#VU53698 Buffer overflow in Tcpreplay - CVE-2017-6429


Vulnerability identifier: #VU53698

Vulnerability risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2017-6429

CWE-ID: CWE-119

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Tcpreplay
Client/Desktop applications / Other client software

Vendor: AppNeta

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing pcap files with an over-size packet in the tcpcapinfo utility in Tcpreplay. A remote attacker can create a specially crafted pcap file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Tcpreplay: 3.4.2 - 4.1.2

External links
https://github.com/appneta/tcpreplay/commit/d689d14dbcd768c028eab2fb378d849e543dcfe9
https://github.com/appneta/tcpreplay/issues/278
https://github.com/appneta/tcpreplay/releases/tag/v4.2.0-beta1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Arch Linux update for tcpreplay
Fedora EPEL 5 update for tcpreplay
Fedora 26 update for tcpreplay
Fedora 24 update for tcpreplay
Fedora EPEL 7 update for tcpreplay
Fedora EPEL 6 update for tcpreplay
Fedora 25 update for tcpreplay
Fedora EPEL 7 update for tcpreplay
Fedora EPEL 6 update for tcpreplay
Remote code execution in Tcpreplay