Detections
Analytics

SUSE SLES11 Security Update : tcpdump (SUSE-SU-2019:14191-1)

critical Nessus Plugin ID 150563

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES11 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2019:14191-1 advisory.

 - The SMB/CIFS parser in tcpdump before 4.9.2 has a buffer over-read in smbutil.c:name_len().
 (CVE-2017-12893)

 - Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in addrtoname.c:lookup_bytestring(). (CVE-2017-12894)

 - The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:isakmp_rfc3948_print().
 (CVE-2017-12896)

 - The ISO CLNS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isoclns_print().
 (CVE-2017-12897)

 - The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:interp_reply().
 (CVE-2017-12898)

 - The DECnet parser in tcpdump before 4.9.2 has a buffer over-read in print-decnet.c:decnet_print().
 (CVE-2017-12899)

 - Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in util- print.c:tok2strbuf(). (CVE-2017-12900)

 - The EIGRP parser in tcpdump before 4.9.2 has a buffer over-read in print-eigrp.c:eigrp_print().
 (CVE-2017-12901)

 - The Zephyr parser in tcpdump before 4.9.2 has a buffer over-read in print-zephyr.c, several functions.
 (CVE-2017-12902)

 - The IPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-ip6.c:ip6_print().
 (CVE-2017-12985)

 - The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print().
 (CVE-2017-12986, CVE-2017-13725)

 - The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements().
 (CVE-2017-12987, CVE-2017-13008)

 - The telnet parser in tcpdump before 4.9.2 has a buffer over-read in print-telnet.c:telnet_parse().
 (CVE-2017-12988)

 - The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print().
 (CVE-2017-12991)

 - The RIPng parser in tcpdump before 4.9.2 has a buffer over-read in print-ripng.c:ripng_print().
 (CVE-2017-12992)

 - The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print-juniper.c, several functions. (CVE-2017-12993)

 - The DNS parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print- domain.c:ns_print(). (CVE-2017-12995)

 - The PIMv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c:pimv2_print().
 (CVE-2017-12996)

 - The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print- isoclns.c:isis_print_extd_ip_reach(). (CVE-2017-12998)

 - The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print().
 (CVE-2017-12999)

 - The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:nfs_printfh().
 (CVE-2017-13001)

 - The AODV parser in tcpdump before 4.9.2 has a buffer over-read in print-aodv.c:aodv_extension().
 (CVE-2017-13002)

 - The LMP parser in tcpdump before 4.9.2 has a buffer over-read in print-lmp.c:lmp_print(). (CVE-2017-13003)

 - The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print- juniper.c:juniper_parse_header(). (CVE-2017-13004)

 - The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:xid_map_enter().
 (CVE-2017-13005)

 - The L2TP parser in tcpdump before 4.9.2 has a buffer over-read in print-l2tp.c, several functions.
 (CVE-2017-13006)

 - The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print- mobility.c:mobility_print(). (CVE-2017-13009)

 - The BEEP parser in tcpdump before 4.9.2 has a buffer over-read in print-beep.c:l_strnstart().
 (CVE-2017-13010)

 - The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp.c:icmp_print().
 (CVE-2017-13012)

 - The ARP parser in tcpdump before 4.9.2 has a buffer over-read in print-arp.c, several functions.
 (CVE-2017-13013)

 - The White Board protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-wb.c:wb_prep(), several functions. (CVE-2017-13014)

 - The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esis_print().
 (CVE-2017-13016, CVE-2017-13047)

 - The DHCPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-dhcp6.c:dhcp6opt_print().
 (CVE-2017-13017)

 - The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print(). (CVE-2017-13018, CVE-2017-13019, CVE-2017-13034)

 - The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_print().
 (CVE-2017-13021)

 - The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printroute().
 (CVE-2017-13022)

 - The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print- mobility.c:mobility_opt_print(). (CVE-2017-13023, CVE-2017-13024, CVE-2017-13025)

 - The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_mgmt_addr_tlv_print().
 (CVE-2017-13027)

 - The BOOTP parser in tcpdump before 4.9.2 has a buffer over-read in print-bootp.c:bootp_print().
 (CVE-2017-13028)

 - The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:print_ccp_config_options().
 (CVE-2017-13029)

 - The PIM parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c, several functions.
 (CVE-2017-13030)

 - The IPv6 fragmentation header parser in tcpdump before 4.9.2 has a buffer over-read in print- frag6.c:frag6_print(). (CVE-2017-13031)

 - The RADIUS parser in tcpdump before 4.9.2 has a buffer over-read in print-radius.c:print_attr_string().
 (CVE-2017-13032)

 - The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_id().
 (CVE-2017-13035)

 - The OSPFv3 parser in tcpdump before 4.9.2 has a buffer over-read in print-ospf6.c:ospf6_decode_v3().
 (CVE-2017-13036)

 - The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printts(). (CVE-2017-13037)

 - The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:handle_mlppp().
 (CVE-2017-13038)

 - The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_nodeinfo_print().
 (CVE-2017-13041)

 - The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvp_obj_print().
 (CVE-2017-13048, CVE-2017-13051)

 - The Rx protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-rx.c:ubik_print().
 (CVE-2017-13049)

 - The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_rt_routing_info().
 (CVE-2017-13053)

 - The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print- isoclns.c:isis_print_is_reach_subtlv(). (CVE-2017-13055)

 - The Cisco HDLC parser in tcpdump before 4.9.2 has a buffer over-read in print-chdlc.c:chdlc_print().
 (CVE-2017-13687)

 - The OLSR parser in tcpdump before 4.9.2 has a buffer over-read in print-olsr.c:olsr_print().
 (CVE-2017-13688)

 - The IKEv1 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:ikev1_id_print().
 (CVE-2017-13689)

 - tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2). (CVE-2018-10103)

 - tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2). (CVE-2018-10105)

 - The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print().
 (CVE-2018-14461)

 - The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().
 (CVE-2018-14462)

 - The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print().
 (CVE-2018-14463)

 - The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print- lmp.c:lmp_print_data_link_subobjs(). (CVE-2018-14464)

 - The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().
 (CVE-2018-14465)

 - The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert(). (CVE-2018-14466)

 - The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP). (CVE-2018-14467)

 - The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().
 (CVE-2018-14468)

 - The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().
 (CVE-2018-14469)

 - The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART). (CVE-2018-14881)

 - The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c. (CVE-2018-14882)

 - The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().
 (CVE-2018-16229)

 - The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI). (CVE-2018-16230)

 - The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion. (CVE-2018-16300)

 - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. (CVE-2018-16301)

 - The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN. (CVE-2018-16451)

 - The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion.
 (CVE-2018-16452)

 - lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.
 (CVE-2019-15166)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected tcpdump package.

See Also

https://bugzilla.suse.com/1057247

https://bugzilla.suse.com/1153098

https://bugzilla.suse.com/1153332

http://www.nessus.org/u?e03f0e89

https://www.suse.com/security/cve/CVE-2017-12893

https://www.suse.com/security/cve/CVE-2017-12894

https://www.suse.com/security/cve/CVE-2017-12896

https://www.suse.com/security/cve/CVE-2017-12897

https://www.suse.com/security/cve/CVE-2017-12898

https://www.suse.com/security/cve/CVE-2017-12899

https://www.suse.com/security/cve/CVE-2017-12900

https://www.suse.com/security/cve/CVE-2017-12901

https://www.suse.com/security/cve/CVE-2017-12902

https://www.suse.com/security/cve/CVE-2017-12985

https://www.suse.com/security/cve/CVE-2017-12986

https://www.suse.com/security/cve/CVE-2017-12987

https://www.suse.com/security/cve/CVE-2017-12988

https://www.suse.com/security/cve/CVE-2017-12991

https://www.suse.com/security/cve/CVE-2017-12992

https://www.suse.com/security/cve/CVE-2017-12993

https://www.suse.com/security/cve/CVE-2017-12995

https://www.suse.com/security/cve/CVE-2017-12996

https://www.suse.com/security/cve/CVE-2017-12998

https://www.suse.com/security/cve/CVE-2017-12999

https://www.suse.com/security/cve/CVE-2017-13001

https://www.suse.com/security/cve/CVE-2018-14881

https://www.suse.com/security/cve/CVE-2018-14882

https://www.suse.com/security/cve/CVE-2018-16229

https://www.suse.com/security/cve/CVE-2018-16230

https://www.suse.com/security/cve/CVE-2018-16300

https://www.suse.com/security/cve/CVE-2018-16301

https://www.suse.com/security/cve/CVE-2018-16451

https://www.suse.com/security/cve/CVE-2018-16452

https://www.suse.com/security/cve/CVE-2019-15166

https://www.suse.com/security/cve/CVE-2017-13002

https://www.suse.com/security/cve/CVE-2017-13003

https://www.suse.com/security/cve/CVE-2017-13004

https://www.suse.com/security/cve/CVE-2017-13005

https://www.suse.com/security/cve/CVE-2017-13006

https://www.suse.com/security/cve/CVE-2017-13008

https://www.suse.com/security/cve/CVE-2017-13009

https://www.suse.com/security/cve/CVE-2017-13010

https://www.suse.com/security/cve/CVE-2017-13012

https://www.suse.com/security/cve/CVE-2017-13013

https://www.suse.com/security/cve/CVE-2017-13014

https://www.suse.com/security/cve/CVE-2017-13016

https://www.suse.com/security/cve/CVE-2017-13017

https://www.suse.com/security/cve/CVE-2017-13018

https://www.suse.com/security/cve/CVE-2017-13019

https://www.suse.com/security/cve/CVE-2017-13021

https://www.suse.com/security/cve/CVE-2017-13022

https://www.suse.com/security/cve/CVE-2017-13023

https://www.suse.com/security/cve/CVE-2017-13024

https://www.suse.com/security/cve/CVE-2017-13025

https://www.suse.com/security/cve/CVE-2017-13027

https://www.suse.com/security/cve/CVE-2017-13028

https://www.suse.com/security/cve/CVE-2017-13029

https://www.suse.com/security/cve/CVE-2017-13030

https://www.suse.com/security/cve/CVE-2017-13031

https://www.suse.com/security/cve/CVE-2017-13032

https://www.suse.com/security/cve/CVE-2017-13034

https://www.suse.com/security/cve/CVE-2017-13035

https://www.suse.com/security/cve/CVE-2017-13036

https://www.suse.com/security/cve/CVE-2017-13037

https://www.suse.com/security/cve/CVE-2017-13038

https://www.suse.com/security/cve/CVE-2017-13041

https://www.suse.com/security/cve/CVE-2017-13047

https://www.suse.com/security/cve/CVE-2017-13048

https://www.suse.com/security/cve/CVE-2017-13049

https://www.suse.com/security/cve/CVE-2017-13051

https://www.suse.com/security/cve/CVE-2017-13053

https://www.suse.com/security/cve/CVE-2017-13055

https://www.suse.com/security/cve/CVE-2017-13687

https://www.suse.com/security/cve/CVE-2017-13688

https://www.suse.com/security/cve/CVE-2017-13689

https://www.suse.com/security/cve/CVE-2017-13725

https://www.suse.com/security/cve/CVE-2018-10103

https://www.suse.com/security/cve/CVE-2018-10105

https://www.suse.com/security/cve/CVE-2018-14461

https://www.suse.com/security/cve/CVE-2018-14462

https://www.suse.com/security/cve/CVE-2018-14463

https://www.suse.com/security/cve/CVE-2018-14464

https://www.suse.com/security/cve/CVE-2018-14465

https://www.suse.com/security/cve/CVE-2018-14466

https://www.suse.com/security/cve/CVE-2018-14467

https://www.suse.com/security/cve/CVE-2018-14468

https://www.suse.com/security/cve/CVE-2018-14469

Plugin Details

Severity: Critical

ID: 150563

File Name: suse_SU-2019-14191-1.nasl

Version: 1.3

Type: local

Agent: unix

Published: 6/10/2021

Updated: 12/26/2023

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2018-10105

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:tcpdump, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 10/15/2019

Vulnerability Publication Date: 9/11/2017

Reference Information

CVE: CVE-2017-12893, CVE-2017-12894, CVE-2017-12896, CVE-2017-12897, CVE-2017-12898, CVE-2017-12899, CVE-2017-12900, CVE-2017-12901, CVE-2017-12902, CVE-2017-12985, CVE-2017-12986, CVE-2017-12987, CVE-2017-12988, CVE-2017-12991, CVE-2017-12992, CVE-2017-12993, CVE-2017-12995, CVE-2017-12996, CVE-2017-12998, CVE-2017-12999, CVE-2017-13001, CVE-2017-13002, CVE-2017-13003, CVE-2017-13004, CVE-2017-13005, CVE-2017-13006, CVE-2017-13008, CVE-2017-13009, CVE-2017-13010, CVE-2017-13012, CVE-2017-13013, CVE-2017-13014, CVE-2017-13016, CVE-2017-13017, CVE-2017-13018, CVE-2017-13019, CVE-2017-13021, CVE-2017-13022, CVE-2017-13023, CVE-2017-13024, CVE-2017-13025, CVE-2017-13027, CVE-2017-13028, CVE-2017-13029, CVE-2017-13030, CVE-2017-13031, CVE-2017-13032, CVE-2017-13034, CVE-2017-13035, CVE-2017-13036, CVE-2017-13037, CVE-2017-13038, CVE-2017-13041, CVE-2017-13047, CVE-2017-13048, CVE-2017-13049, CVE-2017-13051, CVE-2017-13053, CVE-2017-13055, CVE-2017-13687, CVE-2017-13688, CVE-2017-13689, CVE-2017-13725, CVE-2018-10103, CVE-2018-10105, CVE-2018-14461, CVE-2018-14462, CVE-2018-14463, CVE-2018-14464, CVE-2018-14465, CVE-2018-14466, CVE-2018-14467, CVE-2018-14468, CVE-2018-14469, CVE-2018-14881, CVE-2018-14882, CVE-2018-16229, CVE-2018-16230, CVE-2018-16300, CVE-2018-16301, CVE-2018-16451, CVE-2018-16452, CVE-2019-15166

SuSE: SUSE-SU-2019:14191-1