IBM AIX update for tcpdump



Published: 2020-01-08
Risk Medium
Patch available YES
Number of vulnerabilities 26
CVE ID CVE-2019-15166
CVE-2018-14879
CVE-2018-16230
CVE-2018-16452
CVE-2018-16451
CVE-2018-16228
CVE-2018-16229
CVE-2017-16808
CVE-2018-14882
CVE-2018-16300
CVE-2018-16227
CVE-2018-14465
CVE-2018-14880
CVE-2018-10105
CVE-2018-14461
CVE-2018-14470
CVE-2018-14464
CVE-2018-14463
CVE-2018-10103
CVE-2019-15167
CVE-2018-14881
CVE-2018-14462
CVE-2018-14468
CVE-2018-14469
CVE-2018-14466
CVE-2018-14467
CWE ID CWE-119
CWE-125
CWE-835
CWE-126
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
IBM VIOS
Server applications / Application servers

IBM AIX
Operating systems & Components / Operating system

Vendor IBM Corporation

Security Advisory

1) Buffer overflow

Risk: Low

CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15166

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the lmp_print_data_link_subobjs() function in print-lmp.c. A remote attacker can create a specially crafted LMP data, trigger memory corruption and perform a denial of service (DoS) attack.

Mitigation

Install patches from vendor's website.

Vulnerable software versions

IBM VIOS: 2.2.6, 3.1.0, 3.1.1

IBM AIX: 7.1.5, 7.2.2, 7.2.3, 7.2.4

CPE External links

http://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory5.asc

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Buffer overflow

Risk: Medium

CVSSv3: 6.5 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-14879

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the tcpdump.c:get_next_file() function in the command-line argument parser. A remote attacker can create a specially crafted file, trick the victim into opening it with the affected software, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install patches from vendor's website.

Vulnerable software versions

IBM VIOS: 2.2.6, 3.1.0, 3.1.1

IBM AIX: 7.1.5, 7.2.2, 7.2.3, 7.2.4

CPE External links

http://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory5.asc

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Out-of-bounds read

Risk: Low

CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-16230

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the print-bgp.c:bgp_attr_print() (MP_REACH_NLRI) within the BGP parser in tcpdump before 4.9.3. A remote attacker can generate specially crafted data, trigger out-of-bounds read error and perform denial of service attack.

Mitigation

Install patches from vendor's website.

Vulnerable software versions

IBM VIOS: 2.2.6, 3.1.0, 3.1.1

IBM AIX: 7.1.5, 7.2.2, 7.2.3, 7.2.4

CPE External links

http://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory5.asc

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Infinite loop

Risk: Medium

CVSSv3: 5.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-16452

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop in the smbutil.c:smb_fdata() function within the SMB parser. A remote attacker can consume all available system resources and cause denial of service conditions.

Mitigation

Install patches from vendor's website.

Vulnerable software versions

IBM VIOS: 2.2.6, 3.1.0, 3.1.1

IBM AIX: 7.1.5, 7.2.2, 7.2.3, 7.2.4

CPE External links

http://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory5.asc

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Out-of-bounds read

Risk: Low

CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-16451

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the print-smb.c:print_trans() for MAILSLOTBROWSE and PIPELANMAN within the SMB parser in tcpdump before 4.9.3. A remote attacker can generate specially crafted data, trigger out-of-bounds read error and perform denial of service attack.

Mitigation

Install patches from vendor's website.

Vulnerable software versions

IBM VIOS: 2.2.6, 3.1.0, 3.1.1

IBM AIX: 7.1.5, 7.2.2, 7.2.3, 7.2.4

CPE External links

http://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory5.asc

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Out-of-bounds read

Risk: Low

CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-16228

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the print-hncp.c:print_prefix() within the HNCP parser in tcpdump before 4.9.3. A remote attacker can generate specially crafted data, trigger out-of-bounds read error and perform denial of service attack.

Mitigation

Install patches from vendor's website.

Vulnerable software versions

IBM VIOS: 2.2.6, 3.1.0, 3.1.1

IBM AIX: 7.1.5, 7.2.2, 7.2.3, 7.2.4

CPE External links

http://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory5.asc

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Out-of-bounds read

Risk: Low

CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-16229

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the print-dccp.c:dccp_print_option() within the DCCP parser in tcpdump before 4.9.3. A remote attacker can generate specially crafted data, trigger out-of-bounds read error and perform denial of service attack.

Mitigation

Install patches from vendor's website.

Vulnerable software versions

IBM VIOS: 2.2.6, 3.1.0, 3.1.1

IBM AIX: 7.1.5, 7.2.2, 7.2.3, 7.2.4

CPE External links

http://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory5.asc

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Heap-based buffer overread

Risk: Low

CVSSv3: 6.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2017-16808

CWE-ID: CWE-126 - Buffer Over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to heap-based buffer overread in 'addrtoname.c' when handling malicious input. A remote attacker can supply a specially crafted pcap fil, trigger buffer overread and cause the service to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Install patches from vendor's website.

Vulnerable software versions

IBM VIOS: 2.2.6, 3.1.0, 3.1.1

IBM AIX: 7.1.5, 7.2.2, 7.2.3, 7.2.4

CPE External links

http://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory5.asc

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Out-of-bounds read

Risk: Low

CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-14882

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the print-icmp6.c within the ICMPv6 parser in tcpdump before 4.9.3. A remote attacker can generate specially crafted data, trigger out-of-bounds read error and perform denial of service attack.

Mitigation

Install patches from vendor's website.

Vulnerable software versions

IBM VIOS: 2.2.6, 3.1.0, 3.1.1

IBM AIX: 7.1.5, 7.2.2, 7.2.3, 7.2.4

CPE External links

http://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory5.asc

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Infinite loop

Risk: Medium

CVSSv3: 5.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-16300

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop in print-bgp.c:bgp_attr_print() function in the BPG parser. A remote attacker can pass specially crafted data to the affected application, consume all available system resources and cause denial of service conditions.

Mitigation

Install patches from vendor's website.

Vulnerable software versions

IBM VIOS: 2.2.6, 3.1.0, 3.1.1

IBM AIX: 7.1.5, 7.2.2, 7.2.3, 7.2.4

CPE External links

http://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory5.asc

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Out-of-bounds read

Risk: Low

CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-16227

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the print-802_11.c for the Mesh Flags subfield within the IEEE 802.11 parser in tcpdump before 4.9.3. A remote attacker can generate specially crafted data, trigger out-of-bounds read error and perform denial of service attack.

Mitigation

Install patches from vendor's website.

Vulnerable software versions

IBM VIOS: 2.2.6, 3.1.0, 3.1.1

IBM AIX: 7.1.5, 7.2.2, 7.2.3, 7.2.4

CPE External links

http://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory5.asc

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Out-of-bounds read

Risk: Low

CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-14465

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in print-rsvp.c:rsvp_obj_print() function within the RSVP parser. A remote attacker can generate specially crafted RSVP data, trigger out-of-bounds read error and perform denial of service attack.

Mitigation

Install patches from vendor's website.

Vulnerable software versions

IBM VIOS: 2.2.6, 3.1.0, 3.1.1

IBM AIX: 7.1.5, 7.2.2, 7.2.3, 7.2.4

CPE External links

http://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory5.asc

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Out-of-bounds read

Risk: Low

CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-14880

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the print-ospf6.c:ospf6_print_lshdr() within the OSPFv3 parser in tcpdump before 4.9.3. A remote attacker can generate specially crafted data, trigger out-of-bounds read error and perform denial of service attack.

Mitigation

Install patches from vendor's website.

Vulnerable software versions

IBM VIOS: 2.2.6, 3.1.0, 3.1.1

IBM AIX: 7.1.5, 7.2.2, 7.2.3, 7.2.4

CPE External links

http://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory5.asc

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Out-of-bounds read

Risk: Low

CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-10105

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition when printing SMB data. A remote attacker can generate specially crafted SMB traffic, trigger out-of-bounds read error and perform denial of service attack.

Mitigation

Install patches from vendor's website.

Vulnerable software versions

IBM VIOS: 2.2.6, 3.1.0, 3.1.1

IBM AIX: 7.1.5, 7.2.2, 7.2.3, 7.2.4

CPE External links

http://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory5.asc

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Out-of-bounds read

Risk: Low

CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-14461

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in print-ldp.c:ldp_tlv_print() within the LDP parser. A remote attacker can generate specially crafted LDP data, trigger out-of-bounds read error and perform denial of service attack.

Mitigation

Install patches from vendor's website.

Vulnerable software versions

IBM VIOS: 2.2.6, 3.1.0, 3.1.1

IBM AIX: 7.1.5, 7.2.2, 7.2.3, 7.2.4

CPE External links

http://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory5.asc

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Out-of-bounds read

Risk: Low

CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-14470

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the print-babel.c:babel_print_v2() within the Babel parser in tcpdump before 4.9.3. A remote attacker can generate specially crafted data, trigger out-of-bounds read error and perform denial of service attack.

Mitigation

Install patches from vendor's website.

Vulnerable software versions

IBM VIOS: 2.2.6, 3.1.0, 3.1.1

IBM AIX: 7.1.5, 7.2.2, 7.2.3, 7.2.4

CPE External links

http://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory5.asc

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Out-of-bounds read

Risk: Low

CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-14464

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in print-lmp.c:lmp_print_data_link_subobjs() function within the LMP parser. A remote attacker can generate specially crafted LMP data, trigger out-of-bounds read error and perform denial of service attack.

Mitigation

Install patches from vendor's website.

Vulnerable software versions

IBM VIOS: 2.2.6, 3.1.0, 3.1.1

IBM AIX: 7.1.5, 7.2.2, 7.2.3, 7.2.4

CPE External links

http://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory5.asc

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Out-of-bounds read

Risk: Low

CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-14463

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in print-vrrp.c:vrrp_print() function within the VRRP parser. A remote attacker can generate specially crafted VRRP data, trigger out-of-bounds read error and perform denial of service attack.

Mitigation

Install patches from vendor's website.

Vulnerable software versions

IBM VIOS: 2.2.6, 3.1.0, 3.1.1

IBM AIX: 7.1.5, 7.2.2, 7.2.3, 7.2.4

CPE External links

http://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory5.asc

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Out-of-bounds read

Risk: Low

CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-10103

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition when printing SMB data. A remote attacker can generate specially crafted SMB traffic, trigger out-of-bounds read error and perform denial of service attack.

Mitigation

Install patches from vendor's website.

Vulnerable software versions

IBM VIOS: 2.2.6, 3.1.0, 3.1.1

IBM AIX: 7.1.5, 7.2.2, 7.2.3, 7.2.4

CPE External links

http://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory5.asc

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Out-of-bounds read

Risk: Low

CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15167

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the VRRP parser A remote attacker can generate specially crafted data, trigger out-of-bounds read error and perform a denial of service (DoS) attack.

Mitigation

Install patches from vendor's website.

Vulnerable software versions

IBM VIOS: 2.2.6, 3.1.0, 3.1.1

IBM AIX: 7.1.5, 7.2.2, 7.2.3, 7.2.4

CPE External links

http://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory5.asc

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Out-of-bounds read

Risk: Low

CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-14881

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART) within the BGP parser in tcpdump before 4.9.3. A remote attacker can generate specially crafted data, trigger out-of-bounds read error and perform denial of service attack.

Mitigation

Install patches from vendor's website.

Vulnerable software versions

IBM VIOS: 2.2.6, 3.1.0, 3.1.1

IBM AIX: 7.1.5, 7.2.2, 7.2.3, 7.2.4

CPE External links

http://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory5.asc

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Out-of-bounds read

Risk: Low

CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-14462

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in print-icmp.c:icmp_print() function within the ICMP parser. A remote attacker can generate specially crafted ICMP data, trigger out-of-bounds read error and perform denial of service attack.

Mitigation

Install patches from vendor's website.

Vulnerable software versions

IBM VIOS: 2.2.6, 3.1.0, 3.1.1

IBM AIX: 7.1.5, 7.2.2, 7.2.3, 7.2.4

CPE External links

http://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory5.asc

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Out-of-bounds read

Risk: Low

CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-14468

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the print-fr.c:mfr_print() within the FRF.16 parser in tcpdump before 4.9.3. A remote attacker can generate specially crafted data, trigger out-of-bounds read error and perform denial of service attack.

Mitigation

Install patches from vendor's website.

Vulnerable software versions

IBM VIOS: 2.2.6, 3.1.0, 3.1.1

IBM AIX: 7.1.5, 7.2.2, 7.2.3, 7.2.4

CPE External links

http://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory5.asc

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Out-of-bounds read

Risk: Low

CVSSv3: 3.1 [CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-14469

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the print-isakmp.c:ikev1_n_print() within the IKEv1 parser in tcpdump before 4.9.3. A remote attacker can generate specially crafted data, trigger out-of-bounds read error and perform denial of service attack.

Mitigation

Install patches from vendor's website.

Vulnerable software versions

IBM VIOS: 2.2.6, 3.1.0, 3.1.1

IBM AIX: 7.1.5, 7.2.2, 7.2.3, 7.2.4

CPE External links

http://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory5.asc

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Out-of-bounds read

Risk: Low

CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-14466

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in print-rx.c:rx_cache_find() and rx_cache_insert() functions within the Rx parser. A remote attacker can generate specially crafted RSVP data, trigger out-of-bounds read error and perform denial of service attack.

Mitigation

Install patches from vendor's website.

Vulnerable software versions

IBM VIOS: 2.2.6, 3.1.0, 3.1.1

IBM AIX: 7.1.5, 7.2.2, 7.2.3, 7.2.4

CPE External links

http://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory5.asc

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Out-of-bounds read

Risk: Low

CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-14467

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP) within the BGP parser in tcpdump before 4.9.3. A remote attacker can generate specially crafted data, trigger out-of-bounds read error and perform denial of service attack.

Mitigation

Install patches from vendor's website.

Vulnerable software versions

IBM VIOS: 2.2.6, 3.1.0, 3.1.1

IBM AIX: 7.1.5, 7.2.2, 7.2.3, 7.2.4

CPE External links

http://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory5.asc

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.