Recent Vulnerabilities Research Posts Trends Blog About Contact

Source

Debian Bug report logs - #941698
tcpdump: CVE-2018-10103 CVE-2018-10105 CVE-2018-14461 CVE-2018-14462 CVE-2018-14463 CVE-2018-14464 CVE-2018-14465 CVE-2018-14466 CVE-2018-14467 CVE-2018-14468 CVE-2018-14469 CVE-2018-14470 CVE-2018-14879 CVE-2018-14880 CVE-2018-14881 CVE-2018-14882 CVE-2018-16227 CVE-2018-16228 CVE-2018-16229 CVE-2018-16230 CVE-2018-16300 CVE-2018-16451 CVE-2018-16452 CVE-2019-15166

Package: src:tcpdump; Maintainer for src:tcpdump is Romain Francoise <rfrancoise@debian.org>;

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Thu, 3 Oct 2019 21:51:02 UTC

Severity: important

Tags: security, upstream

Found in versions tcpdump/4.9.2-1, tcpdump/4.9.2-1~deb9u1, tcpdump/4.9.3~git20190901-2, tcpdump/4.9.2-3

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, team@security.debian.org, Romain Francoise <rfrancoise@debian.org>:
Bug#941698; Package src:tcpdump. (Thu, 03 Oct 2019 21:51:05 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, team@security.debian.org, Romain Francoise <rfrancoise@debian.org>. (Thu, 03 Oct 2019 21:51:05 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Source: tcpdump
Version: 4.9.3~git20190901-2
Severity: important
Tags: security upstream
Control: found -1 4.9.2-3
Control: found -1 4.9.2-1~deb9u1
Control: found -1 4.9.2-1

Hi,

The following vulnerabilities were published for tcpdump.

CVE-2018-10103[0]:
| tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of
| 2).


CVE-2018-10105[1]:
| tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of
| 2).


CVE-2018-14461[2]:
| The LDP parser in tcpdump before 4.9.3 has a buffer over-read in
| print-ldp.c:ldp_tlv_print().


CVE-2018-14462[3]:
| The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in
| print-icmp.c:icmp_print().


CVE-2018-14463[4]:
| The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in
| print-vrrp.c:vrrp_print().


CVE-2018-14464[5]:
| The LMP parser in tcpdump before 4.9.3 has a buffer over-read in
| print-lmp.c:lmp_print_data_link_subobjs().


CVE-2018-14465[6]:
| The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in
| print-rsvp.c:rsvp_obj_print().


CVE-2018-14466[7]:
| The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-
| rx.c:rx_cache_find() and rx_cache_insert().


CVE-2018-14467[8]:
| The BGP parser in tcpdump before 4.9.3 has a buffer over-read in
| print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP).


CVE-2018-14468[9]:
| The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in
| print-fr.c:mfr_print().


CVE-2018-14469[10]:
| The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in
| print-isakmp.c:ikev1_n_print().


CVE-2018-14470[11]:
| The Babel parser in tcpdump before 4.9.3 has a buffer over-read in
| print-babel.c:babel_print_v2().


CVE-2018-14879[12]:
| The command-line argument parser in tcpdump before 4.9.3 has a buffer
| overflow in tcpdump.c:get_next_file().


CVE-2018-14880[13]:
| The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in
| print-ospf6.c:ospf6_print_lshdr().


CVE-2018-14881[14]:
| The BGP parser in tcpdump before 4.9.3 has a buffer over-read in
| print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART).


CVE-2018-14882[15]:
| The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in
| print-icmp6.c.


CVE-2018-16227[16]:
| The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read
| in print-802_11.c for the Mesh Flags subfield.


CVE-2018-16228[17]:
| The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in
| print-hncp.c:print_prefix().


CVE-2018-16229[18]:
| The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in
| print-dccp.c:dccp_print_option().


CVE-2018-16230[19]:
| The BGP parser in tcpdump before 4.9.3 has a buffer over-read in
| print-bgp.c:bgp_attr_print() (MP_REACH_NLRI).


CVE-2018-16300[20]:
| The BGP parser in tcpdump before 4.9.3 allows stack consumption in
| print-bgp.c:bgp_attr_print() because of unlimited recursion.


CVE-2018-16451[21]:
| The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-
| smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN.


CVE-2018-16452[22]:
| The SMB parser in tcpdump before 4.9.3 has stack exhaustion in
| smbutil.c:smb_fdata() via recursion.


CVE-2019-15166[23]:
| lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3
| lacks certain bounds checks.


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-10103
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10103
[1] https://security-tracker.debian.org/tracker/CVE-2018-10105
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10105
[2] https://security-tracker.debian.org/tracker/CVE-2018-14461
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14461
[3] https://security-tracker.debian.org/tracker/CVE-2018-14462
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14462
[4] https://security-tracker.debian.org/tracker/CVE-2018-14463
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14463
[5] https://security-tracker.debian.org/tracker/CVE-2018-14464
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14464
[6] https://security-tracker.debian.org/tracker/CVE-2018-14465
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14465
[7] https://security-tracker.debian.org/tracker/CVE-2018-14466
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14466
[8] https://security-tracker.debian.org/tracker/CVE-2018-14467
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14467
[9] https://security-tracker.debian.org/tracker/CVE-2018-14468
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14468
[10] https://security-tracker.debian.org/tracker/CVE-2018-14469
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14469
[11] https://security-tracker.debian.org/tracker/CVE-2018-14470
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14470
[12] https://security-tracker.debian.org/tracker/CVE-2018-14879
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14879
[13] https://security-tracker.debian.org/tracker/CVE-2018-14880
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14880
[14] https://security-tracker.debian.org/tracker/CVE-2018-14881
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14881
[15] https://security-tracker.debian.org/tracker/CVE-2018-14882
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14882
[16] https://security-tracker.debian.org/tracker/CVE-2018-16227
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16227
[17] https://security-tracker.debian.org/tracker/CVE-2018-16228
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16228
[18] https://security-tracker.debian.org/tracker/CVE-2018-16229
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16229
[19] https://security-tracker.debian.org/tracker/CVE-2018-16230
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16230
[20] https://security-tracker.debian.org/tracker/CVE-2018-16300
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16300
[21] https://security-tracker.debian.org/tracker/CVE-2018-16451
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16451
[22] https://security-tracker.debian.org/tracker/CVE-2018-16452
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16452
[23] https://security-tracker.debian.org/tracker/CVE-2019-15166
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15166

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Marked as found in versions tcpdump/4.9.2-3. Request was from Salvatore Bonaccorso <carnil@debian.org> to submit@bugs.debian.org. (Thu, 03 Oct 2019 21:51:05 GMT) (full text, mbox, link).

Marked as found in versions tcpdump/4.9.2-1~deb9u1. Request was from Salvatore Bonaccorso <carnil@debian.org> to submit@bugs.debian.org. (Thu, 03 Oct 2019 21:51:06 GMT) (full text, mbox, link).

Marked as found in versions tcpdump/4.9.2-1. Request was from Salvatore Bonaccorso <carnil@debian.org> to submit@bugs.debian.org. (Thu, 03 Oct 2019 21:51:07 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Oct 4 16:46:46 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Vulmon Search

About

Products

Connect