exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 9 of 9 RSS Feed

CVE-2015-2154

Status Candidate

Overview

The osi_print_cksum function in print-isoclns.c in the ethernet printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) length, (2) offset, or (3) base pointer checksum value.

Related Files

Red Hat Security Advisory 2017-1871-01
Posted Aug 1, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1871-01 - The tcpdump packages contain the tcpdump utility for monitoring network traffic. The tcpdump utility can capture and display the packet headers on a particular network interface or on all interfaces. The following packages have been upgraded to a later upstream version: tcpdump. Security Fix: Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode which could cause it to display incorrect data, crash or enter an infinite loop.

tags | advisory, overflow, vulnerability, protocol
systems | linux, redhat
advisories | CVE-2015-0261, CVE-2015-2153, CVE-2015-2154, CVE-2015-2155, CVE-2016-7922, CVE-2016-7923, CVE-2016-7924, CVE-2016-7925, CVE-2016-7926, CVE-2016-7927, CVE-2016-7928, CVE-2016-7929, CVE-2016-7930, CVE-2016-7931, CVE-2016-7932, CVE-2016-7933, CVE-2016-7934, CVE-2016-7935, CVE-2016-7936, CVE-2016-7937, CVE-2016-7938, CVE-2016-7939, CVE-2016-7940, CVE-2016-7973, CVE-2016-7974, CVE-2016-7975, CVE-2016-7983, CVE-2016-7984
SHA-256 | 543ecbee65f5ca3dd083ab9fb102943ec0f4ab45e0c6b83beeec67475a6e0ba9
Gentoo Linux Security Advisory 201510-04
Posted Nov 2, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201510-4 - Multiple vulnerabilities have been found in tcpdump, the worst of which can allow remote attackers to cause Denial of Service condition or executive arbitrary code. Versions less than 4.7.4 are affected.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2015-0261, CVE-2015-2153, CVE-2015-2154, CVE-2015-2155
SHA-256 | 8f44b4c35a4f81dafcda57ddeddbfc53a20fe647f7c2d18c988a66c606c662f2
Ubuntu Security Notice USN-2580-1
Posted Apr 27, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2580-1 - It was discovered that tcpdump incorrectly handled printing certain packets. A remote attacker could use this issue to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation, attackers would be isolated by the tcpdump AppArmor profile.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-0261, CVE-2015-2153, CVE-2015-2154, CVE-2015-2155
SHA-256 | 88f12e032c72a7978de45fa5ee30e9df27a082edd84f1f50f7f2e7542f99e1ff
Mandriva Linux Security Advisory 2015-182
Posted Mar 31, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-182 - Several vulnerabilities have been discovered in tcpdump. These vulnerabilities might result in denial of service (application crash) or, potentially, execution of arbitrary code.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2015-0261, CVE-2015-2153, CVE-2015-2154, CVE-2015-2155
SHA-256 | b518c5cc2a38d5563e0f4d450daeb9cd17df9da4bc1d189a065f06513f681a47
Mandriva Linux Security Advisory 2015-125
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-125 - The Tcpdump program could crash when processing a malformed OLSR payload when the verbose output flag was set. The application decoder for the Ad hoc On-Demand Distance Vector protocol in Tcpdump fails to perform input validation and performs unsafe out-of-bound accesses. The application will usually not crash, but perform out-of-bounds accesses and output/leak larger amounts of invalid data, which might lead to dropped packets. It is unknown if a payload exists that might trigger segfaults. It was discovered that tcpdump incorrectly handled printing PPP packets. A remote attacker could use this issue to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code. Several vulnerabilities have been discovered in tcpdump. These vulnerabilities might result in denial of service (application crash) or, potentially, execution of arbitrary code. .

tags | advisory, remote, denial of service, arbitrary, vulnerability, protocol
systems | linux, mandriva
advisories | CVE-2014-8767, CVE-2014-8769, CVE-2014-9140, CVE-2015-0261, CVE-2015-2153, CVE-2015-2154, CVE-2015-2155
SHA-256 | cccdf6a08416c7e233f85d97827ddb003d99b7d183693360b958ba81f6accaa2
Debian Security Advisory 3193-1
Posted Mar 18, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3193-1 - Several vulnerabilities have been discovered in tcpdump, a command-line network traffic analyzer. These vulnerabilities might result in denial of service (application crash) or, potentially, execution of arbitrary code.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2015-0261, CVE-2015-2153, CVE-2015-2154, CVE-2015-2155
SHA-256 | ab3815ba8d0e2672e234e5f127e052c0084060ae869aa409565552e7b04662a5
tcpdump 4.7.3
Posted Mar 11, 2015
Site tcpdump.org

tcpdump allows you to dump the traffic on a network. It can be used to print out the headers and/or contents of packets on a network interface that matches a given expression. You can use this tool to track down network problems, to detect many attacks, or to monitor the network activities.

Changes: Multiple security bugs addressed.
tags | tool, sniffer
systems | unix
advisories | CVE-2014-9140, CVE-2015-0261, CVE-2015-2153, CVE-2015-2154, CVE-2015-2155
SHA-256 | 1f87fb652ce996d41e7a06c601bc6ea29b13fee922945b23770c29490f1d8ace
tcpdump 4.7.2
Posted Mar 10, 2015
Site tcpdump.org

tcpdump allows you to dump the traffic on a network. It can be used to print out the headers and/or contents of packets on a network interface that matches a given expression. You can use this tool to track down network problems, to detect many attacks, or to monitor the network activities.

Changes: Multiple security bugs addressed.
tags | tool, sniffer
systems | unix
advisories | CVE-2014-9140, CVE-2015-0261, CVE-2015-2153, CVE-2015-2154, CVE-2015-2155
SHA-256 | f59a2bb77612a1392973ecf1ee165028abf5c151e04ae3999b98f94fd9d04ae7
tcpdump Denial Of Service / Code Execution
Posted Mar 10, 2015
Authored by Michael Richardson

tcpdump versions prior to 4.7.2 suffer from denial of service and code execution vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
advisories | CVE-2014-9140, CVE-2015-0261, CVE-2015-2153, CVE-2015-2154, CVE-2015-2155
SHA-256 | 424e9f605486e00763107ba04d05715cae9df6c2c581eb92b22d3a813d361721
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close