SUSE SLES11 Security Update : tcpdump (SUSE-SU-2019:14191-1)

critical Nessus Plugin ID 150563
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES11 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2019:14191-1 advisory.

- The SMB/CIFS parser in tcpdump before 4.9.2 has a buffer over-read in smbutil.c:name_len().
(CVE-2017-12893)

- Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in addrtoname.c:lookup_bytestring(). (CVE-2017-12894)

- The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:isakmp_rfc3948_print().
(CVE-2017-12896)

- The ISO CLNS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isoclns_print().
(CVE-2017-12897)

- The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:interp_reply().
(CVE-2017-12898)

- The DECnet parser in tcpdump before 4.9.2 has a buffer over-read in print-decnet.c:decnet_print().
(CVE-2017-12899)

- Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in util- print.c:tok2strbuf(). (CVE-2017-12900)

- The EIGRP parser in tcpdump before 4.9.2 has a buffer over-read in print-eigrp.c:eigrp_print().
(CVE-2017-12901)

- The Zephyr parser in tcpdump before 4.9.2 has a buffer over-read in print-zephyr.c, several functions.
(CVE-2017-12902)

- The IPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-ip6.c:ip6_print().
(CVE-2017-12985)

- The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print().
(CVE-2017-12986, CVE-2017-13725)

- The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements().
(CVE-2017-12987, CVE-2017-13008)

- The telnet parser in tcpdump before 4.9.2 has a buffer over-read in print-telnet.c:telnet_parse().
(CVE-2017-12988)

- The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print().
(CVE-2017-12991)

- The RIPng parser in tcpdump before 4.9.2 has a buffer over-read in print-ripng.c:ripng_print().
(CVE-2017-12992)

- The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print-juniper.c, several functions. (CVE-2017-12993)

- The DNS parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print- domain.c:ns_print(). (CVE-2017-12995)

- The PIMv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c:pimv2_print().
(CVE-2017-12996)

- The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print- isoclns.c:isis_print_extd_ip_reach(). (CVE-2017-12998)

- The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print().
(CVE-2017-12999)

- The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:nfs_printfh().
(CVE-2017-13001)

- The AODV parser in tcpdump before 4.9.2 has a buffer over-read in print-aodv.c:aodv_extension().
(CVE-2017-13002)

- The LMP parser in tcpdump before 4.9.2 has a buffer over-read in print-lmp.c:lmp_print(). (CVE-2017-13003)

- The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print- juniper.c:juniper_parse_header(). (CVE-2017-13004)

- The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:xid_map_enter().
(CVE-2017-13005)

- The L2TP parser in tcpdump before 4.9.2 has a buffer over-read in print-l2tp.c, several functions.
(CVE-2017-13006)

- The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print- mobility.c:mobility_print(). (CVE-2017-13009)

- The BEEP parser in tcpdump before 4.9.2 has a buffer over-read in print-beep.c:l_strnstart().
(CVE-2017-13010)

- The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp.c:icmp_print().
(CVE-2017-13012)

- The ARP parser in tcpdump before 4.9.2 has a buffer over-read in print-arp.c, several functions.
(CVE-2017-13013)

- The White Board protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-wb.c:wb_prep(), several functions. (CVE-2017-13014)

- The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esis_print().
(CVE-2017-13016, CVE-2017-13047)

- The DHCPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-dhcp6.c:dhcp6opt_print().
(CVE-2017-13017)

- The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print(). (CVE-2017-13018, CVE-2017-13019, CVE-2017-13034)

- The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_print().
(CVE-2017-13021)

- The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printroute().
(CVE-2017-13022)

- The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print- mobility.c:mobility_opt_print(). (CVE-2017-13023, CVE-2017-13024, CVE-2017-13025)

- The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_mgmt_addr_tlv_print().
(CVE-2017-13027)

- The BOOTP parser in tcpdump before 4.9.2 has a buffer over-read in print-bootp.c:bootp_print().
(CVE-2017-13028)

- The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:print_ccp_config_options().
(CVE-2017-13029)

- The PIM parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c, several functions.
(CVE-2017-13030)

- The IPv6 fragmentation header parser in tcpdump before 4.9.2 has a buffer over-read in print- frag6.c:frag6_print(). (CVE-2017-13031)

- The RADIUS parser in tcpdump before 4.9.2 has a buffer over-read in print-radius.c:print_attr_string().
(CVE-2017-13032)

- The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_id().
(CVE-2017-13035)

- The OSPFv3 parser in tcpdump before 4.9.2 has a buffer over-read in print-ospf6.c:ospf6_decode_v3().
(CVE-2017-13036)

- The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printts(). (CVE-2017-13037)

- The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:handle_mlppp().
(CVE-2017-13038)

- The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_nodeinfo_print().
(CVE-2017-13041)

- The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvp_obj_print().
(CVE-2017-13048, CVE-2017-13051)

- The Rx protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-rx.c:ubik_print().
(CVE-2017-13049)

- The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_rt_routing_info().
(CVE-2017-13053)

- The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print- isoclns.c:isis_print_is_reach_subtlv(). (CVE-2017-13055)

- The Cisco HDLC parser in tcpdump before 4.9.2 has a buffer over-read in print-chdlc.c:chdlc_print().
(CVE-2017-13687)

- The OLSR parser in tcpdump before 4.9.2 has a buffer over-read in print-olsr.c:olsr_print().
(CVE-2017-13688)

- The IKEv1 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:ikev1_id_print().
(CVE-2017-13689)

- tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2). (CVE-2018-10103)

- tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2). (CVE-2018-10105)

- The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print().
(CVE-2018-14461)

- The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().
(CVE-2018-14462)

- The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print().
(CVE-2018-14463)

- The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print- lmp.c:lmp_print_data_link_subobjs(). (CVE-2018-14464)

- The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().
(CVE-2018-14465)

- The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert(). (CVE-2018-14466)

- The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP). (CVE-2018-14467)

- The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().
(CVE-2018-14468)

- The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().
(CVE-2018-14469)

- The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART). (CVE-2018-14881)

- The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c. (CVE-2018-14882)

- The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().
(CVE-2018-16229)

- The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI). (CVE-2018-16230)

- The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion. (CVE-2018-16300)

- ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. (CVE-2018-16301)

- The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN. (CVE-2018-16451)

- The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion.
(CVE-2018-16452)

- lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.
(CVE-2019-15166)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected tcpdump package.

See Also

https://bugzilla.suse.com/1057247

https://bugzilla.suse.com/1153098

https://bugzilla.suse.com/1153332

http://www.nessus.org/u?e03f0e89

https://www.suse.com/security/cve/CVE-2017-12893

https://www.suse.com/security/cve/CVE-2017-12894

https://www.suse.com/security/cve/CVE-2017-12896

https://www.suse.com/security/cve/CVE-2017-12897

https://www.suse.com/security/cve/CVE-2017-12898

https://www.suse.com/security/cve/CVE-2017-12899

https://www.suse.com/security/cve/CVE-2017-12900

https://www.suse.com/security/cve/CVE-2017-12901

https://www.suse.com/security/cve/CVE-2017-12902

https://www.suse.com/security/cve/CVE-2017-12985

https://www.suse.com/security/cve/CVE-2017-12986

https://www.suse.com/security/cve/CVE-2017-12987

https://www.suse.com/security/cve/CVE-2017-12988

https://www.suse.com/security/cve/CVE-2017-12991

https://www.suse.com/security/cve/CVE-2017-12992

https://www.suse.com/security/cve/CVE-2017-12993

https://www.suse.com/security/cve/CVE-2017-12995

https://www.suse.com/security/cve/CVE-2017-12996

https://www.suse.com/security/cve/CVE-2017-12998

https://www.suse.com/security/cve/CVE-2017-12999

https://www.suse.com/security/cve/CVE-2017-13001

https://www.suse.com/security/cve/CVE-2017-13002

https://www.suse.com/security/cve/CVE-2017-13003

https://www.suse.com/security/cve/CVE-2017-13004

https://www.suse.com/security/cve/CVE-2017-13005

https://www.suse.com/security/cve/CVE-2017-13006

https://www.suse.com/security/cve/CVE-2017-13008

https://www.suse.com/security/cve/CVE-2017-13009

https://www.suse.com/security/cve/CVE-2017-13010

https://www.suse.com/security/cve/CVE-2017-13012

https://www.suse.com/security/cve/CVE-2017-13013

https://www.suse.com/security/cve/CVE-2017-13014

https://www.suse.com/security/cve/CVE-2017-13016

https://www.suse.com/security/cve/CVE-2017-13017

https://www.suse.com/security/cve/CVE-2017-13018

https://www.suse.com/security/cve/CVE-2017-13019

https://www.suse.com/security/cve/CVE-2017-13021

https://www.suse.com/security/cve/CVE-2017-13022

https://www.suse.com/security/cve/CVE-2017-13023

https://www.suse.com/security/cve/CVE-2017-13024

https://www.suse.com/security/cve/CVE-2017-13025

https://www.suse.com/security/cve/CVE-2017-13027

https://www.suse.com/security/cve/CVE-2017-13028

https://www.suse.com/security/cve/CVE-2017-13029

https://www.suse.com/security/cve/CVE-2017-13030

https://www.suse.com/security/cve/CVE-2017-13031

https://www.suse.com/security/cve/CVE-2017-13032

https://www.suse.com/security/cve/CVE-2017-13034

https://www.suse.com/security/cve/CVE-2017-13035

https://www.suse.com/security/cve/CVE-2017-13036

https://www.suse.com/security/cve/CVE-2017-13037

https://www.suse.com/security/cve/CVE-2017-13038

https://www.suse.com/security/cve/CVE-2017-13041

https://www.suse.com/security/cve/CVE-2017-13047

https://www.suse.com/security/cve/CVE-2017-13048

https://www.suse.com/security/cve/CVE-2017-13049

https://www.suse.com/security/cve/CVE-2017-13051

https://www.suse.com/security/cve/CVE-2017-13053

https://www.suse.com/security/cve/CVE-2017-13055

https://www.suse.com/security/cve/CVE-2017-13687

https://www.suse.com/security/cve/CVE-2017-13688

https://www.suse.com/security/cve/CVE-2017-13689

https://www.suse.com/security/cve/CVE-2017-13725

https://www.suse.com/security/cve/CVE-2018-10103

https://www.suse.com/security/cve/CVE-2018-10105

https://www.suse.com/security/cve/CVE-2018-14461

https://www.suse.com/security/cve/CVE-2018-14462

https://www.suse.com/security/cve/CVE-2018-14463

https://www.suse.com/security/cve/CVE-2018-14464

https://www.suse.com/security/cve/CVE-2018-14465

https://www.suse.com/security/cve/CVE-2018-14466

https://www.suse.com/security/cve/CVE-2018-14467

https://www.suse.com/security/cve/CVE-2018-14468

https://www.suse.com/security/cve/CVE-2018-14469

https://www.suse.com/security/cve/CVE-2018-14881

https://www.suse.com/security/cve/CVE-2018-14882

https://www.suse.com/security/cve/CVE-2018-16229

https://www.suse.com/security/cve/CVE-2018-16230

https://www.suse.com/security/cve/CVE-2018-16300

https://www.suse.com/security/cve/CVE-2018-16301

https://www.suse.com/security/cve/CVE-2018-16451

https://www.suse.com/security/cve/CVE-2018-16452

https://www.suse.com/security/cve/CVE-2019-15166

Plugin Details

Severity: Critical

ID: 150563

File Name: suse_SU-2019-14191-1.nasl

Version: 1.2

Type: local

Agent: unix

Published: 6/10/2021

Updated: 6/10/2021

Dependencies: ssh_get_info.nasl

Risk Information

CVSS Score Source: CVE-2018-16301

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:tcpdump, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 10/15/2019

Vulnerability Publication Date: 9/11/2017

Reference Information

CVE: CVE-2017-12893, CVE-2017-12894, CVE-2017-12896, CVE-2017-12897, CVE-2017-12898, CVE-2017-12899, CVE-2017-12900, CVE-2017-12901, CVE-2017-12902, CVE-2017-12985, CVE-2017-12986, CVE-2017-12987, CVE-2017-12988, CVE-2017-12991, CVE-2017-12992, CVE-2017-12993, CVE-2017-12995, CVE-2017-12996, CVE-2017-12998, CVE-2017-12999, CVE-2017-13001, CVE-2017-13002, CVE-2017-13003, CVE-2017-13004, CVE-2017-13005, CVE-2017-13006, CVE-2017-13008, CVE-2017-13009, CVE-2017-13010, CVE-2017-13012, CVE-2017-13013, CVE-2017-13014, CVE-2017-13016, CVE-2017-13017, CVE-2017-13018, CVE-2017-13019, CVE-2017-13021, CVE-2017-13022, CVE-2017-13023, CVE-2017-13024, CVE-2017-13025, CVE-2017-13027, CVE-2017-13028, CVE-2017-13029, CVE-2017-13030, CVE-2017-13031, CVE-2017-13032, CVE-2017-13034, CVE-2017-13035, CVE-2017-13036, CVE-2017-13037, CVE-2017-13038, CVE-2017-13041, CVE-2017-13047, CVE-2017-13048, CVE-2017-13049, CVE-2017-13051, CVE-2017-13053, CVE-2017-13055, CVE-2017-13687, CVE-2017-13688, CVE-2017-13689, CVE-2017-13725, CVE-2018-10103, CVE-2018-10105, CVE-2018-14461, CVE-2018-14462, CVE-2018-14463, CVE-2018-14464, CVE-2018-14465, CVE-2018-14466, CVE-2018-14467, CVE-2018-14468, CVE-2018-14469, CVE-2018-14881, CVE-2018-14882, CVE-2018-16229, CVE-2018-16230, CVE-2018-16300, CVE-2018-16301, CVE-2018-16451, CVE-2018-16452, CVE-2019-15166

SuSE: SUSE-SU-2019:14191-1