106098

https://github.com/zyingp/temp/blob/master/tcpdump.md

FEDORA-2019-6db0d5b9d9

FEDORA-2019-d06bc63433

FEDORA-2019-85d92df70f

Multiple security issues were discovered in tcpdump. A remote attacker could use these issues to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

In tcpdump 4.9.2, a stack-based buffer over-read exists in the print_prefix function of print-hncp.c via crafted packet data because of missing initialization. (CVE-2018-19519)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has tcpdump packages installed that are affected by a vulnerability:

  - In tcpdump 4.9.2, a stack-based buffer over-read exists     in the print_prefix function of print-hncp.c via crafted     packet data because of missing initialization.
    (CVE-2018-19519)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to the versions of the tcpdump package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :

  - tcpdump.org tcpdump 4.9.2 is affected by: CWE-126:
    Buffer Over-read. The impact is: May expose Saved Frame     Pointer, Return Address etc. on stack. The component     is: line 234: 'ND_PRINT((ndo, '%s', buf))', in function     named 'print_prefix', in 'print-hncp.c'. The attack     vector is: The victim must open a specially crafted     pcap file.(CVE-2019-1010220)

  - In tcpdump 4.9.2, a stack-based buffer over-read exists     in the print_prefix function of print-hncp.c via     crafted packet data because of missing     initialization.(CVE-2018-19519)

  - This candidate has been reserved by an organization or     individual that will use it when announcing a new     security problem. When the candidate has been     publicized, the details for this candidate will be     provided.(CVE-2019-15167)

  - lmp_print_data_link_subobjs() in print-lmp.c in tcpdump     before 4.9.3 lacks certain bounds     checks.(CVE-2019-15166)

  - The HNCP parser in tcpdump before 4.9.3 has a buffer     over-read in     print-hncp.c:print_prefix().(CVE-2018-16228)

  - The BGP parser in tcpdump before 4.9.3 allows stack     consumption in print-bgp.c:bgp_attr_print() because of     unlimited recursion.(CVE-2018-16300)

  - The SMB parser in tcpdump before 4.9.3 has stack     exhaustion in smbutil.c:smb_fdata() via     recursion.(CVE-2018-16452)

  - The BGP parser in tcpdump before 4.9.3 has a buffer     over-read in print-bgp.c:bgp_attr_print()     (MP_REACH_NLRI).(CVE-2018-16230)

  - libpcap before 1.9.1, as used in tcpdump before 4.9.3,     has a buffer overflow and/or over-read because of     errors in pcapng reading.(CVE-2018-16301)

  - The DCCP parser in tcpdump before 4.9.3 has a buffer     over-read in     print-dccp.c:dccp_print_option().(CVE-2018-16229)

  - The IEEE 802.11 parser in tcpdump before 4.9.3 has a     buffer over-read in print-802_11.c for the Mesh Flags     subfield.(CVE-2018-16227)

  - The ICMPv6 parser in tcpdump before 4.9.3 has a buffer     over-read in print-icmp6.c.(CVE-2018-14882)

  - The SMB parser in tcpdump before 4.9.3 has buffer     over-reads in print-smb.c:print_trans() for     \MAILSLOT\BROWSE and \PIPE\LANMAN.(CVE-2018-16451)

  - The OSPFv3 parser in tcpdump before 4.9.3 has a buffer     over-read in     print-ospf6.c:ospf6_print_lshdr().(CVE-2018-14880)

  - tcpdump before 4.9.3 mishandles the printing of SMB     data (issue 2 of 2).(CVE-2018-10105)

  - tcpdump before 4.9.3 mishandles the printing of SMB     data (issue 1 of 2).(CVE-2018-10103)

  - The BGP parser in tcpdump before 4.9.3 has a buffer     over-read in print-bgp.c:bgp_capabilities_print()     (BGP_CAPCODE_MP).(CVE-2018-14467)

  - The VRRP parser in tcpdump before 4.9.3 has a buffer     over-read in print-vrrp.c:vrrp_print().(CVE-2018-14463)

  - The LMP parser in tcpdump before 4.9.3 has a buffer     over-read in     print-lmp.c:lmp_print_data_link_subobjs().(CVE-2018-144     64)

  - The BGP parser in tcpdump before 4.9.3 has a buffer     over-read in print-bgp.c:bgp_capabilities_print()     (BGP_CAPCODE_RESTART).(CVE-2018-14881)

  - The RSVP parser in tcpdump before 4.9.3 has a buffer     over-read in     print-rsvp.c:rsvp_obj_print().(CVE-2018-14465)

  - The ICMP parser in tcpdump before 4.9.3 has a buffer     over-read in print-icmp.c:icmp_print().(CVE-2018-14462)

  - The LDP parser in tcpdump before 4.9.3 has a buffer     over-read in     print-ldp.c:ldp_tlv_print().(CVE-2018-14461)

  - The Rx parser in tcpdump before 4.9.3 has a buffer     over-read in print-rx.c:rx_cache_find() and     rx_cache_insert().(CVE-2018-14466)

  - The Babel parser in tcpdump before 4.9.3 has a buffer     over-read in     print-babel.c:babel_print_v2().(CVE-2018-14470)

  - The IKEv1 parser in tcpdump before 4.9.3 has a buffer     over-read in     print-isakmp.c:ikev1_n_print().(CVE-2018-14469)

  - The FRF.16 parser in tcpdump before 4.9.3 has a buffer     over-read in print-fr.c:mfr_print().(CVE-2018-14468)

  - tcpdump 4.9.2 has a heap-based buffer over-read related     to aoe_print in print-aoe.c and lookup_emem in     addrtoname.c.(CVE-2017-16808)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has tcpdump packages installed that are affected by a vulnerability:

  - In tcpdump 4.9.2, a stack-based buffer over-read exists     in the print_prefix function of print-hncp.c via crafted     packet data because of missing initialization.
    (CVE-2018-19519)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Security Fix(es) :

  - tcpdump: Stack-based buffer over-read in     print-hncp.c:print_prefix() via crafted pcap     (CVE-2018-19519)

An update for tcpdump is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section.

The tcpdump packages contain the tcpdump utility for monitoring network traffic. The tcpdump utility can capture and display the packet headers on a particular network interface or on all interfaces.

Security Fix(es) :

* tcpdump: Stack-based buffer over-read in print-hncp.c:print_prefix() via crafted pcap (CVE-2018-19519)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

From Red Hat Security Advisory 2019:3976 :

An update for tcpdump is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section.

The tcpdump packages contain the tcpdump utility for monitoring network traffic. The tcpdump utility can capture and display the packet headers on a particular network interface or on all interfaces.

Security Fix(es) :

* tcpdump: Stack-based buffer over-read in print-hncp.c:print_prefix() via crafted pcap (CVE-2018-19519)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

According to the versions of the tcpdump package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - The tcpdump packages contain the tcpdump utility for     monitoring network traffic. The tcpdump utility can     capture and display the packet headers on a particular     network interface or on all interfaces.Security     Fix(es):tcpdump before 4.9.3 has a heap-based buffer     over-read related to aoe_print in print-aoe.c and     lookup_emem in addrtoname.c.(CVE-2017-16808)The FRF.16     parser in tcpdump before 4.9.3 has a buffer over-read     in print-fr.c:mfr_print().(CVE-2018-14468)The IKEv1     parser in tcpdump before 4.9.3 has a buffer over-read     in print-isakmp.c:ikev1_n_print().(CVE-2018-14469)The     Babel parser in tcpdump before 4.9.3 has a buffer     over-read in     print-babel.c:babel_print_v2().(CVE-2018-14470)The Rx     parser in tcpdump before 4.9.3 has a buffer over-read     in print-rx.c:rx_cache_find() and     rx_cache_insert().(CVE-2018-14466)The LDP parser in     tcpdump before 4.9.3 has a buffer over-read in     print-ldp.c:ldp_tlv_print().(CVE-2018-14461)The ICMP     parser in tcpdump before 4.9.3 has a buffer over-read     in print-icmp.c:icmp_print().(CVE-2018-14462)The RSVP     parser in tcpdump before 4.9.3 has a buffer over-read     in print-rsvp.c:rsvp_obj_print().(CVE-2018-14465)The     BGP parser in tcpdump before 4.9.3 has a buffer     over-read in print-bgp.c:bgp_capabilities_print()     (BGP_CAPCODE_RESTART).(CVE-2018-14881)The LMP parser in     tcpdump before 4.9.3 has a buffer over-read in     print-lmp.c:lmp_print_data_link_subobjs().(CVE-2018-144     64)The VRRP parser in tcpdump before 4.9.3 has a buffer     over-read in     print-vrrp.c:vrrp_print().(CVE-2018-14463)The BGP     parser in tcpdump before 4.9.3 has a buffer over-read     in print-bgp.c:bgp_capabilities_print()     (BGP_CAPCODE_MP).(CVE-2018-14467)tcpdump before 4.9.3     mishandles the printing of SMB data (issue 1 of     2).(CVE-2018-10103)tcpdump before 4.9.3 mishandles the     printing of SMB data (issue 2 of 2).(CVE-2018-10105)The     OSPFv3 parser in tcpdump before 4.9.3 has a buffer     over-read in     print-ospf6.c:ospf6_print_lshdr().(CVE-2018-14880)The     SMB parser in tcpdump before 4.9.3 has buffer     over-reads in print-smb.c:print_trans() for     \MAILSLOT\BROWSE and \PIPE\LANMAN.(CVE-2018-16451)The     ICMPv6 parser in tcpdump before 4.9.3 has a buffer     over-read in print-icmp6.c.(CVE-2018-14882)The IEEE     802.11 parser in tcpdump before 4.9.3 has a buffer     over-read in print-802_11.c for the Mesh Flags     subfield.(CVE-2018-16227)The DCCP parser in tcpdump     before 4.9.3 has a buffer over-read in     print-dccp.c:dccp_print_option().(CVE-2018-16229)libpca     p before 1.9.1, as used in tcpdump before 4.9.3, has a     buffer overflow and/or over-read because of errors in     pcapng reading.(CVE-2018-16301)The BGP parser in     tcpdump before 4.9.3 has a buffer over-read in     print-bgp.c:bgp_attr_print()     (MP_REACH_NLRI).(CVE-2018-16230)The SMB parser in     tcpdump before 4.9.3 has stack exhaustion in     smbutil.c:smb_fdata() via recursion.(CVE-2018-16452)The     BGP parser in tcpdump before 4.9.3 allows stack     consumption in print-bgp.c:bgp_attr_print() because of     unlimited recursion.(CVE-2018-16300)The HNCP parser in     tcpdump before 4.9.3 has a buffer over-read in     print-hncp.c:print_prefix().(CVE-2018-16228)lmp_print_d     ata_link_subobjs() in print-lmp.c in tcpdump before     4.9.3 lacks certain bounds     checks.(CVE-2019-15166)tcpdump.org tcpdump 4.9.2 is     affected by: CWE-126: Buffer Over-read. The impact is:
    May expose Saved Frame Pointer, Return Address etc. on     stack. The component is: line 234: 'ND_PRINT((ndo,     '%s', buf))', in function named 'print_prefix', in     'print-hncp.c'. The attack vector is: The victim must     open a specially crafted pcap file.(CVE-2019-1010220)In     tcpdump 4.9.2, a stack-based buffer over-read exists in     the print_prefix function of print-hncp.c via crafted     packet data because of missing     initialization.(CVE-2018-19519)The command-line     argument parser in tcpdump before 4.9.3 has a buffer     overflow in tcpdump.c:get_next_file().(CVE-2018-14879)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the tcpdump package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - In tcpdump 4.9.2, a stack-based buffer over-read exists     in the print_prefix function of print-hncp.c via     crafted packet data because of missing     initialization.(CVE-2018-19519)

  - tcpdump 4.9.2 has a heap-based buffer over-read related     to aoe_print in print-aoe.c and lookup_emem in     addrtoname.c.(CVE-2017-16808)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the tcpdump package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - tcpdump.org tcpdump 4.9.2 is affected by: CWE-126:
    Buffer Over-read. The impact is: May expose Saved Frame     Pointer, Return Address etc. on stack. The victim must     open a specially crafted pcap file. (CVE-2019-1010220)

  - In tcpdump 4.9.2, a stack-based buffer over-read exists     in the print_prefix function of print-hncp.c via     crafted packet data because of missing     initialization.(CVE-2018-19519)

  - tcpdump 4.9.2 has a heap-based buffer over-read related     to aoe_print in print-aoe.c and lookup_emem in     addrtoname.c.(CVE-2017-16808)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

New version 4.9.3, Security fix for CVE-2017-16808, CVE-2018-14468, CVE-2018-14469, CVE-2018-14470, CVE-2018-14466, CVE-2018-14461, CVE-2018-14462, CVE-2018-14465, CVE-2018-14881, CVE-2018-14464, CVE-2018-14463, CVE-2018-14467, CVE-2018-10103, CVE-2018-10105, CVE-2018-14880, CVE-2018-16451, CVE-2018-14882, CVE-2018-16227, CVE-2018-16229, CVE-2018-16301, CVE-2018-16230, CVE-2018-16452, CVE-2018-16300, CVE-2018-16228, CVE-2019-15166, CVE-2019-15167, CVE-2017-16808, CVE-2018-14882, CVE-2018-19519

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An update of the tcpdump package has been released.

This update for tcpdump fixes the following issues :

Security issues fixed :

  - CVE-2018-19519: Fixed a stack-based buffer over-read in     the print_prefix function (bsc#1117267)

This update was imported from the SUSE:SLE-15:Update update project.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19519 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19519 Tcpdump is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the print_prefix function of print-hncp.c. By using a specially-crafted packet data, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.

This update for tcpdump fixes the following issues :

Security issues fixed :

CVE-2018-19519: Fixed a stack-based buffer over-read in the print_prefix function (bsc#1117267)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for tcpdump fixes the following security issue :

  - CVE-2018-19519: Fixed a stack-based buffer over-read in     the print_prefix function (bsc#1117267)

This update was imported from the SUSE:SLE-12:Update update project.

ID	Name	Product	Family	Severity
133291	Ubuntu 16.04 LTS / 18.04 LTS : tcpdump vulnerabilities (USN-4252-1)	Nessus	Ubuntu Local Security Checks	high
133095	Amazon Linux 2 : tcpdump (ALAS-2020-1385)	Nessus	Amazon Linux Local Security Checks	medium
133077	NewStart CGSL CORE 5.05 / MAIN 5.05 : tcpdump Vulnerability (NS-SA-2020-0008)	Nessus	NewStart CGSL Local Security Checks	medium
132826	EulerOS Virtualization for ARM 64 3.0.5.0 : tcpdump (EulerOS-SA-2020-1072)	Nessus	Huawei Local Security Checks	high
132500	NewStart CGSL CORE 5.04 / MAIN 5.04 : tcpdump Vulnerability (NS-SA-2019-0266)	Nessus	NewStart CGSL Local Security Checks	medium
131680	Scientific Linux Security Update : tcpdump on SL7.x x86_64 (20191202)	Nessus	Scientific Linux Local Security Checks	medium
131570	CentOS 7 : tcpdump (CESA-2019:3976)	Nessus	CentOS Local Security Checks	medium
131518	Oracle Linux 7 : tcpdump (ELSA-2019-3976)	Nessus	Oracle Linux Local Security Checks	medium
131377	RHEL 7 : tcpdump (RHSA-2019:3976)	Nessus	Red Hat Local Security Checks	medium
131371	EulerOS 2.0 SP8 : tcpdump (EulerOS-SA-2019-2305)	Nessus	Huawei Local Security Checks	high
130719	EulerOS 2.0 SP3 : tcpdump (EulerOS-SA-2019-2257)	Nessus	Huawei Local Security Checks	medium
130695	EulerOS 2.0 SP5 : tcpdump (EulerOS-SA-2019-2233)	Nessus	Huawei Local Security Checks	medium
130370	Fedora 31 : 14:tcpdump (2019-6db0d5b9d9)	Nessus	Fedora Local Security Checks	high
130321	Fedora 30 : 14:tcpdump (2019-d06bc63433)	Nessus	Fedora Local Security Checks	high
130308	Fedora 29 : 14:tcpdump (2019-85d92df70f)	Nessus	Fedora Local Security Checks	high
125162	Photon OS 1.0: Tcpdump PHSA-2019-1.0-0218	Nessus	PhotonOS Local Security Checks	medium
123155	openSUSE Security Update : tcpdump (openSUSE-2019-1016)	Nessus	SuSE Local Security Checks	medium
122429	AIX 7.2 TL 3 : tcpdump (IJ12983)	Nessus	AIX Local Security Checks	medium
122428	AIX 7.2 TL 2 : tcpdump (IJ12982)	Nessus	AIX Local Security Checks	medium
122427	AIX 7.2 TL 1 : tcpdump (IJ12981)	Nessus	AIX Local Security Checks	medium
122426	AIX 7.1 TL 5 : tcpdump (IJ12980)	Nessus	AIX Local Security Checks	medium
122425	AIX 7.1 TL 4 : tcpdump (IJ12979)	Nessus	AIX Local Security Checks	medium
120187	SUSE SLED15 / SLES15 Security Update : tcpdump (SUSE-SU-2018:4131-1)	Nessus	SuSE Local Security Checks	medium
119857	openSUSE Security Update : tcpdump (openSUSE-2018-1589)	Nessus	SuSE Local Security Checks	medium
119742	SUSE SLED12 / SLES12 Security Update : tcpdump (SUSE-SU-2018:4149-1)	Nessus	SuSE Local Security Checks	medium
119715	openSUSE Security Update : tcpdump (openSUSE-2018-1559)	Nessus	SuSE Local Security Checks	medium

CVE-2018-19519

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins