927637 – (CVE-2015-3138) VUL-0: CVE-2015-3138: tcpdump: denial of service in print-wb.c

Bug 927637 (CVE-2015-3138) - VUL-0: CVE-2015-3138: tcpdump: denial of service in print-wb.c

Summary: VUL-0: CVE-2015-3138: tcpdump: denial of service in print-wb.c

Status:	RESOLVED FIXED

Alias:	CVE-2015-3138

Product:	openSUSE Tumbleweed
Classification:	openSUSE
Component:	Network (show other bugs)
Version:	201503*
Hardware:	Other Other

Priority:	P5 - None Severity: Minor (vote)
Target Milestone:	---
Assignee:	Andreas Stieger
QA Contact:	E-mail List

URL:	https://smash.suse.de/issue/115973/
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2015-04-17 15:11 UTC by Andreas Stieger
Modified:	2018-02-21 21:03 UTC (History)
CC List:	4 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andreas Stieger 2015-04-17 15:11:15 UTC

Via RH:

Recently an independent researcher had discovered a vulnerability in tcpdump, which would be a segmentation fault triggered through feeding into tcpdump a crafted packet, either from a live network interface or from a .pcap file. It has been assigned CVE-2015-3138 and you can find the steps to reproduce it here:

https://github.com/the-tcpdump-group/tcpdump/issues/446

Subsequent analysis made it clear that the vulnerability was introduced into one of tcpdump functions by an accident not long before the 4.7.0 release. It remained in tcpdump releases 4.7.2 and 4.7.3 (4.7.1 was never released). The next release, 4.7.4, will have it fixed, but it is likely to be delayed. Since the vulnerability has been public for a few weeks, meanwhile you might want to fix it in an update to the tcpdump package. The fix is in the following commit:

https://github.com/the-tcpdump-group/tcpdump/commit/3ed82f4ed0095768529afc22b923c8f7171fff70

openSUSE 13.1: 4.4.0 not affected
openSUSE 13.2: 4.6.2 not affected
network:utilities: 4.7.3 affected
openSUSE:Factory: 4.7.3 affected

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1212342
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3138
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3138

Comment 1 Andreas Stieger 2015-04-17 20:20:04 UTC

https://build.opensuse.org/request/show/297857

Comment 2 Swamp Workflow Management 2017-04-26 19:10:19 UTC

SUSE-SU-2017:1110-1: An update that fixes 49 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1020940,1035686,905870,905871,905872,922220,922221,922222,922223,927637
CVE References: CVE-2014-8767,CVE-2014-8768,CVE-2014-8769,CVE-2015-0261,CVE-2015-2153,CVE-2015-2154,CVE-2015-2155,CVE-2015-3138,CVE-2016-7922,CVE-2016-7923,CVE-2016-7924,CVE-2016-7925,CVE-2016-7926,CVE-2016-7927,CVE-2016-7928,CVE-2016-7929,CVE-2016-7930,CVE-2016-7931,CVE-2016-7932,CVE-2016-7933,CVE-2016-7934,CVE-2016-7935,CVE-2016-7936,CVE-2016-7937,CVE-2016-7938,CVE-2016-7939,CVE-2016-7940,CVE-2016-7973,CVE-2016-7974,CVE-2016-7975,CVE-2016-7983,CVE-2016-7984,CVE-2016-7985,CVE-2016-7986,CVE-2016-7992,CVE-2016-7993,CVE-2016-8574,CVE-2016-8575,CVE-2017-5202,CVE-2017-5203,CVE-2017-5204,CVE-2017-5205,CVE-2017-5341,CVE-2017-5342,CVE-2017-5482,CVE-2017-5483,CVE-2017-5484,CVE-2017-5485,CVE-2017-5486
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP2 (src):    libpcap-1.8.1-9.1
SUSE Linux Enterprise Workstation Extension 12-SP1 (src):    libpcap-1.8.1-9.1
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    libpcap-1.8.1-9.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    libpcap-1.8.1-9.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    libpcap-1.8.1-9.1, tcpdump-4.9.0-13.1
SUSE Linux Enterprise Server 12-SP2 (src):    libpcap-1.8.1-9.1, tcpdump-4.9.0-13.1
SUSE Linux Enterprise Server 12-SP1 (src):    libpcap-1.8.1-9.1, tcpdump-4.9.0-13.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    libpcap-1.8.1-9.1, tcpdump-4.9.0-13.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    libpcap-1.8.1-9.1, tcpdump-4.9.0-13.1

Comment 3 Swamp Workflow Management 2017-05-08 16:13:58 UTC

openSUSE-SU-2017:1199-1: An update that fixes 49 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1020940,1035686,905870,905871,905872,922220,922221,922222,922223,927637
CVE References: CVE-2014-8767,CVE-2014-8768,CVE-2014-8769,CVE-2015-0261,CVE-2015-2153,CVE-2015-2154,CVE-2015-2155,CVE-2015-3138,CVE-2016-7922,CVE-2016-7923,CVE-2016-7924,CVE-2016-7925,CVE-2016-7926,CVE-2016-7927,CVE-2016-7928,CVE-2016-7929,CVE-2016-7930,CVE-2016-7931,CVE-2016-7932,CVE-2016-7933,CVE-2016-7934,CVE-2016-7935,CVE-2016-7936,CVE-2016-7937,CVE-2016-7938,CVE-2016-7939,CVE-2016-7940,CVE-2016-7973,CVE-2016-7974,CVE-2016-7975,CVE-2016-7983,CVE-2016-7984,CVE-2016-7985,CVE-2016-7986,CVE-2016-7992,CVE-2016-7993,CVE-2016-8574,CVE-2016-8575,CVE-2017-5202,CVE-2017-5203,CVE-2017-5204,CVE-2017-5205,CVE-2017-5341,CVE-2017-5342,CVE-2017-5482,CVE-2017-5483,CVE-2017-5484,CVE-2017-5485,CVE-2017-5486
Sources used:
openSUSE Leap 42.2 (src):    libpcap-1.8.1-7.3.1, tcpdump-4.9.0-6.3.1
openSUSE Leap 42.1 (src):    libpcap-1.8.1-8.1, tcpdump-4.9.0-7.1