http://advisories.mageia.org/MGASA-2014-0511.html

APPLE-SA-2015-08-13-2

openSUSE-SU-2015:0616

http://packetstormsecurity.com/files/130730/tcpdump-Denial-Of-Service-Code-Execution.html

[tcpdump] 20141124 Re: Official patches for CVE-2014-8767/CVE-2014-8768/CVE-2014-8769?

DSA-3086

DSA-3193

MDVSA-2014:240

MDVSA-2015:125

20150309 tcpdump 4.7.2 remote crashes

71468

USN-2433-1

https://github.com/the-tcpdump-group/tcpdump/commit/0f95d441e4b5d7512cc5c326c8668a120e048eda

https://support.apple.com/kb/HT205031

The remote host is running a version of Mac OS X 10.10.x that is prior to version 10.10.5. The installed version is affected by multiple vulnerabilities in the following components :

 - apache (CVE-2014-3581, CVE-2014-3583, CVE-2014-8109, CVE-2015-0228, CVE-2015-0253, CVE-2015-3183, CVE-2015-3185)
 - apache_mod_php (CVE-2015-2783, CVE-2015-2787, CVE-2015-3307, CVE-2015-3329, CVE-2015-3330, CVE-2015-4021, CVE-2015-4022, CVE-2015-4024, CVE-2015-4025, CVE-2015-4026, CVE-2015-4147, CVE-2015-4148)
 - Apple ID OD Plug-in (CVE-2015-3799)
 - AppleGraphicsControl (CVE-2015-5768)
 - Bluetooth (CVE-2015-3777, CVE-2015-3779, CVE-2015-3780, CVE-2015-3786, CVE-2015-3787)
 - bootp (CVE-2015-3778)
 - CloudKit (CVE-2015-3782)
 - CoreMedia Playback (CVE-2015-5777, CVE-2015-5778)
 - CoreText (CVE-2015-5761, CVE-2015-5755)
 - curl (CVE-2014-3613, CVE-2014-3620, CVE-2014-3707, CVE-2014-8150, CVE-2014-8151, CVE-2015-3143, CVE-2015-3144, CVE-2015-3145, CVE-2015-3148, CVE-2015-3153)
 - Data Detectors Engine (CVE-2015-5750)
 - Date & Time pref pane (CVE-2015-3757)
 - Dictionary Application (CVE-2015-3774)
 - DiskImages (CVE-2015-3800)
 - dyld (CVE-2015-3760)
 - FontParser (CVE-2015-3804, CVE-2015-5775, CVE-2015-5756)
 - groff (CVE-2009-5044, CVE-2009-5078)
 - ImageIO (CVE-2015-5758, CVE-2015-5781, CVE-2015-5782)
 - Install Framework Legacy (CVE-2015-5784, CVE-2015-5754)
 - IOFireWireFamily (CVE-2015-3769, CVE-2015-3771, CVE-2015-3772)
 - IOGraphics (CVE-2015-3770, CVE-2015-5783)
 - IOHIDFamily (CVE-2015-5774)
 - Kernel (CVE-2015-3766, CVE-2015-3768, CVE-2015-5747, CVE-2015-5748, CVE-2015-3806, CVE-2015-3803, CVE-2015-3802, CVE-2015-3805, CVE-2015-3776, CVE-2015-3761)
 - Libc (CVE-2015-3796, CVE-2015-3797, CVE-2015-3798)
 - Libinfo (CVE-2015-5776)
 - libpthread (CVE-2015-5757)
 - libxml2 (CVE-2014-0191, CVE-2014-3660, CVE-2015-3807)
 - libxpc (CVE-2015-3795)
 - mail_cmds (CVE-2014-7844)
 - Notification Center OSX (CVE-2015-3764)
 - ntfs (CVE-2015-5763)
 - OpenSSH (CVE-2015-5600)
 - OpenSSL (CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792)
 - perl (CVE-2013-7422)
 - PostgreSQL (CVE-2014-0067, CVE-2014-8161, CVE-2015-0241, CVE-2015-0242, CVE-2015-0243, CVE-2015-0244)
 - python (CVE-2013-7040, CVE-2013-7338, CVE-2014-1912, CVE-2014-7185, CVE-2014-9365)
 - QL Office (CVE-2015-5773, CVE-2015-3784)
 - Quartz Composer Framework (CVE-2015-5771)
 - Quick Look (CVE-2015-3781)
 - QuickTime 7 (CVE-2015-3779, CVE-2015-5753, CVE-2015-5779, CVE-2015-3765, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751)
 - SceneKit (CVE-2015-5772, CVE-2015-3783)
 - Security (CVE-2015-3775)
 - SMBClient (CVE-2015-3773)
 - Speech UI (CVE-2015-3794)
 - sudo (CVE-2013-1775, CVE-2013-1776, CVE-2013-2776, CVE-2013-2777, CVE-2014-0106, CVE-2014-9680)
 - tcpdump (CVE-2014-8767, CVE-2014-8769, CVE-2014-9140)
 - Text Formats (CVE-2015-3762)
 - udf (CVE-2015-3767)

 Note that successful exploitation of the most serious issues can result in arbitrary code execution.

The remote host is running a version of Mac OS X 10.10.x that is prior to 10.10.5. It is, therefore, affected by multiple vulnerabilities in the following components :

  - apache
  - apache_mod_php
  - Apple ID OD Plug-in
  - AppleGraphicsControl
  - Bluetooth
  - bootp
  - CloudKit
  - CoreMedia Playback
  - CoreText
  - curl
  - Data Detectors Engine
  - Date & Time pref pane
  - Dictionary Application
  - DiskImages
  - dyld
  - FontParser
  - groff
  - ImageIO
  - Install Framework Legacy
  - IOFireWireFamily
  - IOGraphics
  - IOHIDFamily
  - Kernel
  - Libc
  - Libinfo
  - libpthread
  - libxml2
  - libxpc
  - mail_cmds
  - Notification Center OSX
  - ntfs
  - OpenSSH
  - OpenSSL
  - perl
  - PostgreSQL
  - python
  - QL Office
  - Quartz Composer Framework
  - Quick Look
  - QuickTime 7
  - SceneKit
  - Security
  - SMBClient
  - Speech UI
  - sudo
  - tcpdump
  - Text Formats
  - udf 

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

When running tcpdump, a remote unauthenticated user could have crashed the application or, potentially, execute arbitrary code by injecting crafted packages into the network.

The following vulnerabilities in protocol printers have been fixed :

  - IPv6 mobility printer remote DoS. (CVE-2015-0261,     bnc#922220)

  - Ethernet printer remote DoS. (CVE-2015-2154, bnc#922222)

  - PPP printer remote DoS (CVE-2014-9140, bnc#923142)

tcpdump was updated to fix five vulnerabilities in protocol printers

When running tcpdump, a remote unauthenticated user could have crashed the application or, potentially, execute arbitrary code by injecting crafted packages into the network.

The following vulnerabilities were fixed :

  - IPv6 mobility printer remote DoS (CVE-2015-0261,     bnc#922220)

  - PPP printer remote DoS (CVE-2014-9140, bnc#923142)

  - force printer remote DoS (CVE-2015-2155, bnc#922223)

  - ethernet printer remote DoS (CVE-2015-2154, bnc#922222)

  - tcp printer remote DoS (CVE-2015-2153, bnc#922221)

Updated tcpdump package fixes security vulnerabilities :

The Tcpdump program could crash when processing a malformed OLSR payload when the verbose output flag was set (CVE-2014-8767).

The application decoder for the Ad hoc On-Demand Distance Vector (AODV) protocol in Tcpdump fails to perform input validation and performs unsafe out-of-bound accesses. The application will usually not crash, but perform out-of-bounds accesses and output/leak larger amounts of invalid data, which might lead to dropped packets. It is unknown if a payload exists that might trigger segfaults (CVE-2014-8769).

It was discovered that tcpdump incorrectly handled printing PPP packets. A remote attacker could use this issue to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2014-9140).

Several vulnerabilities have been discovered in tcpdump. These vulnerabilities might result in denial of service (application crash) or, potentially, execution of arbitrary code (CVE-2015-0261, CVE-2015-2153, CVE-2015-2154, CVE-2015-2155).

Several vulnerabilities have been discovered in tcpdump, a command-line network traffic analyzer. These vulnerabilities might result in denial of service, leaking sensitive information from memory or, potentially, execution of arbitrary code.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-201502-05 (tcpdump: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in tcpdump:
      The olsr_print function function contains an integer underflow error         (CVE-2014-8767)       The geonet_print function function contains multiple integer         underflow errors (CVE-2014-8768)       The decoder for the Ad hoc On-Demand Distance Vector protocol         contains an out-of-bounds memory access error (CVE-2014-8769)       The ppp_hdlc function contains a buffer overflow error         (CVE-2014-9140)   Impact :

    A remote attacker may be able to send a specially crafted packet,       possibly resulting in execution of arbitrary code or a Denial of Service       condition.
  Workaround :

    There is no known workaround at this time.

Fix for CVE-2014-9140

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Updated tcpdump package fixes security vulnerabilities :

The Tcpdump program could crash when processing a malformed OLSR payload when the verbose output flag was set (CVE-2014-8767).

The application decoder for the Ad hoc On-Demand Distance Vector (AODV) protocol in Tcpdump fails to perform input validation and performs unsafe out-of-bound accesses. The application will usually not crash, but perform out-of-bounds accesses and output/leak larger amounts of invalid data, which might lead to dropped packets. It is unknown if a payload exists that might trigger segfaults (CVE-2014-8769).

It was discovered that tcpdump incorrectly handled printing PPP packets. A remote attacker could use this issue to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2014-9140).

Steffen Bauch discovered that tcpdump incorrectly handled printing OSLR packets. A remote attacker could use this issue to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-8767)

Steffen Bauch discovered that tcpdump incorrectly handled printing GeoNet packets. A remote attacker could use this issue to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2014-8768)

Steffen Bauch discovered that tcpdump incorrectly handled printing AODV packets. A remote attacker could use this issue to cause tcpdump to crash, resulting in a denial of service, reveal sensitive information, or possibly execute arbitrary code. (CVE-2014-8769)

It was discovered that tcpdump incorrectly handled printing PPP packets. A remote attacker could use this issue to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-9140)

In the default installation, attackers would be isolated by the tcpdump AppArmor profile.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several vulnerabilities have been discovered in tcpdump, a command-line network traffic analyzer. These vulnerabilities might result in denial of service, leaking sensitive information from memory or, potentially, execution of arbitrary code.

ID	Name	Product	Family	Severity
8981	Mac OS X < 10.10.5 Multiple Vulnerabilities	Nessus Network Monitor	Operating System Detection	high
85408	Mac OS X 10.10.x < 10.10.5 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	high
82658	SuSE 11.3 Security Update : tcpdump (SAT Patch Number 10509)	Nessus	SuSE Local Security Checks	high
82425	openSUSE Security Update : tcpdump (openSUSE-2015-267)	Nessus	SuSE Local Security Checks	high
82378	Mandriva Linux Security Advisory : tcpdump (MDVSA-2015:125)	Nessus	Mandriva Local Security Checks	high
82086	Debian DLA-102-1 : tcpdump security update	Nessus	Debian Local Security Checks	medium
81228	GLSA-201502-05 : tcpdump: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	medium
80403	Fedora 21 : tcpdump-4.6.2-3.fc21 (2014-16823)	Nessus	Fedora Local Security Checks	medium
80092	Fedora 20 : tcpdump-4.5.1-3.fc20 (2014-16861)	Nessus	Fedora Local Security Checks	medium
79985	Mandriva Linux Security Advisory : tcpdump (MDVSA-2014:240)	Nessus	Mandriva Local Security Checks	medium
79741	Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : tcpdump vulnerabilities (USN-2433-1)	Nessus	Ubuntu Local Security Checks	medium
79697	Debian DSA-3086-1 : tcpdump - security update	Nessus	Debian Local Security Checks	medium

CVE-2014-9140

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Tenable Plugins