SB2018122817 - Fedora 28 update for tcpreplay

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018122817

SB2018122817 - Fedora 28 update for tcpreplay

Published: December 28, 2018 Updated: April 24, 2025

Security Bulletin ID SB2018122817
Severity
High
Patch available
YES
Number of vulnerabilities 6
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 17% Medium 83%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.


1) Use-after-free (CVE-ID: CVE-2018-18408)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

A use-after-free was discovered in the tcpbridge binary of Tcpreplay 4.3.0 beta1. The issue gets triggered in the function post_args() at tcpbridge.c, causing a denial of service or possibly unspecified other impact.


2) Out-of-bounds read (CVE-ID: CVE-2018-18407)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

A heap-based buffer over-read was discovered in the tcpreplay-edit binary of Tcpreplay 4.3.0 beta1, during the incremental checksum operation. The issue gets triggered in the function csum_replace4() in incremental_checksum.h, causing a denial of service.


3) Out-of-bounds read (CVE-ID: CVE-2018-17974)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

An issue was discovered in Tcpreplay 4.3.0 beta1. A heap-based buffer over-read was triggered in the function dlt_en10mb_encode() of the file plugins/dlt_en10mb/en10mb.c, due to inappropriate values in the function memmove(). The length (pktlen + ctx -> l2len) can be larger than source value (packet + ctx->l2len) because the function fails to ensure the length of a packet is valid. This leads to Denial of Service.


4) Out-of-bounds read (CVE-ID: CVE-2018-17580)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in the function fast_edit_packet() in the file send_packets.c of Tcpreplay. This can lead to Denial of Service (DoS) and potentially Information Exposure when the application attempts to process a crafted pcap file. A remote attacker can pass specially crafted data to the application, trigger out-of-bounds read error and read contents of memory on the system.


5) Out-of-bounds read (CVE-ID: CVE-2018-17582)

The vulnerability allows a remote non-authenticated attacker to #BASIC_IMPACT#.

Tcpreplay contains a heap-based buffer over-read. The get_next_packet() function in the send_packets.c file uses the memcpy() function unsafely to copy sequences from the source buffer pktdata to the destination (*prev_packet)->pktdata. This will result in a Denial of Service (DoS) and potentially Information Exposure when the application attempts to process a file.


6) Out-of-bounds read (CVE-ID: CVE-2018-13112)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in get_l2len in common/get.c in Tcpreplay. A remote attacker can perform a denial of service (heap-based buffer over-read and application crash) via crafted packets, as demonstrated by tcpprep.


Remediation

Install update from vendor's website.

References