Tcpdump CVE-2018-19519 Stack Based Buffer Overflow Vulnerability
BID:106098
CVE-2018-19519 |Info
Tcpdump CVE-2018-19519 Stack Based Buffer Overflow Vulnerability
| Bugtraq ID: | 106098 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2018-19519 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 03 2018 12:00AM |
| Updated: | Dec 03 2018 12:00AM |
| Credit: | Sam Fowler |
| Vulnerable: |
tcpdump tcpdump 4.9.2 Redhat Enterprise Linux 7 |
| Not Vulnerable: | |
Discussion
Tcpdump CVE-2018-19519 Stack Based Buffer Overflow Vulnerability
Tcpdump is prone to a buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.
An attacker can exploit this issue to execute arbitrary code in the context of an affected system. Failed exploit attempts may result in a denial-of-service condition; this can result in the attacker gaining complete control of the affected system.
Tcpdump version 4.9.2 is vulnerable.
Tcpdump is prone to a buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.
An attacker can exploit this issue to execute arbitrary code in the context of an affected system. Failed exploit attempts may result in a denial-of-service condition; this can result in the attacker gaining complete control of the affected system.
Tcpdump version 4.9.2 is vulnerable.
Exploit / POC
Tcpdump CVE-2018-19519 Stack Based Buffer Overflow Vulnerability
The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.
The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.
Solution / Fix
Tcpdump CVE-2018-19519 Stack Based Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
References
Tcpdump CVE-2018-19519 Stack Based Buffer Overflow Vulnerability
References:
References:
- CVE-2018-19519 tcpdump: Stack-based buffer over-read in print-hncp.c:print_prefi (Redhat)
- Github Reference (Github)
- Tcp Dump Home Page (Tcp Dump Home Page)