This script is Copyright (C) 2015 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing a security update.
Updated tcpdump package fixes security vulnerabilities :
The Tcpdump program could crash when processing a malformed OLSR
payload when the verbose output flag was set (CVE-2014-8767).
The application decoder for the Ad hoc On-Demand Distance Vector
(AODV) protocol in Tcpdump fails to perform input validation and
performs unsafe out-of-bound accesses. The application will usually
not crash, but perform out-of-bounds accesses and output/leak larger
amounts of invalid data, which might lead to dropped packets. It is
unknown if a payload exists that might trigger segfaults
It was discovered that tcpdump incorrectly handled printing PPP
packets. A remote attacker could use this issue to cause tcpdump to
crash, resulting in a denial of service, or possibly execute arbitrary
Several vulnerabilities have been discovered in tcpdump. These
vulnerabilities might result in denial of service (application crash)
or, potentially, execution of arbitrary code (CVE-2015-0261,
CVE-2015-2153, CVE-2015-2154, CVE-2015-2155).
See also :
Update the affected tcpdump package.
Risk factor :
High / CVSS Base Score : 7.5
Family: Mandriva Local Security Checks
Nessus Plugin ID: 82378 ()
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now