ID de Prueba:	1.3.6.1.4.1.25623.1.0.113543
Categoría:	Buffer overflow
Título:	tcpdump < 4.9.3 Multiple Vulnerabilities
Resumen:	tcpdump is prone to multiple vulnerabilities.
Descripción:	Summary: tcpdump is prone to multiple vulnerabilities. Vulnerability Insight: There are buffer over-read vulnerabilities in the following modules: print-ldp.c:ldp_tlv_print(), print_icmp.c:icmp_print(), print_vrrp.c:vrrp_print(), print_lmp.c:lmp_print_data_link_subobjs(), print_rsvp.c:rsvp_obj_print(), print-rx.c:rx_cache_find(), print-rx.c:rx_cache_insert(), print-bgp.c:bgp_capabilities_print(), print-fr.c:mfr_print(), print-isakkmp.c:ikev1_n_print(), print_babel.c:babel_print_v2(), print-ospf6.c:ospf6_print_lshdr(), print-icmp6.c, print-802_11.c, print-hncp.c:print_prefix(), print-dccp.c:dccp_print_option(), print_bgp.c:bgp_attr_print(), print-smb.c:print_trans() There is a buffer overflow vulnerability in tcpdump.c:get_next_file(). There is a stack consumption vulnerability in print-bgp.c:bgp_attr_print(). There is a stack exhaustion vulnerability in smbutil.c:smb_fdata(). print_lmp.c:lmp_print_data_link_subobjs() lacks bounds checks. Vulnerability Impact: Successful exploitation would allow an attacker to read sensitive information or execute arbitrary code on the target machine. Affected Software/OS: tcpdump through version 4.9.2. Solution: Update to version 4.9.3. CVSS Score: 5.1 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2018-14461 Bugtraq: 20191021 [SECURITY] [DSA 4547-1] tcpdump security update (Google Search) https://seclists.org/bugtraq/2019/Oct/28 Bugtraq: 20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra (Google Search) https://seclists.org/bugtraq/2019/Dec/23 Debian Security Information: DSA-4547 (Google Search) https://www.debian.org/security/2019/dsa-4547 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/ http://seclists.org/fulldisclosure/2019/Dec/26 https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html SuSE Security Announcement: openSUSE-SU-2019:2344 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html SuSE Security Announcement: openSUSE-SU-2019:2348 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html https://usn.ubuntu.com/4252-1/ https://usn.ubuntu.com/4252-2/ Common Vulnerability Exposure (CVE) ID: CVE-2018-14462 Common Vulnerability Exposure (CVE) ID: CVE-2018-14463 Common Vulnerability Exposure (CVE) ID: CVE-2018-14464 Common Vulnerability Exposure (CVE) ID: CVE-2018-14465 Common Vulnerability Exposure (CVE) ID: CVE-2018-14466 Common Vulnerability Exposure (CVE) ID: CVE-2018-14467 Common Vulnerability Exposure (CVE) ID: CVE-2018-14468 Common Vulnerability Exposure (CVE) ID: CVE-2018-14469 Common Vulnerability Exposure (CVE) ID: CVE-2018-14470 Common Vulnerability Exposure (CVE) ID: CVE-2018-14879 Common Vulnerability Exposure (CVE) ID: CVE-2018-14880 Common Vulnerability Exposure (CVE) ID: CVE-2018-14881 Common Vulnerability Exposure (CVE) ID: CVE-2018-14882 Common Vulnerability Exposure (CVE) ID: CVE-2018-16227 Common Vulnerability Exposure (CVE) ID: CVE-2018-16228 Common Vulnerability Exposure (CVE) ID: CVE-2018-16229 Common Vulnerability Exposure (CVE) ID: CVE-2018-16230 Common Vulnerability Exposure (CVE) ID: CVE-2018-16300 Common Vulnerability Exposure (CVE) ID: CVE-2018-16451 Common Vulnerability Exposure (CVE) ID: CVE-2018-16452 Common Vulnerability Exposure (CVE) ID: CVE-2019-15166 https://github.com/the-tcpdump-group/tcpdump/commit/0b661e0aa61850234b64394585cf577aac570bf4 https://security.netapp.com/advisory/ntap-20200120-0001/ https://support.apple.com/kb/HT210788
Copyright	Copyright (C) 2019 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.