[arch-security] [ASA-201709-5] tcpdump: multiple issues
Arch Linux Security Advisory ASA-201709-5 ========================================= Severity: Critical Date : 2017-09-13 CVE-ID : CVE-2017-11541 CVE-2017-11542 CVE-2017-11543 CVE-2017-12893 CVE-2017-12894 CVE-2017-12895 CVE-2017-12896 CVE-2017-12897 CVE-2017-12898 CVE-2017-12899 CVE-2017-12900 CVE-2017-12901 CVE-2017-12902 CVE-2017-12985 CVE-2017-12986 CVE-2017-12987 CVE-2017-12988 CVE-2017-12989 CVE-2017-12990 CVE-2017-12991 CVE-2017-12992 CVE-2017-12993 CVE-2017-12994 CVE-2017-12995 CVE-2017-12996 CVE-2017-12997 CVE-2017-12998 CVE-2017-12999 CVE-2017-13000 CVE-2017-13001 CVE-2017-13002 CVE-2017-13003 CVE-2017-13004 CVE-2017-13005 CVE-2017-13006 CVE-2017-13007 CVE-2017-13008 CVE-2017-13009 CVE-2017-13010 CVE-2017-13011 CVE-2017-13012 CVE-2017-13013 CVE-2017-13014 CVE-2017-13015 CVE-2017-13016 CVE-2017-13017 CVE-2017-13018 CVE-2017-13019 CVE-2017-13020 CVE-2017-13021 CVE-2017-13022 CVE-2017-13023 CVE-2017-13024 CVE-2017-13025 CVE-2017-13026 CVE-2017-13027 CVE-2017-13028 CVE-2017-13029 CVE-2017-13030 CVE-2017-13031 CVE-2017-13032 CVE-2017-13033 CVE-2017-13034 CVE-2017-13035 CVE-2017-13036 CVE-2017-13037 CVE-2017-13038 CVE-2017-13039 CVE-2017-13040 CVE-2017-13041 CVE-2017-13042 CVE-2017-13043 CVE-2017-13044 CVE-2017-13045 CVE-2017-13046 CVE-2017-13047 CVE-2017-13048 CVE-2017-13049 CVE-2017-13050 CVE-2017-13051 CVE-2017-13052 CVE-2017-13053 CVE-2017-13054 CVE-2017-13055 CVE-2017-13687 CVE-2017-13688 CVE-2017-13689 CVE-2017-13690 CVE-2017-13725 Package : tcpdump Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-361 Summary ======= The package tcpdump before version 4.9.2-1 is vulnerable to multiple issues including arbitrary code execution and denial of service. Resolution ========== Upgrade to 4.9.2-1. # pacman -Syu "tcpdump>=4.9.2-1" The problems have been fixed upstream in version 4.9.2. Workaround ========== None. Description =========== - CVE-2017-11541 (denial of service) A heap-based out-of-bounds read vulnerability was discovered in tcpdump <= 4.9.1, in the lldp_print function in print-lldp.c, related to util- print.c. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash when attempting to print a summary of the packet data. - CVE-2017-11542 (denial of service) A heap-based out-of-bounds read vulnerability was discovered in tcpdump <= 4.9.1, in the pimv1_print function in print-pim.c. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash when attempting to print a summary of the packet data. - CVE-2017-11543 (arbitrary code execution) An out-of-bounds write vulnerability was discovered in tcpdump's handling of LINKTYPE_SLIP in the sliplink_print function in print-sl.c. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash or possibly execute arbitrary code when attempting to print a summary of the packet data. - CVE-2017-12893 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of SMB/CIFS in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-12894 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's parsers when calling lookup_bytestring in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-12895 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of ICMP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-12896 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of ISAKMP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-12897 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of ISO CLNS in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-12898 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of NFS in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-12899 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of DECnet in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-12900 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's parsers when calling tok2strbuf in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-12901 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of EIGRP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-12902 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of Zephyr in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-12985 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of IPv6 in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-12986 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of IPv6 routing headers in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-12987 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of IEEE 802.11 in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-12988 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of telnet in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-12989 (denial of service) An infinite loop vulnerability was discovered in tcpdump's handling of RESP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to enter an infinite loop while processing the packet data leading to denial of service. - CVE-2017-12990 (denial of service) An infinite loop vulnerability was discovered in tcpdump's handling of ISAKMP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to enter an infinite loop while processing the packet data leading to denial of service. - CVE-2017-12991 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of BGP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-12992 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of RIPng in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-12993 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of Juniper in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-12994 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of BGP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-12995 (denial of service) An infinite loop vulnerability was discovered in tcpdump's handling of DNS in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to enter an infinite loop while processing the packet data leading to denial of service. - CVE-2017-12996 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of PIMv2 in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-12997 (denial of service) An infinite loop vulnerability was discovered in tcpdump's handling of LLDP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to enter an infinite loop while processing the packet data leading to denial of service. - CVE-2017-12998 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of ISO IS-IS in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-12999 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of ISO IS-IS in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13000 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of IEEE 802.15.4 in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13001 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of NFS in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13002 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of AODV in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13003 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of LMP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13004 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of Juniper in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13005 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of NFS in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13006 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of L2TP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13007 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of Apple PKTAP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13008 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of IEEE 802.11 in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13009 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of IPv6 mobility in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13010 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of BEEP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13011 (arbitrary code execution) An out-of-bounds write vulnerability was discovered in tcpdump's parsers when calling bittok2str_internal. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash or possibly execute arbitrary code while processing the packet data. - CVE-2017-13012 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of ICMP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13013 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of ARP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13014 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of White Board in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13015 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of EAP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13016 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of ISO ES-IS in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13017 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of DHCPv6 in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13018 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of PGM in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13019 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of PGM in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13020 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of VTP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13021 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of ICMPv6 in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13022 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of IP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13023 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of IPv6 mobility in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13024 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of IPv6 mobility in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13025 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of IPv6 mobility in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13026 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of ISO IS-IS in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13027 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of LLDP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13028 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of BOOTP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13029 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of PPP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13030 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of PIM in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13031 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of IPv6 fragmentation header in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13032 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of RADIUS in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13033 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of VTP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13034 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of PGM in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13035 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of ISO IS-IS in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13036 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of OSPFv3 in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13037 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of IP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13038 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of PPP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13039 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of ISAKMP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13040 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of MPTCP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13041 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of ICMPv6 in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13042 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of HNCP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13043 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of BGP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13044 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of HNCP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13045 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of VQP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13046 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of BGP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13047 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of ISO ES-IP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13048 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of RSVP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13049 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of Rx in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13050 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of RPKI-Router in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13051 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of RSVP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13052 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of CFM in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13053 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of BGP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13054 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of LLDP in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13055 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of ISO IS-IS in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13687 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of Cisco HDLC in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13688 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of OLSR in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13689 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of IKEv1 in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13690 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of IKEv2 in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. - CVE-2017-13725 (denial of service) An out-of-bounds read vulnerability was discovered in tcpdump's handling of IPv6 routing headers in tcpdump <= 4.9.1. An attacker could craft a malicious pcap file or send specially crafted packets to the network that would cause tcpdump to crash while processing the packet data. Impact ====== A remote attacker is able to crash the application or execute arbitrary code by tricking the user to open a specially crafted pcap file or by sending specially crafted packets to the network. References ========== http://www.tcpdump.org/tcpdump-changes.txt https://github.com/hackerlib/hackerlib-vul/tree/master/tcpdump-vul/heap-buff... https://github.com/the-tcpdump-group/tcpdump/commit/21d702a136c5c16882e368af... https://github.com/hackerlib/hackerlib-vul/tree/master/tcpdump-vul/heap-buff... https://github.com/the-tcpdump-group/tcpdump/commit/bed48062a64fca524156d768... https://github.com/the-tcpdump-group/tcpdump/commit/7039327875525278d17edee5... https://github.com/hackerlib/hackerlib-vul/tree/master/tcpdump-vul/global-ov... https://github.com/the-tcpdump-group/tcpdump/commit/6f5ba2b651cd9d4b7fa8ee5c... https://github.com/the-tcpdump-group/tcpdump/commit/730fc35968c5433b9e2a8297... https://github.com/the-tcpdump-group/tcpdump/commit/2b62d1dda41590db29368ec7... https://github.com/the-tcpdump-group/tcpdump/commit/4e430c6b0d8b7e77c7abca7e... https://github.com/the-tcpdump-group/tcpdump/commit/f76e7feb41a4327d2b097844... https://github.com/the-tcpdump-group/tcpdump/commit/1dcd10aceabbc03bf571ea32... https://github.com/the-tcpdump-group/tcpdump/commit/19d25dd8781620cd41bf178a... https://github.com/the-tcpdump-group/tcpdump/commit/f96003b21e2abfbba59b926b... https://github.com/the-tcpdump-group/tcpdump/commit/c6e0531b5def26ecf912e8de... https://github.com/the-tcpdump-group/tcpdump/commit/0318fa8b61bd6c837641129d... https://github.com/the-tcpdump-group/tcpdump/commit/de981e6070d168b58ec1bb07... https://github.com/the-tcpdump-group/tcpdump/commit/6ec0c6fa63412c7a07a5bcb7... https://github.com/the-tcpdump-group/tcpdump/commit/d17507ffa3e9742199b02a66... https://github.com/the-tcpdump-group/tcpdump/commit/66df248b49095c261138b5a5... https://github.com/the-tcpdump-group/tcpdump/commit/7ac73d6cd41e9d4ac0ca7e68... https://github.com/the-tcpdump-group/tcpdump/commit/2ecb9d2c67d9119250c54811... https://github.com/the-tcpdump-group/tcpdump/commit/99798bd9a41bd3d03fdc1e94... https://github.com/the-tcpdump-group/tcpdump/commit/8934a7d6307267d301182f19... https://github.com/the-tcpdump-group/tcpdump/commit/db24063b01cba8e9d4d88b7d... https://github.com/the-tcpdump-group/tcpdump/commit/c2ef693866beae071a24b45c... https://github.com/the-tcpdump-group/tcpdump/commit/50a44b6b8e4f7c127440dbd4... https://github.com/the-tcpdump-group/tcpdump/commit/e942fb84fbe3a73a98a00d2a... https://github.com/the-tcpdump-group/tcpdump/commit/b534e304568585707c4a9242... https://github.com/the-tcpdump-group/tcpdump/commit/ffde45acf3348f8353fb4064... https://github.com/the-tcpdump-group/tcpdump/commit/3a76fd7c95fced2c2f8c8148... https://github.com/the-tcpdump-group/tcpdump/commit/6fca58f5f9c96749a575f52e... https://github.com/the-tcpdump-group/tcpdump/commit/34cec721d39c76be1e0a6008... https://github.com/the-tcpdump-group/tcpdump/commit/979dcefd7b259e9e233f77fe... https://github.com/the-tcpdump-group/tcpdump/commit/3b32029db354cbc875127869... https://github.com/the-tcpdump-group/tcpdump/commit/8512734883227c11568bb35d... https://github.com/the-tcpdump-group/tcpdump/commit/a7e5f58f402e6919ec444a57... https://github.com/the-tcpdump-group/tcpdump/commit/9be4e0b5938b705e7e36cfcb... https://github.com/the-tcpdump-group/tcpdump/commit/7a923447fd49a069a0fd3b6c... https://github.com/the-tcpdump-group/tcpdump/commit/cbddb98484ea8ec1deece351... https://github.com/the-tcpdump-group/tcpdump/commit/a25211918f2e790c67d859d2... https://github.com/the-tcpdump-group/tcpdump/commit/35d146b7a66496d72cdeb95c... https://github.com/the-tcpdump-group/tcpdump/commit/42073d54c53a496be40ae841... https://github.com/the-tcpdump-group/tcpdump/commit/b45a9a167ca6a3ef2752ae9d... https://github.com/the-tcpdump-group/tcpdump/commit/cc4a7391c616be7a64ed6574... https://github.com/the-tcpdump-group/tcpdump/commit/ca336198e8bebccc18502de2... https://github.com/the-tcpdump-group/tcpdump/commit/5edf405d7ed9fc92f4f43e8a... https://github.com/the-tcpdump-group/tcpdump/commit/db8c799f6dfc68765c9451fc... https://github.com/the-tcpdump-group/tcpdump/commit/877b66b398518d9501513e08... https://github.com/the-tcpdump-group/tcpdump/commit/9f0730bee3eb65d07b49fd46... https://github.com/the-tcpdump-group/tcpdump/commit/8509ef02eceb2bbb479cea10... https://github.com/the-tcpdump-group/tcpdump/commit/13ab8d18617d616c7d343530... https://github.com/the-tcpdump-group/tcpdump/commit/cc356512f512e7fa423b3674... https://github.com/the-tcpdump-group/tcpdump/commit/985122081165753c7442bd78... https://github.com/the-tcpdump-group/tcpdump/commit/c177cb3800a9a68d79b2812f... https://github.com/the-tcpdump-group/tcpdump/commit/11b426ee05eb62ed10321852... https://github.com/the-tcpdump-group/tcpdump/commit/26a6799b9ca80508c05cac7a... https://github.com/the-tcpdump-group/tcpdump/commit/4601c685e7fd19c3724d5e49... https://github.com/the-tcpdump-group/tcpdump/commit/d692d67332bcc90540088ad8... https://github.com/the-tcpdump-group/tcpdump/commit/c5dd7bef5e54da5996dc4713... https://github.com/the-tcpdump-group/tcpdump/commit/67c7126062d59729cd421bb3... https://github.com/the-tcpdump-group/tcpdump/commit/eee0b04bcfdae319c242b0b8... https://github.com/the-tcpdump-group/tcpdump/commit/b8e559afaeb8fe0604a1f8e3... https://github.com/the-tcpdump-group/tcpdump/commit/2e1f6d9320afa83abc1ff716... https://github.com/the-tcpdump-group/tcpdump/commit/7d3aba9f06899d0128ef46e8... https://github.com/the-tcpdump-group/tcpdump/commit/5338aac7b8b880b0c5e0c15e... https://github.com/the-tcpdump-group/tcpdump/commit/b20e1639dbac84b3fcb39385... https://github.com/the-tcpdump-group/tcpdump/commit/a77ff09c46560bc895dea11d... https://github.com/the-tcpdump-group/tcpdump/commit/66e22961b30547e9a8daa1f0... https://github.com/the-tcpdump-group/tcpdump/commit/29e5470e6ab84badbc31f453... https://github.com/the-tcpdump-group/tcpdump/commit/7029d15f148ef24bb7c6668b... https://github.com/the-tcpdump-group/tcpdump/commit/5dc1860d8267b1e0cb78c9ff... https://github.com/the-tcpdump-group/tcpdump/commit/2d669862df7cd17f53912904... https://github.com/the-tcpdump-group/tcpdump/commit/1bc78d795cd5cad552549865... https://github.com/the-tcpdump-group/tcpdump/commit/ae83295915d08a854de27a88... https://github.com/the-tcpdump-group/tcpdump/commit/da6f1a677bfa4476abaeaf9b... https://github.com/the-tcpdump-group/tcpdump/commit/571a6f33f47e7a2394fa08f9... https://github.com/the-tcpdump-group/tcpdump/commit/88b2dac837e81cf56dce05e6... https://github.com/the-tcpdump-group/tcpdump/commit/2c2cfbd2b771ac888bc5c4a6... https://github.com/the-tcpdump-group/tcpdump/commit/7335163a6ef82d46ff18f3e6... https://github.com/the-tcpdump-group/tcpdump/commit/e0a5a02b0fc1900a69d6c37e... https://github.com/the-tcpdump-group/tcpdump/commit/4c3aee4bb0294c232d56b6d3... https://github.com/the-tcpdump-group/tcpdump/commit/f4b9e24c7384d882a7f434cc... https://github.com/the-tcpdump-group/tcpdump/commit/39582c04cc5e34054b2936b4... https://github.com/the-tcpdump-group/tcpdump/commit/d515b4b4a300479cdf1a6e0d... https://github.com/the-tcpdump-group/tcpdump/commit/c2f6833dddecf2d5fb89c9c8... https://github.com/the-tcpdump-group/tcpdump/commit/3b36ec4e713dea9266db1197... https://github.com/the-tcpdump-group/tcpdump/commit/d10a0f980fe8f9407ab1ffbd... https://github.com/the-tcpdump-group/tcpdump/commit/331530a4076c69bbd2e3214d... https://github.com/the-tcpdump-group/tcpdump/commit/3c8a2b0e91d8d8947e89384d... https://github.com/the-tcpdump-group/tcpdump/commit/aa0858100096a3490edf9303... https://github.com/the-tcpdump-group/tcpdump/commit/83c64fce3a5226b080e535f5... https://github.com/the-tcpdump-group/tcpdump/commit/289c672020280529fd382f35... https://github.com/the-tcpdump-group/tcpdump/commit/5d340a5ca6e420a70297cdbd... https://github.com/the-tcpdump-group/tcpdump/commit/bd4e697ebd6c8457efa8f28f... https://github.com/the-tcpdump-group/tcpdump/commit/e6511cc1a950fe1566b22363... https://github.com/the-tcpdump-group/tcpdump/commit/5d0d76e88ee2d3236d7e0325... https://github.com/the-tcpdump-group/tcpdump/commit/866c60236c41cea1e1654c8a... https://github.com/the-tcpdump-group/tcpdump/commit/a1eefe986065846b6c69dbc0... https://github.com/the-tcpdump-group/tcpdump/commit/0cb1b8a434b599b8d636db02... https://github.com/the-tcpdump-group/tcpdump/commit/061e7371a944588f231cb1b6... https://github.com/the-tcpdump-group/tcpdump/commit/8dca25d26c7ca2caf6138267... https://github.com/the-tcpdump-group/tcpdump/commit/c7c515ee03c285cc51376328... https://github.com/the-tcpdump-group/tcpdump/commit/3c4d7c0ee30a30e5abff3d6d... https://security.archlinux.org/CVE-2017-11541 https://security.archlinux.org/CVE-2017-11542 https://security.archlinux.org/CVE-2017-11543 https://security.archlinux.org/CVE-2017-12893 https://security.archlinux.org/CVE-2017-12894 https://security.archlinux.org/CVE-2017-12895 https://security.archlinux.org/CVE-2017-12896 https://security.archlinux.org/CVE-2017-12897 https://security.archlinux.org/CVE-2017-12898 https://security.archlinux.org/CVE-2017-12899 https://security.archlinux.org/CVE-2017-12900 https://security.archlinux.org/CVE-2017-12901 https://security.archlinux.org/CVE-2017-12902 https://security.archlinux.org/CVE-2017-12985 https://security.archlinux.org/CVE-2017-12986 https://security.archlinux.org/CVE-2017-12987 https://security.archlinux.org/CVE-2017-12988 https://security.archlinux.org/CVE-2017-12989 https://security.archlinux.org/CVE-2017-12990 https://security.archlinux.org/CVE-2017-12991 https://security.archlinux.org/CVE-2017-12992 https://security.archlinux.org/CVE-2017-12993 https://security.archlinux.org/CVE-2017-12994 https://security.archlinux.org/CVE-2017-12995 https://security.archlinux.org/CVE-2017-12996 https://security.archlinux.org/CVE-2017-12997 https://security.archlinux.org/CVE-2017-12998 https://security.archlinux.org/CVE-2017-12999 https://security.archlinux.org/CVE-2017-13000 https://security.archlinux.org/CVE-2017-13001 https://security.archlinux.org/CVE-2017-13002 https://security.archlinux.org/CVE-2017-13003 https://security.archlinux.org/CVE-2017-13004 https://security.archlinux.org/CVE-2017-13005 https://security.archlinux.org/CVE-2017-13006 https://security.archlinux.org/CVE-2017-13007 https://security.archlinux.org/CVE-2017-13008 https://security.archlinux.org/CVE-2017-13009 https://security.archlinux.org/CVE-2017-13010 https://security.archlinux.org/CVE-2017-13011 https://security.archlinux.org/CVE-2017-13012 https://security.archlinux.org/CVE-2017-13013 https://security.archlinux.org/CVE-2017-13014 https://security.archlinux.org/CVE-2017-13015 https://security.archlinux.org/CVE-2017-13016 https://security.archlinux.org/CVE-2017-13017 https://security.archlinux.org/CVE-2017-13018 https://security.archlinux.org/CVE-2017-13019 https://security.archlinux.org/CVE-2017-13020 https://security.archlinux.org/CVE-2017-13021 https://security.archlinux.org/CVE-2017-13022 https://security.archlinux.org/CVE-2017-13023 https://security.archlinux.org/CVE-2017-13024 https://security.archlinux.org/CVE-2017-13025 https://security.archlinux.org/CVE-2017-13026 https://security.archlinux.org/CVE-2017-13027 https://security.archlinux.org/CVE-2017-13028 https://security.archlinux.org/CVE-2017-13029 https://security.archlinux.org/CVE-2017-13030 https://security.archlinux.org/CVE-2017-13031 https://security.archlinux.org/CVE-2017-13032 https://security.archlinux.org/CVE-2017-13033 https://security.archlinux.org/CVE-2017-13034 https://security.archlinux.org/CVE-2017-13035 https://security.archlinux.org/CVE-2017-13036 https://security.archlinux.org/CVE-2017-13037 https://security.archlinux.org/CVE-2017-13038 https://security.archlinux.org/CVE-2017-13039 https://security.archlinux.org/CVE-2017-13040 https://security.archlinux.org/CVE-2017-13041 https://security.archlinux.org/CVE-2017-13042 https://security.archlinux.org/CVE-2017-13043 https://security.archlinux.org/CVE-2017-13044 https://security.archlinux.org/CVE-2017-13045 https://security.archlinux.org/CVE-2017-13046 https://security.archlinux.org/CVE-2017-13047 https://security.archlinux.org/CVE-2017-13048 https://security.archlinux.org/CVE-2017-13049 https://security.archlinux.org/CVE-2017-13050 https://security.archlinux.org/CVE-2017-13051 https://security.archlinux.org/CVE-2017-13052 https://security.archlinux.org/CVE-2017-13053 https://security.archlinux.org/CVE-2017-13054 https://security.archlinux.org/CVE-2017-13055 https://security.archlinux.org/CVE-2017-13687 https://security.archlinux.org/CVE-2017-13688 https://security.archlinux.org/CVE-2017-13689 https://security.archlinux.org/CVE-2017-13690 https://security.archlinux.org/CVE-2017-13725
participants (1)
-
Levente Polyak