SUSE SLES11 Security Update : tcpdump (SUSE-SU-2019:14191-1)

critical Nessus Plugin ID 150563

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES11 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2019:14191-1 advisory.

- The SMB/CIFS parser in tcpdump before 4.9.2 has a buffer over-read in smbutil.c:name_len().
(CVE-2017-12893)

- Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in addrtoname.c:lookup_bytestring(). (CVE-2017-12894)

- The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:isakmp_rfc3948_print().
(CVE-2017-12896)

- The ISO CLNS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isoclns_print().
(CVE-2017-12897)

- The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:interp_reply().
(CVE-2017-12898)

- The DECnet parser in tcpdump before 4.9.2 has a buffer over-read in print-decnet.c:decnet_print().
(CVE-2017-12899)

- Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in util- print.c:tok2strbuf(). (CVE-2017-12900)

- The EIGRP parser in tcpdump before 4.9.2 has a buffer over-read in print-eigrp.c:eigrp_print().
(CVE-2017-12901)

- The Zephyr parser in tcpdump before 4.9.2 has a buffer over-read in print-zephyr.c, several functions.
(CVE-2017-12902)

- The IPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-ip6.c:ip6_print().
(CVE-2017-12985)

- The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print().
(CVE-2017-12986, CVE-2017-13725)

- The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements().
(CVE-2017-12987, CVE-2017-13008)

- The telnet parser in tcpdump before 4.9.2 has a buffer over-read in print-telnet.c:telnet_parse().
(CVE-2017-12988)

- The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print().
(CVE-2017-12991)

- The RIPng parser in tcpdump before 4.9.2 has a buffer over-read in print-ripng.c:ripng_print().
(CVE-2017-12992)

- The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print-juniper.c, several functions. (CVE-2017-12993)

- The DNS parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print- domain.c:ns_print(). (CVE-2017-12995)

- The PIMv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c:pimv2_print().
(CVE-2017-12996)

- The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print- isoclns.c:isis_print_extd_ip_reach(). (CVE-2017-12998)

- The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print().
(CVE-2017-12999)

- The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:nfs_printfh().
(CVE-2017-13001)

- The AODV parser in tcpdump before 4.9.2 has a buffer over-read in print-aodv.c:aodv_extension().
(CVE-2017-13002)

- The LMP parser in tcpdump before 4.9.2 has a buffer over-read in print-lmp.c:lmp_print(). (CVE-2017-13003)

- The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print- juniper.c:juniper_parse_header(). (CVE-2017-13004)

- The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:xid_map_enter().
(CVE-2017-13005)

- The L2TP parser in tcpdump before 4.9.2 has a buffer over-read in print-l2tp.c, several functions.
(CVE-2017-13006)

- The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print- mobility.c:mobility_print(). (CVE-2017-13009)

- The BEEP parser in tcpdump before 4.9.2 has a buffer over-read in print-beep.c:l_strnstart().
(CVE-2017-13010)

- The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp.c:icmp_print().
(CVE-2017-13012)

- The ARP parser in tcpdump before 4.9.2 has a buffer over-read in print-arp.c, several functions.
(CVE-2017-13013)

- The White Board protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-wb.c:wb_prep(), several functions. (CVE-2017-13014)

- The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esis_print().
(CVE-2017-13016, CVE-2017-13047)

- The DHCPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-dhcp6.c:dhcp6opt_print().
(CVE-2017-13017)

- The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print(). (CVE-2017-13018, CVE-2017-13019, CVE-2017-13034)

- The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_print().
(CVE-2017-13021)

- The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printroute().
(CVE-2017-13022)

- The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print- mobility.c:mobility_opt_print(). (CVE-2017-13023, CVE-2017-13024, CVE-2017-13025)

- The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_mgmt_addr_tlv_print().
(CVE-2017-13027)

- The BOOTP parser in tcpdump before 4.9.2 has a buffer over-read in print-bootp.c:bootp_print().
(CVE-2017-13028)

- The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:print_ccp_config_options().
(CVE-2017-13029)

- The PIM parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c, several functions.
(CVE-2017-13030)

- The IPv6 fragmentation header parser in tcpdump before 4.9.2 has a buffer over-read in print- frag6.c:frag6_print(). (CVE-2017-13031)

- The RADIUS parser in tcpdump before 4.9.2 has a buffer over-read in print-radius.c:print_attr_string().
(CVE-2017-13032)

- The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_id().
(CVE-2017-13035)

- The OSPFv3 parser in tcpdump before 4.9.2 has a buffer over-read in print-ospf6.c:ospf6_decode_v3().
(CVE-2017-13036)

- The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printts(). (CVE-2017-13037)

- The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:handle_mlppp().
(CVE-2017-13038)

- The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_nodeinfo_print().
(CVE-2017-13041)

- The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvp_obj_print().
(CVE-2017-13048, CVE-2017-13051)

- The Rx protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-rx.c:ubik_print().
(CVE-2017-13049)

- The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_rt_routing_info().
(CVE-2017-13053)

- The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print- isoclns.c:isis_print_is_reach_subtlv(). (CVE-2017-13055)

- The Cisco HDLC parser in tcpdump before 4.9.2 has a buffer over-read in print-chdlc.c:chdlc_print().
(CVE-2017-13687)

- The OLSR parser in tcpdump before 4.9.2 has a buffer over-read in print-olsr.c:olsr_print().
(CVE-2017-13688)

- The IKEv1 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:ikev1_id_print().
(CVE-2017-13689)

- tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2). (CVE-2018-10103)

- tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2). (CVE-2018-10105)

- The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print().
(CVE-2018-14461)

- The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().
(CVE-2018-14462)

- The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print().
(CVE-2018-14463)

- The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print- lmp.c:lmp_print_data_link_subobjs(). (CVE-2018-14464)

- The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().
(CVE-2018-14465)

- The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert(). (CVE-2018-14466)

- The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP). (CVE-2018-14467)

- The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().
(CVE-2018-14468)

- The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().
(CVE-2018-14469)

- The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART). (CVE-2018-14881)

- The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c. (CVE-2018-14882)

- The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().
(CVE-2018-16229)

- The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI). (CVE-2018-16230)

- The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion. (CVE-2018-16300)

- ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. (CVE-2018-16301)

- The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN. (CVE-2018-16451)

- The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion.
(CVE-2018-16452)

- lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.
(CVE-2019-15166)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected tcpdump package.

See Also

https://bugzilla.suse.com/1057247

https://bugzilla.suse.com/1153098

https://bugzilla.suse.com/1153332

http://www.nessus.org/u?e03f0e89

https://www.suse.com/security/cve/CVE-2017-12893

https://www.suse.com/security/cve/CVE-2017-12894

https://www.suse.com/security/cve/CVE-2017-12896

https://www.suse.com/security/cve/CVE-2017-12897

https://www.suse.com/security/cve/CVE-2017-12898

https://www.suse.com/security/cve/CVE-2017-12899

https://www.suse.com/security/cve/CVE-2017-12900

https://www.suse.com/security/cve/CVE-2017-12901

https://www.suse.com/security/cve/CVE-2017-12902

https://www.suse.com/security/cve/CVE-2017-12985

https://www.suse.com/security/cve/CVE-2017-12986

https://www.suse.com/security/cve/CVE-2017-12987

https://www.suse.com/security/cve/CVE-2017-12988

https://www.suse.com/security/cve/CVE-2017-12991

https://www.suse.com/security/cve/CVE-2017-12992

https://www.suse.com/security/cve/CVE-2017-12993

https://www.suse.com/security/cve/CVE-2017-12995

https://www.suse.com/security/cve/CVE-2017-12996

https://www.suse.com/security/cve/CVE-2017-12998

https://www.suse.com/security/cve/CVE-2017-12999

https://www.suse.com/security/cve/CVE-2017-13001

https://www.suse.com/security/cve/CVE-2017-13002

https://www.suse.com/security/cve/CVE-2017-13003

https://www.suse.com/security/cve/CVE-2017-13004

https://www.suse.com/security/cve/CVE-2017-13005

https://www.suse.com/security/cve/CVE-2017-13006

https://www.suse.com/security/cve/CVE-2017-13008

https://www.suse.com/security/cve/CVE-2017-13009

https://www.suse.com/security/cve/CVE-2017-13010

https://www.suse.com/security/cve/CVE-2017-13012

https://www.suse.com/security/cve/CVE-2017-13013

https://www.suse.com/security/cve/CVE-2017-13014

https://www.suse.com/security/cve/CVE-2017-13016

https://www.suse.com/security/cve/CVE-2017-13017

https://www.suse.com/security/cve/CVE-2017-13018

https://www.suse.com/security/cve/CVE-2017-13019

https://www.suse.com/security/cve/CVE-2017-13021

https://www.suse.com/security/cve/CVE-2017-13022

https://www.suse.com/security/cve/CVE-2017-13023

https://www.suse.com/security/cve/CVE-2017-13024

https://www.suse.com/security/cve/CVE-2017-13025

https://www.suse.com/security/cve/CVE-2017-13027

https://www.suse.com/security/cve/CVE-2017-13028

https://www.suse.com/security/cve/CVE-2017-13029

https://www.suse.com/security/cve/CVE-2017-13030

https://www.suse.com/security/cve/CVE-2017-13031

https://www.suse.com/security/cve/CVE-2017-13032

https://www.suse.com/security/cve/CVE-2017-13034

https://www.suse.com/security/cve/CVE-2017-13035

https://www.suse.com/security/cve/CVE-2017-13036

https://www.suse.com/security/cve/CVE-2017-13037

https://www.suse.com/security/cve/CVE-2017-13038

https://www.suse.com/security/cve/CVE-2017-13041

https://www.suse.com/security/cve/CVE-2017-13047

https://www.suse.com/security/cve/CVE-2017-13048

https://www.suse.com/security/cve/CVE-2017-13049

https://www.suse.com/security/cve/CVE-2017-13051

https://www.suse.com/security/cve/CVE-2017-13053

https://www.suse.com/security/cve/CVE-2017-13055

https://www.suse.com/security/cve/CVE-2017-13687

https://www.suse.com/security/cve/CVE-2017-13688

https://www.suse.com/security/cve/CVE-2017-13689

https://www.suse.com/security/cve/CVE-2017-13725

https://www.suse.com/security/cve/CVE-2018-10103

https://www.suse.com/security/cve/CVE-2018-10105

https://www.suse.com/security/cve/CVE-2018-14461

https://www.suse.com/security/cve/CVE-2018-14462

https://www.suse.com/security/cve/CVE-2018-14463

https://www.suse.com/security/cve/CVE-2018-14464

https://www.suse.com/security/cve/CVE-2018-14465

https://www.suse.com/security/cve/CVE-2018-14466

https://www.suse.com/security/cve/CVE-2018-14467

https://www.suse.com/security/cve/CVE-2018-14468

https://www.suse.com/security/cve/CVE-2018-14469

https://www.suse.com/security/cve/CVE-2018-14881

https://www.suse.com/security/cve/CVE-2018-14882

https://www.suse.com/security/cve/CVE-2018-16229

https://www.suse.com/security/cve/CVE-2018-16230

https://www.suse.com/security/cve/CVE-2018-16300

https://www.suse.com/security/cve/CVE-2018-16301

https://www.suse.com/security/cve/CVE-2018-16451

https://www.suse.com/security/cve/CVE-2018-16452

https://www.suse.com/security/cve/CVE-2019-15166

Plugin Details

Severity: Critical

ID: 150563

File Name: suse_SU-2019-14191-1.nasl

Version: 1.2

Type: local

Agent: unix

Published: 6/10/2021

Updated: 6/10/2021

Supported Sensors: Nessus Agent

Risk Information

CVSS Score Source: CVE-2018-16301

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:tcpdump, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 10/15/2019

Vulnerability Publication Date: 9/11/2017

Reference Information

CVE: CVE-2017-12893, CVE-2017-12894, CVE-2017-12896, CVE-2017-12897, CVE-2017-12898, CVE-2017-12899, CVE-2017-12900, CVE-2017-12901, CVE-2017-12902, CVE-2017-12985, CVE-2017-12986, CVE-2017-12987, CVE-2017-12988, CVE-2017-12991, CVE-2017-12992, CVE-2017-12993, CVE-2017-12995, CVE-2017-12996, CVE-2017-12998, CVE-2017-12999, CVE-2017-13001, CVE-2017-13002, CVE-2017-13003, CVE-2017-13004, CVE-2017-13005, CVE-2017-13006, CVE-2017-13008, CVE-2017-13009, CVE-2017-13010, CVE-2017-13012, CVE-2017-13013, CVE-2017-13014, CVE-2017-13016, CVE-2017-13017, CVE-2017-13018, CVE-2017-13019, CVE-2017-13021, CVE-2017-13022, CVE-2017-13023, CVE-2017-13024, CVE-2017-13025, CVE-2017-13027, CVE-2017-13028, CVE-2017-13029, CVE-2017-13030, CVE-2017-13031, CVE-2017-13032, CVE-2017-13034, CVE-2017-13035, CVE-2017-13036, CVE-2017-13037, CVE-2017-13038, CVE-2017-13041, CVE-2017-13047, CVE-2017-13048, CVE-2017-13049, CVE-2017-13051, CVE-2017-13053, CVE-2017-13055, CVE-2017-13687, CVE-2017-13688, CVE-2017-13689, CVE-2017-13725, CVE-2018-10103, CVE-2018-10105, CVE-2018-14461, CVE-2018-14462, CVE-2018-14463, CVE-2018-14464, CVE-2018-14465, CVE-2018-14466, CVE-2018-14467, CVE-2018-14468, CVE-2018-14469, CVE-2018-14881, CVE-2018-14882, CVE-2018-16229, CVE-2018-16230, CVE-2018-16300, CVE-2018-16301, CVE-2018-16451, CVE-2018-16452, CVE-2019-15166

SuSE: SUSE-SU-2019:14191-1