what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

CVE-2014-9140

Status Candidate

Overview

Buffer overflow in the ppp_hdlc function in print-ppp.c in tcpdump 4.6.2 and earlier allows remote attackers to cause a denial of service (crash) cia a crafted PPP packet.

Related Files

Mandriva Linux Security Advisory 2015-125
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-125 - The Tcpdump program could crash when processing a malformed OLSR payload when the verbose output flag was set. The application decoder for the Ad hoc On-Demand Distance Vector protocol in Tcpdump fails to perform input validation and performs unsafe out-of-bound accesses. The application will usually not crash, but perform out-of-bounds accesses and output/leak larger amounts of invalid data, which might lead to dropped packets. It is unknown if a payload exists that might trigger segfaults. It was discovered that tcpdump incorrectly handled printing PPP packets. A remote attacker could use this issue to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code. Several vulnerabilities have been discovered in tcpdump. These vulnerabilities might result in denial of service (application crash) or, potentially, execution of arbitrary code. .

tags | advisory, remote, denial of service, arbitrary, vulnerability, protocol
systems | linux, mandriva
advisories | CVE-2014-8767, CVE-2014-8769, CVE-2014-9140, CVE-2015-0261, CVE-2015-2153, CVE-2015-2154, CVE-2015-2155
SHA-256 | cccdf6a08416c7e233f85d97827ddb003d99b7d183693360b958ba81f6accaa2
tcpdump 4.7.3
Posted Mar 11, 2015
Site tcpdump.org

tcpdump allows you to dump the traffic on a network. It can be used to print out the headers and/or contents of packets on a network interface that matches a given expression. You can use this tool to track down network problems, to detect many attacks, or to monitor the network activities.

Changes: Multiple security bugs addressed.
tags | tool, sniffer
systems | unix
advisories | CVE-2014-9140, CVE-2015-0261, CVE-2015-2153, CVE-2015-2154, CVE-2015-2155
SHA-256 | 1f87fb652ce996d41e7a06c601bc6ea29b13fee922945b23770c29490f1d8ace
tcpdump 4.7.2
Posted Mar 10, 2015
Site tcpdump.org

tcpdump allows you to dump the traffic on a network. It can be used to print out the headers and/or contents of packets on a network interface that matches a given expression. You can use this tool to track down network problems, to detect many attacks, or to monitor the network activities.

Changes: Multiple security bugs addressed.
tags | tool, sniffer
systems | unix
advisories | CVE-2014-9140, CVE-2015-0261, CVE-2015-2153, CVE-2015-2154, CVE-2015-2155
SHA-256 | f59a2bb77612a1392973ecf1ee165028abf5c151e04ae3999b98f94fd9d04ae7
tcpdump Denial Of Service / Code Execution
Posted Mar 10, 2015
Authored by Michael Richardson

tcpdump versions prior to 4.7.2 suffer from denial of service and code execution vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
advisories | CVE-2014-9140, CVE-2015-0261, CVE-2015-2153, CVE-2015-2154, CVE-2015-2155
SHA-256 | 424e9f605486e00763107ba04d05715cae9df6c2c581eb92b22d3a813d361721
Gentoo Linux Security Advisory 201502-05
Posted Feb 9, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201502-5 - Multiple vulnerabilities in tcpdump could result in execution of arbitrary code or Denial of Service. Versions less than 4.6.2-r1 are affected.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2014-8767, CVE-2014-8768, CVE-2014-8769, CVE-2014-9140
SHA-256 | e0a490dd275c1688bb051b684d6d9d603df423956d39194a2ba5460ecdcaa5e1
Debian Security Advisory 3086-1
Posted Dec 4, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3086-1 - Several vulnerabilities have been discovered in tcpdump, a command-line network traffic analyzer. These vulnerabilities might result in denial of service, leaking sensitive information from memory or, potentially, execution of arbitrary code.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2014-8767, CVE-2014-8769, CVE-2014-9140
SHA-256 | 4d690b880773980ed5d17e7ca82373ea26fc5b1f0b5c4659b5fb394b07206cb1
Ubuntu Security Notice USN-2433-1
Posted Dec 4, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2433-1 - Steffen Bauch discovered that tcpdump incorrectly handled printing OSLR packets. A remote attacker could use this issue to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code. Steffen Bauch discovered that tcpdump incorrectly handled printing GeoNet packets. A remote attacker could use this issue to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 14.10. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-8767, CVE-2014-8768, CVE-2014-8769, CVE-2014-9140
SHA-256 | 779744583ffb14e8dcad9404a2e695903e983a3de2b23a0e531e69e6fdd18d14
Page 1 of 1
Back1Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    0 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close