USN-3415-1: tcpdump vulnerabilities
USN-3415-1: tcpdump vulnerabilities Ubuntu Security Notice USN-3415-1 13th September, 2017 tcpdump vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in tcpdump. Software description tcpdump – command-line network traffic analyzer Details Wilfried Kirsch discovered a buffer overflow in the SLIP decoderin tcpdump. A remote attacker could use this to cause a denialof service (application crash) or possibly execute arbitrarycode. (CVE-2017-11543) Bhargava Shastry discovered a buffer overflow in the bitfield converterutility function bittok2str_internal() in tcpdump. A remote attackercould use this to cause a denial of service (application crash)or possibly execute arbitrary code. (CVE-2017-13011) Otto Airamo and Antti Levomäki discovered logic errors in differentprotocol parsers in tcpdump that could lead to an infinite loop. Aremote attacker could use these to cause a denial of service(application [ more… ]
