#VU8339 Buffer over-read in Tcpdump - CVE-2017-12894


Vulnerability identifier: #VU8339

Vulnerability risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-12894

CWE-ID: CWE-126

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Tcpdump
Server applications / DLP, anti-spam, sniffers

Vendor: Tcpdump.org

Description
The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to buffer over-read in the lookup_bytestring component. A remote attacker can send a specially crafted request and retrieve arbitrary files on the system.

Mitigation
Update to version 4.9.2.

Vulnerable software versions

Tcpdump: 4.9.0

External links
https://www.tcpdump.org/tcpdump-changes.txt

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Red Hat update for java-1.8.0-ibm
Multiple vulnerabilities in IBM AIX
Gentoo update for Tcpdump
Debian update for tcpdump
Arch Linux update for tcpdump
Multiple vulnerabilities in Tcpdump
Ubuntu update for tcpdump
Ubuntu update for tcpdump
Slackware Linux update for tcpdump
Red Hat update for java-1.6.0-ibm