CVE-2014-8769

MEDIUM

Description

tcpdump 3.8 through 4.6.2 might allow remote attackers to obtain sensitive information from memory or cause a denial of service (packet loss or segmentation fault) via a crafted Ad hoc On-Demand Distance Vector (AODV) packet, which triggers an out-of-bounds memory access.

References

http://advisories.mageia.org/MGASA-2014-0503.html

http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html

http://lists.opensuse.org/opensuse-updates/2015-02/msg00062.html

http://packetstormsecurity.com/files/129157/tcpdump-4.6.2-AOVD-Unreliable-Output.html

http://seclists.org/fulldisclosure/2014/Nov/49

http://www.debian.org/security/2014/dsa-3086

http://www.mandriva.com/security/advisories?name=MDVSA-2014:240

http://www.mandriva.com/security/advisories?name=MDVSA-2015:125

http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

http://www.securityfocus.com/archive/1/534009/100/0/threaded

http://www.securityfocus.com/bid/71153

http://www.ubuntu.com/usn/USN-2433-1

https://exchange.xforce.ibmcloud.com/vulnerabilities/98764

https://support.apple.com/kb/HT205031

Details

Source: MITRE

Published: 2014-11-20

Updated: 2018-10-09

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 6.4

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P

Impact Score: 4.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

cpe:2.3:a:redhat:tcpdump:3.8.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:tcpdump:3.8.2:*:*:*:*:*:*:*

cpe:2.3:a:redhat:tcpdump:3.9.2:*:*:*:*:*:*:*

cpe:2.3:a:redhat:tcpdump:3.9.3:*:*:*:*:*:*:*

cpe:2.3:a:redhat:tcpdump:3.9.4:*:*:*:*:*:*:*

cpe:2.3:a:redhat:tcpdump:3.9.5:*:*:*:*:*:*:*

cpe:2.3:a:redhat:tcpdump:3.9.6:*:*:*:*:*:*:*

cpe:2.3:a:redhat:tcpdump:3.9.7:*:*:*:*:*:*:*

cpe:2.3:a:redhat:tcpdump:3.9.8:*:*:*:*:*:*:*

cpe:2.3:a:redhat:tcpdump:4.0.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:tcpdump:4.1.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:tcpdump:4.1.1:*:*:*:*:*:*:*

cpe:2.3:a:redhat:tcpdump:4.1.2:*:*:*:*:*:*:*

cpe:2.3:a:redhat:tcpdump:4.2.1:*:*:*:*:*:*:*

cpe:2.3:a:redhat:tcpdump:4.3.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:tcpdump:4.3.1:*:*:*:*:*:*:*

cpe:2.3:a:redhat:tcpdump:4.4.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:tcpdump:4.5.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:tcpdump:4.5.1:*:*:*:*:*:*:*

cpe:2.3:a:redhat:tcpdump:4.5.2:*:*:*:*:*:*:*

cpe:2.3:a:redhat:tcpdump:4.6.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:tcpdump:4.6.1:*:*:*:*:*:*:*

cpe:2.3:a:redhat:tcpdump:4.6.2:*:*:*:*:*:*:*

Tenable Plugins

View all (19 total)

ID	Name	Product	Family	Severity
100040	openSUSE Security Update : tcpdump / libpcap (openSUSE-2017-557)	Nessus	SuSE Local Security Checks	high
99705	SUSE SLED12 / SLES12 Security Update : tcpdump, libpcap (SUSE-SU-2017:1110-1)	Nessus	SuSE Local Security Checks	high
8981	Mac OS X < 10.10.5 Multiple Vulnerabilities	Nessus Network Monitor	Operating System Detection	high
85408	Mac OS X 10.10.x < 10.10.5 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	high
82378	Mandriva Linux Security Advisory : tcpdump (MDVSA-2015:125)	Nessus	Mandriva Local Security Checks	high
82086	Debian DLA-102-1 : tcpdump security update	Nessus	Debian Local Security Checks	medium
81923	AIX 6.1 TL 9 : tcpdump (IV68992)	Nessus	AIX Local Security Checks	medium
81922	AIX 7.1 TL 2 : tcpdump (IV68951)	Nessus	AIX Local Security Checks	medium
81921	AIX 6.1 TL 8 : tcpdump (IV68950)	Nessus	AIX Local Security Checks	medium
81920	AIX 7.1 TL 3 : tcpdump (IV67588)	Nessus	AIX Local Security Checks	medium
81371	openSUSE Security Update : tcpdump (openSUSE-2015-146)	Nessus	SuSE Local Security Checks	medium
81228	GLSA-201502-05 : tcpdump: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	medium
80253	SuSE 11.3 Security Update : tcpdump (SAT Patch Number 10093)	Nessus	SuSE Local Security Checks	medium
79985	Mandriva Linux Security Advisory : tcpdump (MDVSA-2014:240)	Nessus	Mandriva Local Security Checks	medium
79778	Fedora 21 : tcpdump-4.6.2-2.fc21 (2014-15609)	Nessus	Fedora Local Security Checks	medium
79741	Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : tcpdump vulnerabilities (USN-2433-1)	Nessus	Ubuntu Local Security Checks	medium
79700	Fedora 19 : tcpdump-4.4.0-4.fc19 (2014-15549)	Nessus	Fedora Local Security Checks	medium
79697	Debian DSA-3086-1 : tcpdump - security update	Nessus	Debian Local Security Checks	medium
79608	Fedora 20 : tcpdump-4.5.1-2.fc20 (2014-15541)	Nessus	Fedora Local Security Checks	medium