Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2014-0503)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2014.0503

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2014-0503)

Resumen: The remote host is missing an update for the 'tcpdump' package(s) announced via the MGASA-2014-0503 advisory.

Descripción: Summary:
The remote host is missing an update for the 'tcpdump' package(s) announced via the MGASA-2014-0503 advisory.

Vulnerability Insight:
The Tcpdump program could crash when processing a malformed OLSR payload
when the verbose output flag was set (CVE-2014-8767).

The application decoder for the Ad hoc On-Demand Distance Vector (AODV)
protocol in Tcpdump fails to perform input validation and performs unsafe
out-of-bound accesses. The application will usually not crash, but perform
out-of-bounds accesses and output/leak larger amounts of invalid data, which
might lead to dropped packets. It is unknown if a payload exists that might
trigger segfaults (CVE-2014-8769).

Affected Software/OS:
'tcpdump' package(s) on Mageia 4.

Solution:
Please install the updated package(s).

CVSS Score:
6.4

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-8767
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
BugTraq ID: 71150
http://www.securityfocus.com/bid/71150
Bugtraq: 20141118 CVE-2014-8767 tcpdump denial of service in verbose mode using malformed OLSR payload (Google Search)
http://www.securityfocus.com/archive/1/534011/100/0/threaded
Debian Security Information: DSA-3086 (Google Search)
http://www.debian.org/security/2014/dsa-3086
http://seclists.org/fulldisclosure/2014/Nov/47
http://www.mandriva.com/security/advisories?name=MDVSA-2014:240
http://www.mandriva.com/security/advisories?name=MDVSA-2015:125
http://packetstormsecurity.com/files/129155/tcpdump-4.6.2-OSLR-Denial-Of-Service.html
SuSE Security Announcement: openSUSE-SU-2015:0284 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-02/msg00062.html
http://www.ubuntu.com/usn/USN-2433-1
XForce ISS Database: tcpdump-cve20148767-dos(98765)
https://exchange.xforce.ibmcloud.com/vulnerabilities/98765
Common Vulnerability Exposure (CVE) ID: CVE-2014-8769
BugTraq ID: 71153
http://www.securityfocus.com/bid/71153
Bugtraq: 20141118 CVE-2014-8769 tcpdump unreliable output using malformed AOVD payload (Google Search)
http://www.securityfocus.com/archive/1/534009/100/0/threaded
http://seclists.org/fulldisclosure/2014/Nov/49
http://packetstormsecurity.com/files/129157/tcpdump-4.6.2-AOVD-Unreliable-Output.html
XForce ISS Database: tcpdump-cve20148769-dos(98764)
https://exchange.xforce.ibmcloud.com/vulnerabilities/98764

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2014.0503
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2014-0503)
Resumen:	The remote host is missing an update for the 'tcpdump' package(s) announced via the MGASA-2014-0503 advisory.
Descripción:	Summary: The remote host is missing an update for the 'tcpdump' package(s) announced via the MGASA-2014-0503 advisory. Vulnerability Insight: The Tcpdump program could crash when processing a malformed OLSR payload when the verbose output flag was set (CVE-2014-8767). The application decoder for the Ad hoc On-Demand Distance Vector (AODV) protocol in Tcpdump fails to perform input validation and performs unsafe out-of-bound accesses. The application will usually not crash, but perform out-of-bounds accesses and output/leak larger amounts of invalid data, which might lead to dropped packets. It is unknown if a payload exists that might trigger segfaults (CVE-2014-8769). Affected Software/OS: 'tcpdump' package(s) on Mageia 4. Solution: Please install the updated package(s). CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-8767 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html BugTraq ID: 71150 http://www.securityfocus.com/bid/71150 Bugtraq: 20141118 CVE-2014-8767 tcpdump denial of service in verbose mode using malformed OLSR payload (Google Search) http://www.securityfocus.com/archive/1/534011/100/0/threaded Debian Security Information: DSA-3086 (Google Search) http://www.debian.org/security/2014/dsa-3086 http://seclists.org/fulldisclosure/2014/Nov/47 http://www.mandriva.com/security/advisories?name=MDVSA-2014:240 http://www.mandriva.com/security/advisories?name=MDVSA-2015:125 http://packetstormsecurity.com/files/129155/tcpdump-4.6.2-OSLR-Denial-Of-Service.html SuSE Security Announcement: openSUSE-SU-2015:0284 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-02/msg00062.html http://www.ubuntu.com/usn/USN-2433-1 XForce ISS Database: tcpdump-cve20148767-dos(98765) https://exchange.xforce.ibmcloud.com/vulnerabilities/98765 Common Vulnerability Exposure (CVE) ID: CVE-2014-8769 BugTraq ID: 71153 http://www.securityfocus.com/bid/71153 Bugtraq: 20141118 CVE-2014-8769 tcpdump unreliable output using malformed AOVD payload (Google Search) http://www.securityfocus.com/archive/1/534009/100/0/threaded http://seclists.org/fulldisclosure/2014/Nov/49 http://packetstormsecurity.com/files/129157/tcpdump-4.6.2-AOVD-Unreliable-Output.html XForce ISS Database: tcpdump-cve20148769-dos(98764) https://exchange.xforce.ibmcloud.com/vulnerabilities/98764
Copyright	Copyright (C) 2022 Greenbone AG