RHEL 7 : tcpdump (RHSA-2017:1871)
critical Nessus Plugin ID 102148
Language:
New! Plugin Severity Now Using CVSS v3
The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Synopsis
The remote Red Hat host is missing one or more security updates.Description
An update for tcpdump is now available for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
The tcpdump packages contain the tcpdump utility for monitoring network traffic. The tcpdump utility can capture and display the packet headers on a particular network interface or on all interfaces.
The following packages have been upgraded to a later upstream version:
tcpdump (4.9.0). (BZ#1422473)
Security Fix(es) :
* Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (without -w) which could cause it to display incorrect data, crash or enter an infinite loop. (CVE-2015-0261, CVE-2015-2153, CVE-2015-2154, CVE-2015-2155, CVE-2016-7922, CVE-2016-7923, CVE-2016-7924, CVE-2016-7925, CVE-2016-7926, CVE-2016-7927, CVE-2016-7928, CVE-2016-7929, CVE-2016-7930, CVE-2016-7931, CVE-2016-7932, CVE-2016-7933, CVE-2016-7934, CVE-2016-7935, CVE-2016-7936, CVE-2016-7937, CVE-2016-7938, CVE-2016-7939, CVE-2016-7940, CVE-2016-7973, CVE-2016-7974, CVE-2016-7975, CVE-2016-7983, CVE-2016-7984, CVE-2016-7985, CVE-2016-7986, CVE-2016-7992, CVE-2016-7993, CVE-2016-8574, CVE-2016-8575, CVE-2017-5202, CVE-2017-5203, CVE-2017-5204, CVE-2017-5205, CVE-2017-5341, CVE-2017-5342, CVE-2017-5482, CVE-2017-5483, CVE-2017-5484, CVE-2017-5485, CVE-2017-5486)
Red Hat would like to thank the Tcpdump project for reporting CVE-2016-7922, CVE-2016-7923, CVE-2016-7924, CVE-2016-7925, CVE-2016-7926, CVE-2016-7927, CVE-2016-7928, CVE-2016-7929, CVE-2016-7930, CVE-2016-7931, CVE-2016-7932, CVE-2016-7933, CVE-2016-7934, CVE-2016-7935, CVE-2016-7936, CVE-2016-7937, CVE-2016-7938, CVE-2016-7939, CVE-2016-7940, CVE-2016-7973, CVE-2016-7974, CVE-2016-7975, CVE-2016-7983, CVE-2016-7984, CVE-2016-7985, CVE-2016-7986, CVE-2016-7992, CVE-2016-7993, CVE-2016-8574, CVE-2016-8575, CVE-2017-5202, CVE-2017-5203, CVE-2017-5204, CVE-2017-5205, CVE-2017-5341, CVE-2017-5342, CVE-2017-5482, CVE-2017-5483, CVE-2017-5484, CVE-2017-5485, and CVE-2017-5486.
Additional Changes :
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.
Solution
Update the affected tcpdump and / or tcpdump-debuginfo packages.See Also
http://www.nessus.org/u?3395ff0b
https://access.redhat.com/errata/RHSA-2017:1871
https://access.redhat.com/security/cve/cve-2015-0261
https://access.redhat.com/security/cve/cve-2015-2153
https://access.redhat.com/security/cve/cve-2015-2154
https://access.redhat.com/security/cve/cve-2015-2155
https://access.redhat.com/security/cve/cve-2016-7922
https://access.redhat.com/security/cve/cve-2016-7923
https://access.redhat.com/security/cve/cve-2016-7924
https://access.redhat.com/security/cve/cve-2016-7925
https://access.redhat.com/security/cve/cve-2016-7926
https://access.redhat.com/security/cve/cve-2016-7927
https://access.redhat.com/security/cve/cve-2016-7928
https://access.redhat.com/security/cve/cve-2016-7929
https://access.redhat.com/security/cve/cve-2016-7930
https://access.redhat.com/security/cve/cve-2016-7931
https://access.redhat.com/security/cve/cve-2016-7932
https://access.redhat.com/security/cve/cve-2016-7933
https://access.redhat.com/security/cve/cve-2016-7934
https://access.redhat.com/security/cve/cve-2016-7935
https://access.redhat.com/security/cve/cve-2016-7936
https://access.redhat.com/security/cve/cve-2016-7937
https://access.redhat.com/security/cve/cve-2016-7938
https://access.redhat.com/security/cve/cve-2016-7939
https://access.redhat.com/security/cve/cve-2016-7940
https://access.redhat.com/security/cve/cve-2016-7973
https://access.redhat.com/security/cve/cve-2016-7974
https://access.redhat.com/security/cve/cve-2016-7975
https://access.redhat.com/security/cve/cve-2016-7983
https://access.redhat.com/security/cve/cve-2016-7984
https://access.redhat.com/security/cve/cve-2016-7985
https://access.redhat.com/security/cve/cve-2016-7986
https://access.redhat.com/security/cve/cve-2016-7992
https://access.redhat.com/security/cve/cve-2016-7993
https://access.redhat.com/security/cve/cve-2016-8574
https://access.redhat.com/security/cve/cve-2016-8575
https://access.redhat.com/security/cve/cve-2017-5202
https://access.redhat.com/security/cve/cve-2017-5203
https://access.redhat.com/security/cve/cve-2017-5204
https://access.redhat.com/security/cve/cve-2017-5205
https://access.redhat.com/security/cve/cve-2017-5341
https://access.redhat.com/security/cve/cve-2017-5342
https://access.redhat.com/security/cve/cve-2017-5482
https://access.redhat.com/security/cve/cve-2017-5483
https://access.redhat.com/security/cve/cve-2017-5484
Plugin Details
Severity: Critical
ID: 102148
File Name: redhat-RHSA-2017-1871.nasl
Version: 3.11
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 8/3/2017
Updated: 10/24/2019
Dependencies: ssh_get_info.nasl
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.9
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Temporal Vector: E:POC/RL:OF/RC:C
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 8.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: E:P/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:redhat:enterprise_linux:tcpdump, p-cpe:/a:redhat:enterprise_linux:tcpdump-debuginfo, cpe:/o:redhat:enterprise_linux:7, cpe:/o:redhat:enterprise_linux:7.4, cpe:/o:redhat:enterprise_linux:7.5, cpe:/o:redhat:enterprise_linux:7.6, cpe:/o:redhat:enterprise_linux:7.7
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 8/1/2017
Vulnerability Publication Date: 3/24/2015
Reference Information
CVE: CVE-2015-0261, CVE-2015-2153, CVE-2015-2154, CVE-2015-2155, CVE-2016-7922, CVE-2016-7923, CVE-2016-7924, CVE-2016-7925, CVE-2016-7926, CVE-2016-7927, CVE-2016-7928, CVE-2016-7929, CVE-2016-7930, CVE-2016-7931, CVE-2016-7932, CVE-2016-7933, CVE-2016-7934, CVE-2016-7935, CVE-2016-7936, CVE-2016-7937, CVE-2016-7938, CVE-2016-7939, CVE-2016-7940, CVE-2016-7973, CVE-2016-7974, CVE-2016-7975, CVE-2016-7983, CVE-2016-7984, CVE-2016-7985, CVE-2016-7986, CVE-2016-7992, CVE-2016-7993, CVE-2016-8574, CVE-2016-8575, CVE-2017-5202, CVE-2017-5203, CVE-2017-5204, CVE-2017-5205, CVE-2017-5341, CVE-2017-5342, CVE-2017-5482, CVE-2017-5483, CVE-2017-5484, CVE-2017-5485, CVE-2017-5486
RHSA: 2017:1871