#VU7687 Out-of-bounds read in Tcpdump - CVE-2015-2154

Cybersecurity Help s.r.o.

Published: 2017-08-03

Vulnerability identifier: #VU7687

Vulnerability risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2015-2154

CWE-ID: CWE-125

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Tcpdump
Server applications / DLP, anti-spam, sniffers

Vendor: Tcpdump.org

Description
The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to an error in the osi_print_cksum function in print-isoclns.c in the ethernet printer. A remote attacker can send a specially crafted length offset or base pointer checksum value, trigger out-of-bounds read and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation
Update to version 4.7.2 or later.

Vulnerable software versions

Tcpdump: 4.1.1 - 4.7.0

External links
https://www.securitytracker.com/id/1039027

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Red Hat update for Tcpdump

Gentoo update for tcpdump

Debian update for tcpdump

Amazon Linux AMI update for tcpdump

Ubuntu update for tcpdump