DSA-3971

99940

1039307

RHEA-2018:0705

https://github.com/hackerlib/hackerlib-vul/tree/master/tcpdump-vul/heap-buffer-overflow/print-pim

GLSA-201709-23

https://support.apple.com/HT208221

According to the versions of the tcpdump package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - tcpdump 4.9.0 allows remote attackers to cause a denial     of service (heap-based buffer over-read and application     crash) via crafted packet data. The crash occurs in the     EXTRACT_16BITS function, called from the stp_print     function for the Spanning Tree     Protocol.(CVE-2017-11108)

  - tcpdump 4.9.0 has a buffer overflow in the     sliplink_print function in print-sl.c.(CVE-2017-11543)

  - tcpdump 4.9.0 has a heap-based buffer over-read in the     lldp_print function in print-lldp.c, related to     util-print.c.(CVE-2017-11541)

  - tcpdump 4.9.0 has a heap-based buffer over-read in the     pimv1_print function in print-pim.c.(CVE-2017-11542)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the tcpdump package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - tcpdump 4.9.0 allows remote attackers to cause a denial     of service (heap-based buffer over-read and application     crash) via crafted packet data. The crash occurs in the     EXTRACT_16BITS function, called from the stp_print     function for the Spanning Tree     Protocol.(CVE-2017-11108)

  - tcpdump 4.9.0 has a heap-based buffer over-read in the     pimv1_print function in print-pim.c.(CVE-2017-11542)

  - tcpdump 4.9.0 has a heap-based buffer over-read in the     lldp_print function in print-lldp.c, related to     util-print.c.(CVE-2017-11541)

  - tcpdump 4.9.0 has a buffer overflow in the     sliplink_print function in print-sl.c.(CVE-2017-11543)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has tcpdump packages installed that are affected by multiple vulnerabilities:

  - Several protocol parsers in tcpdump before 4.9.2 could     cause a buffer over-read in util-print.c:tok2strbuf().
    (CVE-2017-12900)

  - tcpdump 4.9.0 allows remote attackers to cause a denial     of service (heap-based buffer over-read and application     crash) via crafted packet data. The crash occurs in the     EXTRACT_16BITS function, called from the stp_print     function for the Spanning Tree Protocol.
    (CVE-2017-11108)

  - A vulnerability was discovered in tcpdump's handling of     LINKTYPE_SLIP pcap files. An attacker could craft a     malicious pcap file that would cause tcpdump to crash     when attempting to print a summary of packet data within     the file. (CVE-2017-11543, CVE-2017-11544)

  - The ISO CLNS parser in tcpdump before 4.9.2 has a buffer     over-read in print-isoclns.c:isoclns_print().
    (CVE-2017-12897)

  - The ISAKMP parser in tcpdump before 4.9.2 has a buffer     over-read in print-isakmp.c:isakmp_rfc3948_print().
    (CVE-2017-12896)

  - The IPv6 fragmentation header parser in tcpdump before     4.9.2 has a buffer over-read in print-     frag6.c:frag6_print(). (CVE-2017-13031)

  - The RADIUS parser in tcpdump before 4.9.2 has a buffer     over-read in print-radius.c:print_attr_string().
    (CVE-2017-13032)

  - The IPv6 mobility parser in tcpdump before 4.9.2 has a     buffer over-read in print-     mobility.c:mobility_opt_print(). (CVE-2017-13023,     CVE-2017-13024, CVE-2017-13025)

  - The ISO ES-IS parser in tcpdump before 4.9.2 has a     buffer over-read in print-isoclns.c:esis_print().
    (CVE-2017-13016, CVE-2017-13047)

  - The LLDP parser in tcpdump before 4.9.2 has a buffer     over-read in print-lldp.c:lldp_mgmt_addr_tlv_print().
    (CVE-2017-13027)

  - The White Board protocol parser in tcpdump before 4.9.2     has a buffer over-read in print-wb.c:wb_prep(), several     functions. (CVE-2017-13014)

  - The IS-IS parser in tcpdump before 4.9.2 has a buffer     over-read in print-isoclns.c:isis_print_extd_ip_reach().
    (CVE-2017-12998)

  - The IEEE 802.15.4 parser in tcpdump before 4.9.2 has a     buffer over-read in     print-802_15_4.c:ieee802_15_4_if_print().
    (CVE-2017-13000)

  - The ISO IS-IS parser in tcpdump before 4.9.2 has a     buffer over-read in print-isoclns.c:isis_print_id().
    (CVE-2017-13035)

  - The OSPFv3 parser in tcpdump before 4.9.2 has a buffer     over-read in print-ospf6.c:ospf6_decode_v3().
    (CVE-2017-13036)

  - The ISO IS-IS parser in tcpdump before 4.9.2 has a     buffer over-read in print-isoclns.c, several functions.
    (CVE-2017-13026)

  - The Juniper protocols parser in tcpdump before 4.9.2 has     a buffer over-read in print-     juniper.c:juniper_parse_header(). (CVE-2017-13004)

  - The PPP parser in tcpdump before 4.9.2 has a buffer     over-read in print-ppp.c:print_ccp_config_options().
    (CVE-2017-13029)

  - The IPv6 mobility parser in tcpdump before 4.9.2 has a     buffer over-read in print-mobility.c:mobility_print().
    (CVE-2017-13009)

  - The Apple PKTAP parser in tcpdump before 4.9.2 has a     buffer over-read in print-pktap.c:pktap_if_print().
    (CVE-2017-13007)

  - The IEEE 802.11 parser in tcpdump before 4.9.2 has a     buffer over-read in print-802_11.c:parse_elements().
    (CVE-2017-13008, CVE-2017-12987)

  - The Juniper protocols parser in tcpdump before 4.9.2 has     a buffer over-read in print-juniper.c, several     functions. (CVE-2017-12993)

  - The ISAKMP parser in tcpdump before 4.9.2 has a buffer     over-read in print-isakmp.c, several functions.
    (CVE-2017-13039)

  - The MPTCP parser in tcpdump before 4.9.2 has a buffer     over-read in print-mptcp.c, several functions.
    (CVE-2017-13040)

  - The ICMPv6 parser in tcpdump before 4.9.2 has a buffer     over-read in print-icmp6.c:icmp6_nodeinfo_print().
    (CVE-2017-13041)

  - The BGP parser in tcpdump before 4.9.2 has a buffer     over-read in print-bgp.c:decode_multicast_vpn().
    (CVE-2017-13043)

  - The BGP parser in tcpdump before 4.9.2 has a buffer     over-read in print-bgp.c:decode_rt_routing_info().
    (CVE-2017-13053)

  - The LLDP parser in tcpdump before 4.9.2 has a buffer     over-read in print-lldp.c:lldp_private_8023_print().
    (CVE-2017-13054)

  - The RPKI-Router parser in tcpdump before 4.9.2 has a     buffer over-read in print-rpki-     rtr.c:rpki_rtr_pdu_print(). (CVE-2017-13050)

  - The IKEv2 parser in tcpdump before 4.9.2 has a buffer     over-read in print-isakmp.c, several functions.
    (CVE-2017-13690)

  - The IPv6 routing header parser in tcpdump before 4.9.2     has a buffer over-read in print-rt6.c:rt6_print().
    (CVE-2017-13725, CVE-2017-12986)

  - The ISO IS-IS parser in tcpdump before 4.9.2 has a     buffer over-read in print-     isoclns.c:isis_print_is_reach_subtlv(). (CVE-2017-13055)

  - The Cisco HDLC parser in tcpdump before 4.9.2 has a     buffer over-read in print-chdlc.c:chdlc_print().
    (CVE-2017-13687)

  - The RESP parser in tcpdump before 4.9.2 could enter an     infinite loop due to a bug in print-     resp.c:resp_get_length(). (CVE-2017-12989)

  - The Zephyr parser in tcpdump before 4.9.2 has a buffer     over-read in print-zephyr.c, several functions.
    (CVE-2017-12902)

  - The DNS parser in tcpdump before 4.9.2 could enter an     infinite loop due to a bug in print-domain.c:ns_print().
    (CVE-2017-12995)

  - Several protocol parsers in tcpdump before 4.9.2 could     cause a buffer over-read in     addrtoname.c:lookup_bytestring(). (CVE-2017-12894)

  - The LLDP parser in tcpdump before 4.9.2 could enter an     infinite loop due to a bug in print-     lldp.c:lldp_private_8021_print(). (CVE-2017-12997)

  - The ISAKMP parser in tcpdump before 4.9.2 could enter an     infinite loop due to bugs in print-isakmp.c, several     functions. (CVE-2017-12990)

  - A vulnerability was found in tcpdump's verbose printing     of packet data. A crafted pcap file or specially crafted     network traffic could cause tcpdump to write out of     bounds in the BSS segment, potentially causing tcpdump     to display truncated or incorrectly decoded fields or     crash with a segmentation violation. This does not     affect tcpdump when used with the -w option to save a     pcap file. (CVE-2017-13011)

  - The SMB/CIFS parser in tcpdump before 4.9.2 has a buffer     over-read in smbutil.c:name_len(). (CVE-2017-12893)

  - The ICMP parser in tcpdump before 4.9.2 has a buffer     over-read in print-icmp.c:icmp_print(). (CVE-2017-12895,     CVE-2017-13012)

  - The NFS parser in tcpdump before 4.9.2 has a buffer     over-read in print-nfs.c:interp_reply().
    (CVE-2017-12898)

  - The DECnet parser in tcpdump before 4.9.2 has a buffer     over-read in print-decnet.c:decnet_print().
    (CVE-2017-12899)

  - The EIGRP parser in tcpdump before 4.9.2 has a buffer     over-read in print-eigrp.c:eigrp_print().
    (CVE-2017-12901)

  - The IPv6 parser in tcpdump before 4.9.2 has a buffer     over-read in print-ip6.c:ip6_print(). (CVE-2017-12985)

  - The telnet parser in tcpdump before 4.9.2 has a buffer     over-read in print-telnet.c:telnet_parse().
    (CVE-2017-12988)

  - The BGP parser in tcpdump before 4.9.2 has a buffer     over-read in print-bgp.c:bgp_attr_print().
    (CVE-2017-12991, CVE-2017-12994, CVE-2017-13046)

  - The RIPng parser in tcpdump before 4.9.2 has a buffer     over-read in print-ripng.c:ripng_print().
    (CVE-2017-12992)

  - The PIMv2 parser in tcpdump before 4.9.2 has a buffer     over-read in print-pim.c:pimv2_print(). (CVE-2017-12996)

  - The IS-IS parser in tcpdump before 4.9.2 has a buffer     over-read in print-isoclns.c:isis_print().
    (CVE-2017-12999)

  - The NFS parser in tcpdump before 4.9.2 has a buffer     over-read in print-nfs.c:nfs_printfh(). (CVE-2017-13001)

  - The AODV parser in tcpdump before 4.9.2 has a buffer     over-read in print-aodv.c:aodv_extension().
    (CVE-2017-13002)

  - The LMP parser in tcpdump before 4.9.2 has a buffer     over-read in print-lmp.c:lmp_print(). (CVE-2017-13003)

  - The NFS parser in tcpdump before 4.9.2 has a buffer     over-read in print-nfs.c:xid_map_enter().
    (CVE-2017-13005)

  - The L2TP parser in tcpdump before 4.9.2 has a buffer     over-read in print-l2tp.c, several functions.
    (CVE-2017-13006)

  - The BEEP parser in tcpdump before 4.9.2 has a buffer     over-read in print-beep.c:l_strnstart().
    (CVE-2017-13010)

  - The ARP parser in tcpdump before 4.9.2 has a buffer     over-read in print-arp.c, several functions.
    (CVE-2017-13013)

  - The EAP parser in tcpdump before 4.9.2 has a buffer     over-read in print-eap.c:eap_print(). (CVE-2017-13015)

  - The DHCPv6 parser in tcpdump before 4.9.2 has a buffer     over-read in print-dhcp6.c:dhcp6opt_print().
    (CVE-2017-13017)

  - The PGM parser in tcpdump before 4.9.2 has a buffer     over-read in print-pgm.c:pgm_print(). (CVE-2017-13018,     CVE-2017-13019, CVE-2017-13034)

  - The VTP parser in tcpdump before 4.9.2 has a buffer     over-read in print-vtp.c:vtp_print(). (CVE-2017-13020,     CVE-2017-13033)

  - The ICMPv6 parser in tcpdump before 4.9.2 has a buffer     over-read in print-icmp6.c:icmp6_print().
    (CVE-2017-13021)

  - The IP parser in tcpdump before 4.9.2 has a buffer over-     read in print-ip.c:ip_printroute(). (CVE-2017-13022)

  - The BOOTP parser in tcpdump before 4.9.2 has a buffer     over-read in print-bootp.c:bootp_print().
    (CVE-2017-13028)

  - The PIM parser in tcpdump before 4.9.2 has a buffer     over-read in print-pim.c, several functions.
    (CVE-2017-13030)

  - The IP parser in tcpdump before 4.9.2 has a buffer over-     read in print-ip.c:ip_printts(). (CVE-2017-13037)

  - The PPP parser in tcpdump before 4.9.2 has a buffer     over-read in print-ppp.c:handle_mlppp().
    (CVE-2017-13038)

  - The HNCP parser in tcpdump before 4.9.2 has a buffer     over-read in print-hncp.c:dhcpv6_print().
    (CVE-2017-13042)

  - The HNCP parser in tcpdump before 4.9.2 has a buffer     over-read in print-hncp.c:dhcpv4_print().
    (CVE-2017-13044)

  - The VQP parser in tcpdump before 4.9.2 has a buffer     over-read in print-vqp.c:vqp_print(). (CVE-2017-13045)

  - The RSVP parser in tcpdump before 4.9.2 has a buffer     over-read in print-rsvp.c:rsvp_obj_print().
    (CVE-2017-13048, CVE-2017-13051)

  - The Rx protocol parser in tcpdump before 4.9.2 has a     buffer over-read in print-rx.c:ubik_print().
    (CVE-2017-13049)

  - The CFM parser in tcpdump before 4.9.2 has a buffer     over-read in print-cfm.c:cfm_print(). (CVE-2017-13052)

  - The OLSR parser in tcpdump before 4.9.2 has a buffer     over-read in print-olsr.c:olsr_print(). (CVE-2017-13688)

  - The IKEv1 parser in tcpdump before 4.9.2 has a buffer     over-read in print-isakmp.c:ikev1_id_print().
    (CVE-2017-13689)

  - tcpdump 4.9.0 has a heap-based buffer over-read in the     lldp_print function in print-lldp.c, related to util-     print.c. (CVE-2017-11541)

  - tcpdump 4.9.0 has a heap-based buffer over-read in the     pimv1_print function in print-pim.c. (CVE-2017-11542)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote host is running a version of Mac OS X that is 10.13.x prior to 10.13.1. It is, therefore, affected by multiple vulnerabilities in the following components :

 - APFS
 - curl
 - Dictionary Widget
 - Kernel
 - StreamingZip
 - tcpdump
 - Wi-Fi

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

An update of the tcpdump package has been released.

An update of [tcpdump] packages for PhotonOS has been released.

The remote host is running Mac OS X 10.11.6 or Mac OS X 10.12.6 and is missing a security update. It is therefore, affected by multiple vulnerabilities affecting the following components :

  - 802.1X
  - apache
  - AppleScript
  - ATS
  - Audio
  - CFString
  - CoreText
  - curl
  - Dictionary Widget
  - file
  - Fonts
  - fsck_msdos
  - HFS
  - Heimdal
  - HelpViewer
  - ImageIO
  - Kernel
  - libarchive
  - Open Scripting Architecture
  - PCRE
  - Postfix
  - Quick Look
  - QuickTime
  - Remote Management
  - Sandbox
  - StreamingZip
  - tcpdump
  - Wi-Fi

The remote host is running a version of Mac OS X that is 10.13.x prior to 10.13.1. It is, therefore, affected by multiple vulnerabilities in the following components :

  - APFS
  - curl
  - Dictionary Widget
  - Kernel
  - StreamingZip
  - tcpdump
  - Wi-Fi

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

This update for tcpdump to version 4.9.2 fixes several issues.

These security issues were fixed :

  - CVE-2017-11108: Prevent remote attackers to cause DoS     (heap-based buffer over-read and application crash) via     crafted packet data. The crash occured in the     EXTRACT_16BITS function, called from the stp_print     function for the Spanning Tree Protocol (bsc#1047873,     bsc#1057247).

  - CVE-2017-11543: Prevent buffer overflow in the     sliplink_print function in print-sl.c that allowed     remote DoS (bsc#1057247).

  - CVE-2017-13011: Prevent buffer overflow in     bittok2str_internal() that allowed remote DoS     (bsc#1057247)

  - CVE-2017-12989: Prevent infinite loop in the RESP parser     that allowed remote DoS (bsc#1057247)

  - CVE-2017-12990: Prevent infinite loop in the ISAKMP     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-12995: Prevent infinite loop in the DNS parser     that allowed remote DoS (bsc#1057247)

  - CVE-2017-12997: Prevent infinite loop in the LLDP parser     that allowed remote DoS (bsc#1057247)

  - CVE-2017-11541: Prevent heap-based buffer over-read in     the lldp_print function in print-lldp.c, related to     util-print.c that allowed remote DoS (bsc#1057247).

  - CVE-2017-11542: Prevent heap-based buffer over-read in     the pimv1_print function in print-pim.c that allowed     remote DoS (bsc#1057247).

  - CVE-2017-12893: Prevent buffer over-read in the SMB/CIFS     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-12894: Prevent buffer over-read in several     protocol parsers that allowed remote DoS (bsc#1057247)

  - CVE-2017-12895: Prevent buffer over-read in the ICMP     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-12896: Prevent buffer over-read in the ISAKMP     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-12897: Prevent buffer over-read in the ISO CLNS     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-12898: Prevent buffer over-read in the NFS     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-12899: Prevent buffer over-read in the DECnet     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-12900: Prevent buffer over-read in the in     several protocol parsers that allowed remote DoS     (bsc#1057247)

  - CVE-2017-12901: Prevent buffer over-read in the EIGRP     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-12902: Prevent buffer over-read in the Zephyr     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-12985: Prevent buffer over-read in the IPv6     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-12986: Prevent buffer over-read in the IPv6     routing header parser that allowed remote DoS     (bsc#1057247)

  - CVE-2017-12987: Prevent buffer over-read in the 802.11     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-12988: Prevent buffer over-read in the telnet     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-12991: Prevent buffer over-read in the BGP     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-12992: Prevent buffer over-read in the RIPng     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-12993: Prevent buffer over-read in the Juniper     protocols parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-12994: Prevent buffer over-read in the BGP     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-12996: Prevent buffer over-read in the PIMv2     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-12998: Prevent buffer over-read in the IS-IS     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-12999: Prevent buffer over-read in the IS-IS     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13000: Prevent buffer over-read in the IEEE     802.15.4 parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13001: Prevent buffer over-read in the NFS     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13002: Prevent buffer over-read in the AODV     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13003: Prevent buffer over-read in the LMP     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13004: Prevent buffer over-read in the Juniper     protocols parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13005: Prevent buffer over-read in the NFS     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13006: Prevent buffer over-read in the L2TP     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13007: Prevent buffer over-read in the Apple     PKTAP parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13008: Prevent buffer over-read in the IEEE     802.11 parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13009: Prevent buffer over-read in the IPv6     mobility parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13010: Prevent buffer over-read in the BEEP     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13012: Prevent buffer over-read in the ICMP     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13013: Prevent buffer over-read in the ARP     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13014: Prevent buffer over-read in the White     Board protocol parser that allowed remote DoS     (bsc#1057247)

  - CVE-2017-13015: Prevent buffer over-read in the EAP     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13016: Prevent buffer over-read in the ISO     ES-IS parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13017: Prevent buffer over-read in the DHCPv6     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13018: Prevent buffer over-read in the PGM     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13019: Prevent buffer over-read in the PGM     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13020: Prevent buffer over-read in the VTP     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13021: Prevent buffer over-read in the ICMPv6     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13022: Prevent buffer over-read in the IP     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13023: Prevent buffer over-read in the IPv6     mobility parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13024: Prevent buffer over-read in the IPv6     mobility parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13025: Prevent buffer over-read in the IPv6     mobility parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13026: Prevent buffer over-read in the ISO     IS-IS parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13027: Prevent buffer over-read in the LLDP     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13028: Prevent buffer over-read in the BOOTP     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13029: Prevent buffer over-read in the PPP     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13030: Prevent buffer over-read in the PIM     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13031: Prevent buffer over-read in the IPv6     fragmentation header parser that allowed remote DoS     (bsc#1057247)

  - CVE-2017-13032: Prevent buffer over-read in the RADIUS     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13033: Prevent buffer over-read in the VTP     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13034: Prevent buffer over-read in the PGM     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13035: Prevent buffer over-read in the ISO     IS-IS parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13036: Prevent buffer over-read in the OSPFv3     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13037: Prevent buffer over-read in the IP     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13038: Prevent buffer over-read in the PPP     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13039: Prevent buffer over-read in the ISAKMP     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13040: Prevent buffer over-read in the MPTCP     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13041: Prevent buffer over-read in the ICMPv6     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13042: Prevent buffer over-read in the HNCP     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13043: Prevent buffer over-read in the BGP     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13044: Prevent buffer over-read in the HNCP     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13045: Prevent buffer over-read in the VQP     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13046: Prevent buffer over-read in the BGP     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13047: Prevent buffer over-read in the ISO     ES-IS parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13048: Prevent buffer over-read in the RSVP     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13049: Prevent buffer over-read in the Rx     protocol parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13050: Prevent buffer over-read in the     RPKI-Router parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13051: Prevent buffer over-read in the RSVP     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13052: Prevent buffer over-read in the CFM     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13053: Prevent buffer over-read in the BGP     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13054: Prevent buffer over-read in the LLDP     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13055: Prevent buffer over-read in the ISO     IS-IS parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13687: Prevent buffer over-read in the Cisco     HDLC parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13688: Prevent buffer over-read in the OLSR     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13689: Prevent buffer over-read in the IKEv1     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13690: Prevent buffer over-read in the IKEv2     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13725: Prevent buffer over-read in the IPv6     routing header parser that allowed remote DoS     (bsc#1057247)

  - Prevent segmentation fault in ESP decoder with OpenSSL     1.1 (bsc#1057247)

This update was imported from the SUSE:SLE-12:Update update project.

This update for tcpdump to version 4.9.2 fixes several issues. These security issues were fixed :

  - CVE-2017-11108: Prevent remote attackers to cause DoS     (heap-based buffer over-read and application crash) via     crafted packet data. The crash occured in the     EXTRACT_16BITS function, called from the stp_print     function for the Spanning Tree Protocol (bsc#1047873,     bsc#1057247).

  - CVE-2017-11543: Prevent buffer overflow in the     sliplink_print function in print-sl.c that allowed     remote DoS (bsc#1057247).

  - CVE-2017-13011: Prevent buffer overflow in     bittok2str_internal() that allowed remote DoS     (bsc#1057247)

  - CVE-2017-12989: Prevent infinite loop in the RESP parser     that allowed remote DoS (bsc#1057247)

  - CVE-2017-12990: Prevent infinite loop in the ISAKMP     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-12995: Prevent infinite loop in the DNS parser     that allowed remote DoS (bsc#1057247)

  - CVE-2017-12997: Prevent infinite loop in the LLDP parser     that allowed remote DoS (bsc#1057247)

  - CVE-2017-11541: Prevent heap-based buffer over-read in     the lldp_print function in print-lldp.c, related to     util-print.c that allowed remote DoS (bsc#1057247).

  - CVE-2017-11542: Prevent heap-based buffer over-read in     the pimv1_print function in print-pim.c that allowed     remote DoS (bsc#1057247).

  - CVE-2017-12893: Prevent buffer over-read in the SMB/CIFS     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-12894: Prevent buffer over-read in several     protocol parsers that allowed remote DoS (bsc#1057247)

  - CVE-2017-12895: Prevent buffer over-read in the ICMP     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-12896: Prevent buffer over-read in the ISAKMP     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-12897: Prevent buffer over-read in the ISO CLNS     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-12898: Prevent buffer over-read in the NFS     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-12899: Prevent buffer over-read in the DECnet     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-12900: Prevent buffer over-read in the in     several protocol parsers that allowed remote DoS     (bsc#1057247)

  - CVE-2017-12901: Prevent buffer over-read in the EIGRP     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-12902: Prevent buffer over-read in the Zephyr     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-12985: Prevent buffer over-read in the IPv6     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-12986: Prevent buffer over-read in the IPv6     routing header parser that allowed remote DoS     (bsc#1057247)

  - CVE-2017-12987: Prevent buffer over-read in the 802.11     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-12988: Prevent buffer over-read in the telnet     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-12991: Prevent buffer over-read in the BGP     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-12992: Prevent buffer over-read in the RIPng     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-12993: Prevent buffer over-read in the Juniper     protocols parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-12994: Prevent buffer over-read in the BGP     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-12996: Prevent buffer over-read in the PIMv2     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-12998: Prevent buffer over-read in the IS-IS     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-12999: Prevent buffer over-read in the IS-IS     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13000: Prevent buffer over-read in the IEEE     802.15.4 parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13001: Prevent buffer over-read in the NFS     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13002: Prevent buffer over-read in the AODV     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13003: Prevent buffer over-read in the LMP     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13004: Prevent buffer over-read in the Juniper     protocols parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13005: Prevent buffer over-read in the NFS     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13006: Prevent buffer over-read in the L2TP     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13007: Prevent buffer over-read in the Apple     PKTAP parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13008: Prevent buffer over-read in the IEEE     802.11 parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13009: Prevent buffer over-read in the IPv6     mobility parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13010: Prevent buffer over-read in the BEEP     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13012: Prevent buffer over-read in the ICMP     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13013: Prevent buffer over-read in the ARP     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13014: Prevent buffer over-read in the White     Board protocol parser that allowed remote DoS     (bsc#1057247)

  - CVE-2017-13015: Prevent buffer over-read in the EAP     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13016: Prevent buffer over-read in the ISO     ES-IS parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13017: Prevent buffer over-read in the DHCPv6     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13018: Prevent buffer over-read in the PGM     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13019: Prevent buffer over-read in the PGM     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13020: Prevent buffer over-read in the VTP     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13021: Prevent buffer over-read in the ICMPv6     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13022: Prevent buffer over-read in the IP     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13023: Prevent buffer over-read in the IPv6     mobility parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13024: Prevent buffer over-read in the IPv6     mobility parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13025: Prevent buffer over-read in the IPv6     mobility parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13026: Prevent buffer over-read in the ISO     IS-IS parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13027: Prevent buffer over-read in the LLDP     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13028: Prevent buffer over-read in the BOOTP     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13029: Prevent buffer over-read in the PPP     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13030: Prevent buffer over-read in the PIM     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13031: Prevent buffer over-read in the IPv6     fragmentation header parser that allowed remote DoS     (bsc#1057247)

  - CVE-2017-13032: Prevent buffer over-read in the RADIUS     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13033: Prevent buffer over-read in the VTP     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13034: Prevent buffer over-read in the PGM     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13035: Prevent buffer over-read in the ISO     IS-IS parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13036: Prevent buffer over-read in the OSPFv3     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13037: Prevent buffer over-read in the IP     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13038: Prevent buffer over-read in the PPP     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13039: Prevent buffer over-read in the ISAKMP     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13040: Prevent buffer over-read in the MPTCP     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13041: Prevent buffer over-read in the ICMPv6     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13042: Prevent buffer over-read in the HNCP     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13043: Prevent buffer over-read in the BGP     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13044: Prevent buffer over-read in the HNCP     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13045: Prevent buffer over-read in the VQP     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13046: Prevent buffer over-read in the BGP     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13047: Prevent buffer over-read in the ISO     ES-IS parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13048: Prevent buffer over-read in the RSVP     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13049: Prevent buffer over-read in the Rx     protocol parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13050: Prevent buffer over-read in the     RPKI-Router parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13051: Prevent buffer over-read in the RSVP     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13052: Prevent buffer over-read in the CFM     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13053: Prevent buffer over-read in the BGP     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13054: Prevent buffer over-read in the LLDP     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13055: Prevent buffer over-read in the ISO     IS-IS parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13687: Prevent buffer over-read in the Cisco     HDLC parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13688: Prevent buffer over-read in the OLSR     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13689: Prevent buffer over-read in the IKEv1     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13690: Prevent buffer over-read in the IKEv2     parser that allowed remote DoS (bsc#1057247)

  - CVE-2017-13725: Prevent buffer over-read in the IPv6     routing header parser that allowed remote DoS     (bsc#1057247)

  - Prevent segmentation fault in ESP decoder with OpenSSL     1.1 (bsc#1057247)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for tcpdump fixes the following issues: Security issues fixed :

  - CVE-2017-11108: Crafted input allowed remote DoS     (bsc#1047873)

  - CVE-2017-11541: Prevent a heap-based buffer over-read in     the lldp_print function in print-lldp.c, related to     util-print.c (bsc#1057247).

  - CVE-2017-11542: Prevent a heap-based buffer over-read in     the pimv1_print function in print-pim.c (bsc#1057247).

  - CVE-2017-11543: Prevent a buffer overflow in the     sliplink_print function in print-sl.c (bsc#1057247).

  - CVE-2017-13011: Several protocol parsers in tcpdump     could have caused a buffer overflow in     util-print.c:bittok2str_internal() (bsc#1057247).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

tcpdump developers report :

Too many issues to detail, see CVE references for details.

The remote host is affected by the vulnerability described in GLSA-201709-23 (Tcpdump: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Tcpdump. Please review       the referenced CVE identifiers for details.
  Impact :

    A remote attacker could possibly execute arbitrary code with the       privileges of the process or cause a Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

Wilfried Kirsch discovered a buffer overflow in the SLIP decoder in tcpdump. A remote attacker could use this to cause a denial of service (application crash) or possibly execute arbitrary code.
(CVE-2017-11543)

Bhargava Shastry discovered a buffer overflow in the bitfield converter utility function bittok2str_internal() in tcpdump. A remote attacker could use this to cause a denial of service (application crash) or possibly execute arbitrary code. (CVE-2017-13011)

Otto Airamo and Antti Levomaki discovered logic errors in different protocol parsers in tcpdump that could lead to an infinite loop. A remote attacker could use these to cause a denial of service (application hang). CVE-2017-12989, CVE-2017-12990, CVE-2017-12995, CVE-2017-12997)

Otto Airamo, Brian Carpenter, Yannick Formaggio, Kamil Frankowicz, Katie Holly, Kim Gwan Yeong, Antti Levomaki, Henri Salo, and Bhargava Shastry discovered out-of-bounds reads in muliptle protocol parsers in tcpdump. A remote attacker could use these to cause a denial of service (application crash). (CVE-2017-11108, CVE-2017-11541, CVE-2017-11542, CVE-2017-12893, CVE-2017-12894, CVE-2017-12895, CVE-2017-12896, CVE-2017-12897, CVE-2017-12898, CVE-2017-12899, CVE-2017-12900, CVE-2017-12901, CVE-2017-12902, CVE-2017-12985, CVE-2017-12986, CVE-2017-12987, CVE-2017-12988, CVE-2017-12991, CVE-2017-12992, CVE-2017-12993, CVE-2017-12994, CVE-2017-12996, CVE-2017-12998, CVE-2017-12999, CVE-2017-13000, CVE-2017-13001, CVE-2017-13002, CVE-2017-13003, CVE-2017-13004, CVE-2017-13005, CVE-2017-13006, CVE-2017-13007, CVE-2017-13008, CVE-2017-13009, CVE-2017-13010, CVE-2017-13012, CVE-2017-13013, CVE-2017-13014, CVE-2017-13015, CVE-2017-13016, CVE-2017-13017, CVE-2017-13018, CVE-2017-13019, CVE-2017-13020, CVE-2017-13021, CVE-2017-13022, CVE-2017-13023, CVE-2017-13024, CVE-2017-13025, CVE-2017-13026, CVE-2017-13027, CVE-2017-13028, CVE-2017-13029, CVE-2017-13030, CVE-2017-13031, CVE-2017-13032, CVE-2017-13033, CVE-2017-13034, CVE-2017-13035, CVE-2017-13036, CVE-2017-13037, CVE-2017-13038, CVE-2017-13039, CVE-2017-13040, CVE-2017-13041, CVE-2017-13042, CVE-2017-13043, CVE-2017-13044, CVE-2017-13045, CVE-2017-13046, CVE-2017-13047, CVE-2017-13048, CVE-2017-13049, CVE-2017-13050, CVE-2017-13051, CVE-2017-13052, CVE-2017-13053, CVE-2017-13054, CVE-2017-13055, CVE-2017-13687, CVE-2017-13688, CVE-2017-13689, CVE-2017-13690, CVE-2017-13725).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several vulnerabilities have been discovered in tcpdump, a command-line network traffic analyzer. These vulnerabilities might result in denial of service or, potentially, execution of arbitrary code.

New tcpdump packages are available for Slackware 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.

Several vulnerabilities have been discovered in tcpdump, a command-line network traffic analyzer. These vulnerabilities might result in denial of service (application crash).

For Debian 7 'Wheezy', these problems have been fixed in version 4.9.0-1~deb7u2.

We recommend that you upgrade your tcpdump packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
132209	EulerOS 2.0 SP3 : tcpdump (EulerOS-SA-2019-2674)	Nessus	Huawei Local Security Checks	high
131589	EulerOS 2.0 SP2 : tcpdump (EulerOS-SA-2019-2435)	Nessus	Huawei Local Security Checks	high
127275	NewStart CGSL CORE 5.04 / MAIN 5.04 : tcpdump Multiple Vulnerabilities (NS-SA-2019-0071)	Nessus	NewStart CGSL Local Security Checks	high
700512	macOS 10.13.x < 10.13.1 Multiple Vulnerabilities	Nessus Network Monitor	Operating System Detection	critical
121730	Photon OS 1.0: Tcpdump PHSA-2017-0033	Nessus	PhotonOS Local Security Checks	high
111882	Photon OS 1.0: Tcpdump PHSA-2017-0033 (deprecated)	Nessus	PhotonOS Local Security Checks	high
104379	macOS and Mac OS X Multiple Vulnerabilities (Security Update 2017-001 and 2017-004)	Nessus	MacOS X Local Security Checks	critical
104378	macOS 10.13.x < 10.13.1 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	high
104239	openSUSE Security Update : tcpdump (openSUSE-2017-1205)	Nessus	SuSE Local Security Checks	high
104208	SUSE SLED12 / SLES12 Security Update : tcpdump (SUSE-SU-2017:2854-1)	Nessus	SuSE Local Security Checks	high
103769	SUSE SLES11 Security Update : tcpdump (SUSE-SU-2017:2690-1)	Nessus	SuSE Local Security Checks	high
103484	FreeBSD : tcpdump -- multiple vulnerabilities (eb03d642-6724-472d-b038-f2bf074e1fc8)	Nessus	FreeBSD Local Security Checks	high
103462	GLSA-201709-23 : Tcpdump: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
103218	Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : tcpdump vulnerabilities (USN-3415-1)	Nessus	Ubuntu Local Security Checks	high
103148	Debian DSA-3971-1 : tcpdump - security update	Nessus	Debian Local Security Checks	high
103091	Slackware 13.37 / 14.0 / 14.1 / 14.2 / current : tcpdump (SSA:2017-251-03)	Nessus	Slackware Local Security Checks	high
102982	Debian DLA-1090-1 : tcpdump security update	Nessus	Debian Local Security Checks	high
100472	AIX 5.3 TL 12 : tcpdump (IV94729)	Nessus	AIX Local Security Checks	high
100471	AIX 6.1 TL 9 : tcpdump (IV94728)	Nessus	AIX Local Security Checks	high
100470	AIX 7.1 TL 3 : tcpdump (IV94727)	Nessus	AIX Local Security Checks	high
100469	AIX 7.1 TL 4 : tcpdump (IV94726)	Nessus	AIX Local Security Checks	high
100468	AIX 7.2 TL 0 : tcpdump (IV94724)	Nessus	AIX Local Security Checks	high
100467	AIX 7.2 TL 1 : tcpdump (IV94723)	Nessus	AIX Local Security Checks	high

CVE-2017-11542

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins