CVE-2015-2155

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The force printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.

References

http://advisories.mageia.org/MGASA-2015-0114.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153834.html

http://lists.opensuse.org/opensuse-updates/2015-03/msg00084.html

http://packetstormsecurity.com/files/130730/tcpdump-Denial-Of-Service-Code-Execution.html

http://www.debian.org/security/2015/dsa-3193

http://www.mandriva.com/security/advisories?name=MDVSA-2015:125

http://www.mandriva.com/security/advisories?name=MDVSA-2015:182

http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

http://www.securityfocus.com/archive/1/534829/100/0/threaded

http://www.securityfocus.com/bid/73021

http://www.securitytracker.com/id/1031937

http://www.ubuntu.com/usn/USN-2580-1

https://access.redhat.com/errata/RHSA-2017:1871

https://bugzilla.redhat.com/show_bug.cgi?id=1201798

https://security.gentoo.org/glsa/201510-04

Details

Source: MITRE

Published: 2015-03-24

Updated: 2018-10-30

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*

Configuration 5

OR

cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:* versions up to 4.7.0 (inclusive)

Tenable Plugins

View all (16 total)

IDNameProductFamilySeverity
103018EulerOS 2.0 SP2 : tcpdump (EulerOS-SA-2017-1180)NessusHuawei Local Security Checks
critical
103017EulerOS 2.0 SP1 : tcpdump (EulerOS-SA-2017-1179)NessusHuawei Local Security Checks
critical
102742CentOS 7 : tcpdump (CESA-2017:1871)NessusCentOS Local Security Checks
critical
102657Scientific Linux Security Update : tcpdump on SL7.x x86_64 (20170801)NessusScientific Linux Local Security Checks
critical
102287Oracle Linux 7 : tcpdump (ELSA-2017-1871)NessusOracle Linux Local Security Checks
critical
102148RHEL 7 : tcpdump (RHSA-2017:1871)NessusRed Hat Local Security Checks
critical
100040openSUSE Security Update : tcpdump / libpcap (openSUSE-2017-557)NessusSuSE Local Security Checks
critical
99705SUSE SLED12 / SLES12 Security Update : tcpdump, libpcap (SUSE-SU-2017:1110-1)NessusSuSE Local Security Checks
critical
86689GLSA-201510-04 : tcpdump: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
83112Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : tcpdump vulnerabilities (USN-2580-1)NessusUbuntu Local Security Checks
high
82457Mandriva Linux Security Advisory : tcpdump (MDVSA-2015:182)NessusMandriva Local Security Checks
high
82445Fedora 21 : tcpdump-4.7.3-1.fc21 (2015-4939)NessusFedora Local Security Checks
high
82425openSUSE Security Update : tcpdump (openSUSE-2015-267)NessusSuSE Local Security Checks
high
82378Mandriva Linux Security Advisory : tcpdump (MDVSA-2015:125)NessusMandriva Local Security Checks
high
82159Debian DLA-174-1 : tcpdump security updateNessusDebian Local Security Checks
high
81899Debian DSA-3193-1 : tcpdump - security updateNessusDebian Local Security Checks
high