PT-2014-8723 · Tcpdump+2 · Tcpdump+2

Steffen Bauch

Publicado

2014-11-20

Atualizado

2024-06-15

CVE-2014-8768

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions tcpdump versions 4.5.0 through 4.6.2

Description The issue is related to multiple integer underflows in the geonet print function when tcpdump is in verbose mode. This allows remote attackers to cause a denial of service, resulting in a segmentation fault and crash, by sending a crafted length value in a Geonet frame.

Recommendations For versions 4.5.0 through 4.6.2, consider disabling the verbose mode as a temporary workaround until a patch is available. Restrict access to the geonet print function to minimize the risk of exploitation. Avoid using the verbose mode in the affected tcpdump versions until the issue is resolved.

Exploit

Correção

DoS

Integer Underflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-191

Identificadores relacionados

CVE-2014-8768

OPENSUSE-SU-2024:10396-1

SUSE-SU-2017:1110-1

USN-2433-1

Produtos afetados

Suse

Ubuntu

Tcpdump

PT-2014-8723 · Tcpdump+2 · Tcpdump+2

CVE-2014-8768

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 96