Huawei EulerOS: Security Advisory for tcpdump (EulerOS-SA-2020-1072)

Published: 2020-01-23 13:18:58
CVE Author: NIST National Vulnerability Database (NVD)

CVSS Base Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Summary:
The remote host is missing an update for the Huawei EulerOS 'tcpdump' Linux Distribution Package(s) announced via the EulerOS-SA-2020-1072 advisory.

Detection Method:
Checks if a vulnerable Linux Distribution Package version is present on the target host.

Technical Details:
tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234:'ND_PRINT((ndo, '%s', buf)), ', in function named 'print_prefix', in 'print-hncp.c'. The attack vector is: The victim must open a specially crafted pcap file.(CVE-2019-1010220) In tcpdump 4.9.2, a stack-based buffer over-read exists in the print_prefix function of print-hncp.c via crafted packet data because of missing initialization.(CVE-2018-19519) This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2019-15167) lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.(CVE-2019-15166) The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().(CVE-2018-16228) The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion.(CVE-2018-16300) The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion.(CVE-2018-16452) The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI).(CVE-2018-16230) libpcap before 1.9.1, as used in tcpdump before 4.9.3, has a buffer overflow and/or over-read because of errors in pcapng reading.(CVE-2018-16301) The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().(CVE-2018-16229) The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield.(CVE-2018-16227) The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c.(CVE-2018-14882) The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN.(CVE-2018-16451) The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().(CVE-2018-14880) tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2).(CVE-2018-10105) tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2).(CVE-2018-10103) The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP).(CVE-2018-14467) The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print().(CVE-2018-14463) The LMP parser in tcpdump before 4.9.3 has a ... Description truncated. Please see the references for more information.

Affected Versions:
'tcpdump' Linux Distribution Package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.5.0.

Recommendations:
Please install the updated Linux Distribution Package(s).

Solution Type:
Vendor Patch

Detection Type:
Linux Distribution Package

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

https://nvd.nist.gov/vuln/detail/CVE-2017-16808
https://nvd.nist.gov/vuln/detail/CVE-2018-10103
https://nvd.nist.gov/vuln/detail/CVE-2018-10105
https://nvd.nist.gov/vuln/detail/CVE-2018-14461
https://nvd.nist.gov/vuln/detail/CVE-2018-14462
https://nvd.nist.gov/vuln/detail/CVE-2018-14463
https://nvd.nist.gov/vuln/detail/CVE-2018-14464
https://nvd.nist.gov/vuln/detail/CVE-2018-14465
https://nvd.nist.gov/vuln/detail/CVE-2018-14466
https://nvd.nist.gov/vuln/detail/CVE-2018-14467
https://nvd.nist.gov/vuln/detail/CVE-2018-14468
https://nvd.nist.gov/vuln/detail/CVE-2018-14469
https://nvd.nist.gov/vuln/detail/CVE-2018-14470
https://nvd.nist.gov/vuln/detail/CVE-2018-14880
https://nvd.nist.gov/vuln/detail/CVE-2018-14881
https://nvd.nist.gov/vuln/detail/CVE-2018-14882
https://nvd.nist.gov/vuln/detail/CVE-2018-16227
https://nvd.nist.gov/vuln/detail/CVE-2018-16228
https://nvd.nist.gov/vuln/detail/CVE-2018-16229
https://nvd.nist.gov/vuln/detail/CVE-2018-16230
https://nvd.nist.gov/vuln/detail/CVE-2018-16300
https://nvd.nist.gov/vuln/detail/CVE-2018-16301
https://nvd.nist.gov/vuln/detail/CVE-2018-16451
https://nvd.nist.gov/vuln/detail/CVE-2018-16452
https://nvd.nist.gov/vuln/detail/CVE-2018-19519
https://nvd.nist.gov/vuln/detail/CVE-2019-1010220
https://nvd.nist.gov/vuln/detail/CVE-2019-15166
https://nvd.nist.gov/vuln/detail/CVE-2019-15167

References:

https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1072

Search
Severity
High
CVSS Score
7.5

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.