Fedora 31 : tcpreplay (2020-256ac53cc7)

critical Nessus Plugin ID 137788

Language:

Synopsis

The remote Fedora host is missing a security update.

Description

This release contains bug fixes only (which includes security fixes) :

- Increase cache buffers size to accomodate VLAN edits (#594)

- Correct L2 header length to correct IP header offset (#583)

- Fix warnings from gcc version 10 (#580)

- Heap Buffer Overflow in randomize_iparp (#579)

- Use after free in get_ipv6_next (#578)

- Heap Buffer Overflow in git_ipv6_next (#576)

- Call pcap_freecode() on pcap_compile() (#572)

- Increase max snaplen to 262144 (#571)

- Fix divide by zero in fuzzing (#570)

- Unique IP repeats at very high iteration counts (#566)

- Fails to compile on FreeBSD amd64 13.0 (#558)

- Heap Buffer Overflow in do_checksum (#556) (#577)

- Attempt to correct corrupt pcap files, if possible (#557)

- Fix GCC v10 warnings (#555)

- Remove some duplicated SOURCES entries (#551)

- Expand /dev/bpfX hard limit to fix macOS Mojave (#550)

- Implement --loopdelay-ms when using --loop=0 (#546)

- Heap overflow packet2tree and get_l2len (#530)

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected tcpreplay package.

See Also

https://bodhi.fedoraproject.org/updates/FEDORA-2020-256ac53cc7

Plugin Details

Severity: Critical

ID: 137788

File Name: fedora_2020-256ac53cc7.nasl

Version: 1.4

Type: local

Agent: unix

Published: 6/25/2020

Updated: 3/6/2024

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2019-8377

CVSS v3

Risk Factor: Critical

Base Score: 9.1

Temporal Score: 8.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2020-12740

Vulnerability Information

CPE: cpe:/o:fedoraproject:fedora:31, p-cpe:/a:fedoraproject:fedora:tcpreplay

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/25/2020

Vulnerability Publication Date: 2/17/2019

Reference Information

CVE: CVE-2019-8377, CVE-2020-12740