ID CVE-2015-0261
Summary Integer signedness error in the mobility_opt_print function in the IPv6 mobility printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) or possibly execute arbitrary code via a negative length value.
References
Vulnerable Configurations
  • cpe:2.3:a:tcpdump:tcpdump:3.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:tcpdump:tcpdump:3.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:tcpdump:tcpdump:3.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:tcpdump:tcpdump:3.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:tcpdump:tcpdump:3.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:tcpdump:tcpdump:3.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:tcpdump:tcpdump:3.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:tcpdump:tcpdump:3.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:tcpdump:tcpdump:3.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:tcpdump:tcpdump:3.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:tcpdump:tcpdump:3.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:tcpdump:tcpdump:3.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:tcpdump:tcpdump:3.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:tcpdump:tcpdump:3.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:tcpdump:tcpdump:3.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:tcpdump:tcpdump:3.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:tcpdump:tcpdump:3.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:tcpdump:tcpdump:3.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:tcpdump:tcpdump:3.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:tcpdump:tcpdump:3.8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:tcpdump:tcpdump:3.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:tcpdump:tcpdump:3.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:tcpdump:tcpdump:3.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:tcpdump:tcpdump:3.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:tcpdump:tcpdump:3.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:tcpdump:tcpdump:3.9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:tcpdump:tcpdump:3.9.5:*:*:*:*:*:*:*
    cpe:2.3:a:tcpdump:tcpdump:3.9.5:*:*:*:*:*:*:*
  • cpe:2.3:a:tcpdump:tcpdump:3.9.6:*:*:*:*:*:*:*
    cpe:2.3:a:tcpdump:tcpdump:3.9.6:*:*:*:*:*:*:*
  • cpe:2.3:a:tcpdump:tcpdump:3.9.7:*:*:*:*:*:*:*
    cpe:2.3:a:tcpdump:tcpdump:3.9.7:*:*:*:*:*:*:*
  • cpe:2.3:a:tcpdump:tcpdump:3.9.8:*:*:*:*:*:*:*
    cpe:2.3:a:tcpdump:tcpdump:3.9.8:*:*:*:*:*:*:*
  • cpe:2.3:a:tcpdump:tcpdump:4.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:tcpdump:tcpdump:4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tcpdump:tcpdump:4.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:tcpdump:tcpdump:4.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tcpdump:tcpdump:4.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:tcpdump:tcpdump:4.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:tcpdump:tcpdump:4.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:tcpdump:tcpdump:4.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:tcpdump:tcpdump:4.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:tcpdump:tcpdump:4.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tcpdump:tcpdump:4.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:tcpdump:tcpdump:4.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tcpdump:tcpdump:4.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:tcpdump:tcpdump:4.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tcpdump:tcpdump:4.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:tcpdump:tcpdump:4.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:tcpdump:tcpdump:4.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:tcpdump:tcpdump:4.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tcpdump:tcpdump:4.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:tcpdump:tcpdump:4.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:tcpdump:tcpdump:4.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:tcpdump:tcpdump:4.7.0:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 09-10-2018 - 19:55)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
redhat via4
advisories
rhsa
id RHSA-2017:1871
rpms
  • tcpdump-14:4.9.0-5.el7
  • tcpdump-debuginfo-14:4.9.0-5.el7
refmap via4
bid 73019
bugtraq 20150309 tcpdump 4.7.2 remote crashes
confirm
debian DSA-3193
fedora
  • FEDORA-2015-4804
  • FEDORA-2015-4939
gentoo GLSA-201510-04
mandriva
  • MDVSA-2015:125
  • MDVSA-2015:182
misc http://packetstormsecurity.com/files/130730/tcpdump-Denial-Of-Service-Code-Execution.html
sectrack 1031937
suse openSUSE-SU-2015:0616
ubuntu USN-2580-1
Last major update 09-10-2018 - 19:55
Published 24-03-2015 - 17:59
Last modified 09-10-2018 - 19:55
Back to Top