbuntu Local Security Checks
medium
79700Fedora 19 : tcpdump-4.4.0-4.fc19 (2014-15549)NessusFedora Local Security Checks
medium
79697Debian DSA-3086-1 : tcpdump - security updateNessusDebian Local Security Checks
medium
79608Fedora 20 : tcpdump-4.5.1-2.fc20 (2014-15541)NessusFedora Local Security Checks
medium