#VU22311 Server-Side Request Forgery (SSRF) in libpcap - CVE-2019-15164

Cybersecurity Help s.r.o.

Published: 2019-10-27

Vulnerability identifier: #VU22311

Vulnerability risk: Low

CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-15164

CWE-ID: CWE-918

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
libpcap
Universal components / Libraries / Libraries used by multiple products

Vendor: Tcpdump.org

Description

The disclosed vulnerability allows a remote attacker to perform SSRF attacks.

The vulnerability exists due to insufficient validation of user-supplied input within the rpcapd/daemon.c in libpcap when processing URL as a capture source. A remote attacker can trick the victim to use a specially crafted URL to extract information.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

libpcap: 1.9.0

External links
https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.9/CHANGES
https://github.com/the-tcpdump-group/libpcap/commit/33834cb2a4d035b52aa2a26742f832a112e90a0a
https://www.tcpdump.org/public-cve-list.txt

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Oracle Solaris update for third party packages

Server-Side Request Forgery (SSRF) in libpcap (Alpine package)

Multiple vulnerabilities in libpcap