Fedora 29 update for libpcap
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2018-16301 CVE-2019-15161 CVE-2019-15162 CVE-2019-15163 CVE-2019-15164 CVE-2019-15165 |
| CWE-ID | CWE-125 CWE-20 CWE-345 CWE-476 CWE-918 CWE-119 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Fedora Operating systems & Components / Operating system libpcap Operating systems & Components / Operating system package or component |
| Vendor | Fedoraproject |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Out-of-bounds read
EUVDB-ID: #VU21949
Risk: Low
CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-16301
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in libpcap when during pcapng reading. A remote attacker can pass specially crafted data to the application that uses the affected library, trigger out-of-bounds read error and read contents of memory on the system or crash the application.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 29
libpcap: before 1.9.1-1.fc29
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2019-b92ce3144a
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU22308
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-15161
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied input within the rpcapd/daemon.c in libpcap. A remote attacker can send specially crafted request to the application and gain access to sensitive information.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 29
libpcap: before 1.9.1-1.fc29
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2019-b92ce3144a
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Insufficient verification of data authenticity
EUVDB-ID: #VU22309
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-15162
CWE-ID:
CWE-345 - Insufficient Verification of Data Authenticity
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to enumerate users on the system.
The vulnerability exists within the rpcapd/daemon.c in libpcap on non-Windows platforms due to the application provides details about failed authenticated attempts. A remote attacker can enumerate users on the system.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 29
libpcap: before 1.9.1-1.fc29
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2019-b92ce3144a
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) NULL pointer dereference
EUVDB-ID: #VU22310
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-15163
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dreference error within the rpcapd/daemon.c in libpcap if a crypt() call fails. A remote attacker can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 29
libpcap: before 1.9.1-1.fc29
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2019-b92ce3144a
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Server-Side Request Forgery (SSRF)
EUVDB-ID: #VU22311
Risk: Low
CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-15164
CWE-ID:
CWE-918 - Server-Side Request Forgery (SSRF)
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform SSRF attacks.
The vulnerability exists due to insufficient validation of user-supplied input within the rpcapd/daemon.c in libpcap when processing URL as a capture source. A remote attacker can trick the victim to use a specially crafted URL to extract information.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 29
libpcap: before 1.9.1-1.fc29
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2019-b92ce3144a
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Buffer overflow
EUVDB-ID: #VU21950
Risk: Low
CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-15165
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the sf-pcapng.c in libpcap when processing the PHB header length before allocating memory. A remote attacker can pass specially crafted data to the application that uses the vulnerable library, trigger memory corruption and perform denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 29
libpcap: before 1.9.1-1.fc29
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2019-b92ce3144a
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
