Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 568
Alerts This Week
Warning Icon 1 568

Ubuntu 14.10 USN-2433-1 Critical: Tcpdump Denial Of Service

ubuntu
Calendar Grey December 4, 2014
Dist Ubuntu Esm H88
Recent vulnerabilities in TCPDump detailed in the Ubuntu advisory, along with corrective measures and information regarding impacted versions.
Several security issues were fixed in tcpdump.

Summary

Several security issues were fixed in tcpdump.

Software Description:

- tcpdump: command-line network traffic analyzer

Details:

Steffen Bauch discovered that tcpdump incorrectly handled printing OSLR

packets. A remote attacker could use this issue to cause tcpdump to crash,

resulting in a denial of service, or possibly execute arbitrary code.

(CVE-2014-8767)

Steffen Bauch discovered that tcpdump incorrectly handled printing GeoNet

packets. A remote attacker could use this issue to cause tcpdump to crash,

resulting in a denial of service, or possibly execute arbitrary code. This

issue only applied to Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2014-8768)

Steffen Bauch discovered that tcpdump incorrectly handled printing AODV

packets. A remote attacker could use this issue to cause tcpdump to crash,

resulting in a denial of service, reveal sensitive information, or possibly

execute arbitrary code. (CVE-2014-8769)

It was discovered that tcpdump incorrectly hand...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
  tcpdump                         4.6.2-1ubuntu1.1

Ubuntu 14.04 LTS:
  tcpdump                         4.5.1-2ubuntu1.1

Ubuntu 12.04 LTS:
  tcpdump                         4.2.1-1ubuntu2.1

Ubuntu 10.04 LTS:
  tcpdump                         4.0.0-6ubuntu3.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2433-1

CVE-2014-8767, CVE-2014-8768, CVE-2014-8769, CVE-2014-9140

Severity
critical
Lowest
Low
Medium
High
Critical

December 04, 2014

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.