Debian Bug report logs -
#941698
tcpdump: CVE-2018-10103 CVE-2018-10105 CVE-2018-14461 CVE-2018-14462 CVE-2018-14463 CVE-2018-14464 CVE-2018-14465 CVE-2018-14466 CVE-2018-14467 CVE-2018-14468 CVE-2018-14469 CVE-2018-14470 CVE-2018-14879 CVE-2018-14880 CVE-2018-14881 CVE-2018-14882 CVE-2018-16227 CVE-2018-16228 CVE-2018-16229 CVE-2018-16230 CVE-2018-16300 CVE-2018-16451 CVE-2018-16452 CVE-2019-15166
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 3 Oct 2019 21:51:02 UTC
Severity: important
Tags: security, upstream
Found in versions tcpdump/4.9.2-1, tcpdump/4.9.2-1~deb9u1, tcpdump/4.9.3~git20190901-2, tcpdump/4.9.2-3
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, team@security.debian.org, Romain Francoise <rfrancoise@debian.org>
:
Bug#941698
; Package src:tcpdump
.
(Thu, 03 Oct 2019 21:51:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, team@security.debian.org, Romain Francoise <rfrancoise@debian.org>
.
(Thu, 03 Oct 2019 21:51:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: tcpdump
Version: 4.9.3~git20190901-2
Severity: important
Tags: security upstream
Control: found -1 4.9.2-3
Control: found -1 4.9.2-1~deb9u1
Control: found -1 4.9.2-1
Hi,
The following vulnerabilities were published for tcpdump.
CVE-2018-10103[0]:
| tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of
| 2).
CVE-2018-10105[1]:
| tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of
| 2).
CVE-2018-14461[2]:
| The LDP parser in tcpdump before 4.9.3 has a buffer over-read in
| print-ldp.c:ldp_tlv_print().
CVE-2018-14462[3]:
| The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in
| print-icmp.c:icmp_print().
CVE-2018-14463[4]:
| The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in
| print-vrrp.c:vrrp_print().
CVE-2018-14464[5]:
| The LMP parser in tcpdump before 4.9.3 has a buffer over-read in
| print-lmp.c:lmp_print_data_link_subobjs().
CVE-2018-14465[6]:
| The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in
| print-rsvp.c:rsvp_obj_print().
CVE-2018-14466[7]:
| The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-
| rx.c:rx_cache_find() and rx_cache_insert().
CVE-2018-14467[8]:
| The BGP parser in tcpdump before 4.9.3 has a buffer over-read in
| print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP).
CVE-2018-14468[9]:
| The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in
| print-fr.c:mfr_print().
CVE-2018-14469[10]:
| The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in
| print-isakmp.c:ikev1_n_print().
CVE-2018-14470[11]:
| The Babel parser in tcpdump before 4.9.3 has a buffer over-read in
| print-babel.c:babel_print_v2().
CVE-2018-14879[12]:
| The command-line argument parser in tcpdump before 4.9.3 has a buffer
| overflow in tcpdump.c:get_next_file().
CVE-2018-14880[13]:
| The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in
| print-ospf6.c:ospf6_print_lshdr().
CVE-2018-14881[14]:
| The BGP parser in tcpdump before 4.9.3 has a buffer over-read in
| print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART).
CVE-2018-14882[15]:
| The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in
| print-icmp6.c.
CVE-2018-16227[16]:
| The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read
| in print-802_11.c for the Mesh Flags subfield.
CVE-2018-16228[17]:
| The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in
| print-hncp.c:print_prefix().
CVE-2018-16229[18]:
| The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in
| print-dccp.c:dccp_print_option().
CVE-2018-16230[19]:
| The BGP parser in tcpdump before 4.9.3 has a buffer over-read in
| print-bgp.c:bgp_attr_print() (MP_REACH_NLRI).
CVE-2018-16300[20]:
| The BGP parser in tcpdump before 4.9.3 allows stack consumption in
| print-bgp.c:bgp_attr_print() because of unlimited recursion.
CVE-2018-16451[21]:
| The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-
| smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN.
CVE-2018-16452[22]:
| The SMB parser in tcpdump before 4.9.3 has stack exhaustion in
| smbutil.c:smb_fdata() via recursion.
CVE-2019-15166[23]:
| lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3
| lacks certain bounds checks.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-10103
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10103
[1] https://security-tracker.debian.org/tracker/CVE-2018-10105
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10105
[2] https://security-tracker.debian.org/tracker/CVE-2018-14461
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14461
[3] https://security-tracker.debian.org/tracker/CVE-2018-14462
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14462
[4] https://security-tracker.debian.org/tracker/CVE-2018-14463
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14463
[5] https://security-tracker.debian.org/tracker/CVE-2018-14464
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14464
[6] https://security-tracker.debian.org/tracker/CVE-2018-14465
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14465
[7] https://security-tracker.debian.org/tracker/CVE-2018-14466
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14466
[8] https://security-tracker.debian.org/tracker/CVE-2018-14467
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14467
[9] https://security-tracker.debian.org/tracker/CVE-2018-14468
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14468
[10] https://security-tracker.debian.org/tracker/CVE-2018-14469
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14469
[11] https://security-tracker.debian.org/tracker/CVE-2018-14470
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14470
[12] https://security-tracker.debian.org/tracker/CVE-2018-14879
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14879
[13] https://security-tracker.debian.org/tracker/CVE-2018-14880
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14880
[14] https://security-tracker.debian.org/tracker/CVE-2018-14881
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14881
[15] https://security-tracker.debian.org/tracker/CVE-2018-14882
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14882
[16] https://security-tracker.debian.org/tracker/CVE-2018-16227
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16227
[17] https://security-tracker.debian.org/tracker/CVE-2018-16228
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16228
[18] https://security-tracker.debian.org/tracker/CVE-2018-16229
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16229
[19] https://security-tracker.debian.org/tracker/CVE-2018-16230
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16230
[20] https://security-tracker.debian.org/tracker/CVE-2018-16300
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16300
[21] https://security-tracker.debian.org/tracker/CVE-2018-16451
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16451
[22] https://security-tracker.debian.org/tracker/CVE-2018-16452
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16452
[23] https://security-tracker.debian.org/tracker/CVE-2019-15166
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15166
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
Marked as found in versions tcpdump/4.9.2-3.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to submit@bugs.debian.org
.
(Thu, 03 Oct 2019 21:51:05 GMT) (full text, mbox, link).
Marked as found in versions tcpdump/4.9.2-1~deb9u1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to submit@bugs.debian.org
.
(Thu, 03 Oct 2019 21:51:06 GMT) (full text, mbox, link).
Marked as found in versions tcpdump/4.9.2-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to submit@bugs.debian.org
.
(Thu, 03 Oct 2019 21:51:07 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Fri Oct 4 16:46:46 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.