ID CVE-2016-6160
Summary tcprewrite in tcpreplay before 4.1.2 allows remote attackers to cause a denial of service (segmentation fault) via a large frame, a related issue to CVE-2017-14266.
References
Vulnerable Configurations
  • AppNeta Tcpreplay 4.1.1
    cpe:2.3:a:appneta:tcpreplay:4.1.1
CVSS
Base: 5.0 (as of 24-01-2017 - 12:52)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-544.NASL
    description The tcprewrite program, part of the tcpreplay suite, does not check the size of the frames it processes. Huge frames may trigger a segmentation fault, and such frames occur when caputuring packets on interfaces with an MTU of or close to 65536. For example, the loopback interface lo of the Linux kernel has such a value. For Debian 7 'Wheezy', these problems have been fixed in version 3.4.3-2+wheezy2. We recommend that you upgrade your tcpreplay packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-09
    plugin id 91977
    published 2016-07-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91977
    title Debian DLA-544-1 : tcpreplay security update
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-72DAE8EA7E.NASL
    description Security fix for CVE-2016-6160. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2017-01-30
    plugin id 92387
    published 2016-07-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92387
    title Fedora 23 : tcpreplay (2016-72dae8ea7e)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-1408.NASL
    description This update for tcpreplay to version 4.1.2 fixes the following issues : - CVE-2016-6160: Increase max packet size to 65549 to prevent segmentation faults (boo#987846)
    last seen 2019-02-21
    modified 2017-01-30
    plugin id 95591
    published 2016-12-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95591
    title openSUSE Security Update : tcpreplay (openSUSE-2016-1408)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-904ED1D231.NASL
    description Security fix for CVE-2016-6160. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2017-01-30
    plugin id 92390
    published 2016-07-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92390
    title Fedora 24 : tcpreplay (2016-904ed1d231)
refmap via4
confirm
mlist [oss-security] 20160705 CVE-2016-6160: Segmentation fault in tcprewrite (tcpreplay)
Last major update 24-01-2017 - 16:16
Published 23-01-2017 - 16:59
Last modified 25-09-2017 - 21:29
Back to Top