CVE-2016-7927

CRITICAL
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The IEEE 802.11 parser in tcpdump before 4.9.0 has a buffer overflow in print-802_11.c:ieee802_11_radio_print().

References

http://www.debian.org/security/2017/dsa-3775

http://www.securityfocus.com/bid/95852

http://www.securitytracker.com/id/1037755

https://access.redhat.com/errata/RHSA-2017:1871

https://security.gentoo.org/glsa/201702-30

https://www.mail-archive.com/[email protected]/msg1494526.html

Details

Source: MITRE

Published: 2017-01-28

Updated: 2018-01-05

Type: CWE-119

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:* versions up to 4.8.1 (inclusive)

Tenable Plugins

View all (19 total)

IDNameProductFamilySeverity
121670Photon OS 1.0: Tcpdump PHSA-2017-0004NessusPhotonOS Local Security Checks
critical
111853Photon OS 1.0: Tcpdump PHSA-2017-0004 (deprecated)NessusPhotonOS Local Security Checks
critical
104308F5 Networks BIG-IP : tcpdump vulnerabilities (K77384526)NessusF5 Networks Local Security Checks
critical
103018EulerOS 2.0 SP2 : tcpdump (EulerOS-SA-2017-1180)NessusHuawei Local Security Checks
critical
103017EulerOS 2.0 SP1 : tcpdump (EulerOS-SA-2017-1179)NessusHuawei Local Security Checks
critical
102742CentOS 7 : tcpdump (CESA-2017:1871)NessusCentOS Local Security Checks
critical
102657Scientific Linux Security Update : tcpdump on SL7.x x86_64 (20170801)NessusScientific Linux Local Security Checks
critical
102287Oracle Linux 7 : tcpdump (ELSA-2017-1871)NessusOracle Linux Local Security Checks
critical
102148RHEL 7 : tcpdump (RHSA-2017:1871)NessusRed Hat Local Security Checks
critical
100040openSUSE Security Update : tcpdump / libpcap (openSUSE-2017-557)NessusSuSE Local Security Checks
critical
99705SUSE SLED12 / SLES12 Security Update : tcpdump, libpcap (SUSE-SU-2017:1110-1)NessusSuSE Local Security Checks
critical
99134macOS 10.12.x < 10.12.4 Multiple Vulnerabilities (httpoxy)NessusMacOS X Local Security Checks
critical
97695SUSE SLES11 Security Update : tcpdump (SUSE-SU-2017:0656-1)NessusSuSE Local Security Checks
critical
97318Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : tcpdump vulnerabilities (USN-3205-1)NessusUbuntu Local Security Checks
critical
97273GLSA-201702-30 : tcpdump: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
97172Fedora 25 : 14:tcpdump (2017-7ecbc90157)NessusFedora Local Security Checks
critical
97104Slackware 13.37 / 14.0 / 14.1 / 14.2 / current : tcpdump (SSA:2017-041-04)NessusSlackware Local Security Checks
critical
96884Debian DLA-809-1 : tcpdump security updateNessusDebian Local Security Checks
critical
96844Debian DSA-3775-1 : tcpdump - security updateNessusDebian Local Security Checks
critical