Published: 20/11/2014 Updated: 30/10/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 up to and including 4.6.2, when in verbose mode, allow remote malicious users to cause a denial of service (segmentation fault and crash) via a crafted length value in a Geonet frame.

Vulnerable Product	Search on Vulmon	Subscribe to Product
opensuse opensuse 13.1
opensuse opensuse 13.2
canonical ubuntu linux 14.10
canonical ubuntu linux 14.04
canonical ubuntu linux 10.04
canonical ubuntu linux 12.04
oracle solaris 11.2
redhat tcpdump 4.6.2
redhat tcpdump 4.6.0
redhat tcpdump 4.6.1
redhat tcpdump 4.5.1
redhat tcpdump 4.5.2
redhat tcpdump 4.5.0

Several security issues were fixed in tcpdump ...

Debian Bug report logs - #770415 tcpdump: CVE-2014-8768: denial of service in verbose mode using malformed Geonet payload Package: tcpdump; Maintainer for tcpdump is Romain Francoise <rfrancoise@debianorg>; Source for tcpdump is src:tcpdump (PTS, buildd, popcon) Reported by: Nguyen Cong <congnguyenthe@toshiba-tsdvcom&g ...

Debian Bug report logs - #770424 tcpdump: CVE-2014-8769: unreliable output using malformed AOVD payload Package: tcpdump; Maintainer for tcpdump is Romain Francoise <rfrancoise@debianorg>; Source for tcpdump is src:tcpdump (PTS, buildd, popcon) Reported by: Nguyen Cong <congnguyenthe@toshiba-tsdvcom> Date: Fri, 21 ...

Debian Bug report logs - #770434 tcpdump: CVE-2014-8767: tcpdump denial of service in verbose mode using malformed OLSR payload Package: tcpdump; Maintainer for tcpdump is Romain Francoise <rfrancoise@debianorg>; Source for tcpdump is src:tcpdump (PTS, buildd, popcon) Reported by: Nguyen Cong <congnguyenthe@toshiba-tsdv ...

Multiple Integer underflows in the geonet_print function in tcpdump 450 through 462, when in verbose mode, allow remote attackers to cause a denial of service (segmentation fault and crash) via a crafted length value in a Geonet frame ...

CVE-2014-8768 tcpdump denial of service in verbose mode using malformed Geonet payload 1 Background tcpdump is a powerful command-line packet analyzer It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached 2 Summary Information It was found out t ...

tcpdump versions 450 through 462 suffers from a denial of service vulnerability when handling a malformed Geonet payload ...

CWE-191 http://packetstormsecurity.com/files/129156/tcpdump-4.6.2-Geonet-Denial-Of-Service.html http://seclists.org/fulldisclosure/2014/Nov/48 http://www.securityfocus.com/bid/71155 http://www.ubuntu.com/usn/USN-2433-1 http://www.exploit-db.com/exploits/35359 http://lists.opensuse.org/opensuse-updates/2015-02/msg00062.html http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html https://exchange.xforce.ibmcloud.com/vulnerabilities/98766 http://www.securityfocus.com/archive/1/534010/100/0/threaded https://usn.ubuntu.com/2433-1/https://nvd.nist.gov https://www.exploit-db.com/exploits/35359/https://access.redhat.com/security/cve/cve-2014-8768

CVE-2014-8768

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect