Detections
Analytics

MiracleLinux 7 : tcpdump-4.9.0-5.el7 (AXSA:2017-1761:01)

critical Nessus Plugin ID 289256

Synopsis

The remote MiracleLinux host is missing one or more security updates.

Description

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2017-1761:01 advisory.

 Tcpdump is a command-line tool for monitoring network traffic.
 Tcpdump can capture and display the packet headers on a particular network interface or on all interfaces. Tcpdump can display all of the packet headers, or just the ones that match particular criteria.
 Install tcpdump if you need a program to monitor network traffic.
 CVE-2015-0261 Integer signedness error in the mobility_opt_print function in the IPv6 mobility printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) or possibly execute arbitrary code via a negative length value.
 CVE-2015-2153 The rpki_rtr_pdu_print function in print-rpki-rtr.c in the TCP printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via a crafted header length in an RPKI-RTR Protocol Data Unit (PDU).
 CVE-2015-2154 The osi_print_cksum function in print-isoclns.c in the ethernet printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) length, (2) offset, or (3) base pointer checksum value.
 CVE-2015-2155 The force printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
 CVE-2016-7922 The AH parser in tcpdump before 4.9.0 has a buffer overflow in print-ah.c:ah_print().
 CVE-2016-7923 The ARP parser in tcpdump before 4.9.0 has a buffer overflow in print-arp.c:arp_print().
 CVE-2016-7924 The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:oam_print().
 CVE-2016-7925 The compressed SLIP parser in tcpdump before 4.9.0 has a buffer overflow in print-sl.c:sl_if_print().
 CVE-2016-7926 The Ethernet parser in tcpdump before 4.9.0 has a buffer overflow in print-ether.c:ethertype_print().
 CVE-2016-7927 The IEEE 802.11 parser in tcpdump before 4.9.0 has a buffer overflow in print-802_11.c:ieee802_11_radio_print().
 CVE-2016-7928 The IPComp parser in tcpdump before 4.9.0 has a buffer overflow in print-ipcomp.c:ipcomp_print().
 CVE-2016-7929 The Juniper PPPoE ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-juniper.c:juniper_parse_header().
 CVE-2016-7930 The LLC/SNAP parser in tcpdump before 4.9.0 has a buffer overflow in print-llc.c:llc_print().
 CVE-2016-7931 The MPLS parser in tcpdump before 4.9.0 has a buffer overflow in print-mpls.c:mpls_print().
 CVE-2016-7932 The PIM parser in tcpdump before 4.9.0 has a buffer overflow in print-pim.c:pimv2_check_checksum().
 CVE-2016-7933 The PPP parser in tcpdump before 4.9.0 has a buffer overflow in print-ppp.c:ppp_hdlc_if_print().
 CVE-2016-7934 The RTCP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:rtcp_print().
 CVE-2016-7935 The RTP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:rtp_print().
 CVE-2016-7936 The UDP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:udp_print().
 CVE-2016-7937 The VAT parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:vat_print().
 CVE-2016-7938 The ZeroMQ parser in tcpdump before 4.9.0 has an integer overflow in print-zeromq.c:zmtp1_print_frame().
 CVE-2016-7939 The GRE parser in tcpdump before 4.9.0 has a buffer overflow in print-gre.c, multiple functions.
 CVE-2016-7940 The STP parser in tcpdump before 4.9.0 has a buffer overflow in print-stp.c, multiple functions.
 CVE-2016-7973 The AppleTalk parser in tcpdump before 4.9.0 has a buffer overflow in print-atalk.c, multiple functions.
 CVE-2016-7974 The IP parser in tcpdump before 4.9.0 has a buffer overflow in print-ip.c, multiple functions.
 CVE-2016-7975 The TCP parser in tcpdump before 4.9.0 has a buffer overflow in print-tcp.c:tcp_print().
 CVE-2016-7983 The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print().
 CVE-2016-7984 The TFTP parser in tcpdump before 4.9.0 has a buffer overflow in print-tftp.c:tftp_print().
 CVE-2016-7985 The CALM FAST parser in tcpdump before 4.9.0 has a buffer overflow in print-calm-fast.c:calm_fast_print().
 CVE-2016-7986 The GeoNetworking parser in tcpdump before 4.9.0 has a buffer overflow in print-geonet.c, multiple functions.
 CVE-2016-7992 The Classical IP over ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-cip.c:cip_if_print().
 CVE-2016-7993 A bug in util-print.c:relts_print() in tcpdump before 4.9.0 could cause a buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP, lightweight resolver protocol, PIM).
 CVE-2016-8574 The FRF.15 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:frf15_print().
 CVE-2016-8575 The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print(), a different vulnerability than CVE-2017-5482.
 CVE-2017-5202 The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print().
 CVE-2017-5203 The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print().
 CVE-2017-5204 The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print-ip6.c:ip6_print().
 CVE-2017-5205 The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print().
 CVE-2017-5341 The OTV parser in tcpdump before 4.9.0 has a buffer overflow in print-otv.c:otv_print().
 CVE-2017-5342 In tcpdump before 4.9.0, a bug in multiple protocol parsers (Geneve, GRE, NSH, OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in print-ether.c:ether_print().
 CVE-2017-5482 The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print(), a different vulnerability than CVE-2016-8575.
 CVE-2017-5483 The SNMP parser in tcpdump before 4.9.0 has a buffer overflow in print-snmp.c:asn1_parse().
 CVE-2017-5484 The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:sig_print().
 CVE-2017-5485 The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in addrtoname.c:lookup_nsap().
 CVE-2017-5486 The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print().

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected tcpdump package.

See Also

https://tsn.miraclelinux.com/en/node/8194

Plugin Details

Severity: Critical

ID: 289256

File Name: miracle_linux_AXSA-2017-1761.nasl

Version: 1.1

Type: local

Published: 1/16/2026

Updated: 1/16/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

Vendor

Vendor Severity: Moderate

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2017-5486

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:miracle:linux:7, p-cpe:/a:miracle:linux:tcpdump

Required KB Items: Host/local_checks_enabled, Host/MiracleLinux/release, Host/MiracleLinux/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/25/2017

Vulnerability Publication Date: 3/9/2015

Reference Information

CVE: CVE-2015-0261, CVE-2015-2153, CVE-2015-2154, CVE-2015-2155, CVE-2016-7922, CVE-2016-7923, CVE-2016-7924, CVE-2016-7925, CVE-2016-7926, CVE-2016-7927, CVE-2016-7928, CVE-2016-7929, CVE-2016-7930, CVE-2016-7931, CVE-2016-7932, CVE-2016-7933, CVE-2016-7934, CVE-2016-7935, CVE-2016-7936, CVE-2016-7937, CVE-2016-7938, CVE-2016-7939, CVE-2016-7940, CVE-2016-7973, CVE-2016-7974, CVE-2016-7975, CVE-2016-7983, CVE-2016-7984, CVE-2016-7985, CVE-2016-7986, CVE-2016-7992, CVE-2016-7993, CVE-2016-8574, CVE-2016-8575, CVE-2017-5202, CVE-2017-5203, CVE-2017-5204, CVE-2017-5205, CVE-2017-5341, CVE-2017-5342, CVE-2017-5482, CVE-2017-5483, CVE-2017-5484, CVE-2017-5485, CVE-2017-5486