Published: 24/03/2015 Updated: 09/10/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The rpki_rtr_pdu_print function in print-rpki-rtr.c in the TCP printer in tcpdump prior to 4.7.2 allows remote malicious users to cause a denial of service (out-of-bounds read or write and crash) via a crafted header length in an RPKI-RTR Protocol Data Unit (PDU).

Vulnerable Product	Search on Vulmon	Subscribe to Product
tcpdump tcpdump

Synopsis Moderate: tcpdump security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for tcpdump is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring Sy ...

tcpdump could be made to crash or run programs if it received specially crafted network traffic ...

Several vulnerabilities have been discovered in tcpdump, a command-line network traffic analyzer These vulnerabilities might result in denial of service (application crash) or, potentially, execution of arbitrary code For the stable distribution (wheezy), these problems have been fixed in version 430-1+deb7u2 For the upcoming stable distributi ...

The rpki_rtr_pdu_print function in print-rpki-rtrc in the TCP printer in tcpdump before 472 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via a crafted header length in an RPKI-RTR Protocol Data Unit (PDU) ...

# Exploit Title: TcpDump rpki_rtr_pdu_print Out-of-Bounds Denial of Service # Date: 7182015 # Exploit Author: Luke Arntson arntsonl@gmailcom # Vendor Homepage: wwwtcpdumporg/ # Software Link: wwwtcpdumporg/ # Version: 462, 451, 440 # Tested on: Lubuntu 1404 64-bit # CVE : CVE-2015-2153 # Note: tcpdump must be running i ...

tcpdump suffers from a rpki_rtr_pdu_print denial of service vulnerability Versions affected include 462, 451, and 440 ...

An implementation of the CVE-2015-2153 exploit.

CVE-2015-2153 An implementation of the CVE-2015-2153 exploit The exploit-db post can be found at wwwexploit-dbcom/exploits/37663/

CWE-119 http://www.debian.org/security/2015/dsa-3193 https://bugzilla.redhat.com/show_bug.cgi?id=1201795 http://packetstormsecurity.com/files/130730/tcpdump-Denial-Of-Service-Code-Execution.html http://www.securitytracker.com/id/1031937 http://lists.opensuse.org/opensuse-updates/2015-03/msg00084.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:182 http://advisories.mageia.org/MGASA-2015-0114.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:125 http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153834.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153999.html http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html https://security.gentoo.org/glsa/201510-04 http://www.securityfocus.com/bid/73018 http://www.ubuntu.com/usn/USN-2580-1 https://www.exploit-db.com/exploits/37663/https://access.redhat.com/errata/RHSA-2017:1871 http://www.securityfocus.com/archive/1/534829/100/0/threaded https://access.redhat.com/errata/RHSA-2017:1871 https://usn.ubuntu.com/2580-1/https://nvd.nist.gov https://www.exploit-db.com/exploits/37663/https://access.redhat.com/security/cve/cve-2015-2153

CVE-2015-2153

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect