ESB-2017.2331 - [Ubuntu] tcpdump: Multiple vulnerabilities 2017-09-14

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2017.2331
                          tcpdump vulnerabilities
                             14 September 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           tcpdump
Publisher:         Ubuntu
Operating System:  Ubuntu
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Denial of Service               -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2017-13725 CVE-2017-13690 CVE-2017-13689
                   CVE-2017-13688 CVE-2017-13687 CVE-2017-13055
                   CVE-2017-13054 CVE-2017-13053 CVE-2017-13052
                   CVE-2017-13051 CVE-2017-13050 CVE-2017-13049
                   CVE-2017-13048 CVE-2017-13047 CVE-2017-13046
                   CVE-2017-13045 CVE-2017-13044 CVE-2017-13043
                   CVE-2017-13042 CVE-2017-13041 CVE-2017-13040
                   CVE-2017-13039 CVE-2017-13038 CVE-2017-13037
                   CVE-2017-13036 CVE-2017-13035 CVE-2017-13034
                   CVE-2017-13033 CVE-2017-13032 CVE-2017-13031
                   CVE-2017-13030 CVE-2017-13029 CVE-2017-13028
                   CVE-2017-13027 CVE-2017-13026 CVE-2017-13025
                   CVE-2017-13024 CVE-2017-13023 CVE-2017-13022
                   CVE-2017-13021 CVE-2017-13020 CVE-2017-13019
                   CVE-2017-13018 CVE-2017-13017 CVE-2017-13016
                   CVE-2017-13015 CVE-2017-13014 CVE-2017-13013
                   CVE-2017-13012 CVE-2017-13011 CVE-2017-13010
                   CVE-2017-13009 CVE-2017-13008 CVE-2017-13007
                   CVE-2017-13006 CVE-2017-13005 CVE-2017-13004
                   CVE-2017-13003 CVE-2017-13002 CVE-2017-13001
                   CVE-2017-13000 CVE-2017-12999 CVE-2017-12998
                   CVE-2017-12997 CVE-2017-12996 CVE-2017-12995
                   CVE-2017-12994 CVE-2017-12993 CVE-2017-12992
                   CVE-2017-12991 CVE-2017-12990 CVE-2017-12989
                   CVE-2017-12988 CVE-2017-12987 CVE-2017-12986
                   CVE-2017-12985 CVE-2017-12902 CVE-2017-12901
                   CVE-2017-12900 CVE-2017-12899 CVE-2017-12898
                   CVE-2017-12897 CVE-2017-12896 CVE-2017-12895
                   CVE-2017-12894 CVE-2017-12893 CVE-2017-11543
                   CVE-2017-11542 CVE-2017-11541 CVE-2017-11108

Reference:         ESB-2017.2316

Original Bulletin: 
   http://www.ubuntu.com/usn/usn-3415-1
   http://www.ubuntu.com/usn/usn-3415-2

Comment: This bulletin contains two (2) Ubuntu security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

Ubuntu Security Notice USN-3415-1
September 14, 2017

tcpdump vulnerabilities


A security issue affects these releases of Ubuntu and its derivatives:

- - Ubuntu 17.04
- - Ubuntu 16.04 LTS
- - Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in tcpdump.

Software Description:
- - tcpdump: command-line network traffic analyzer

Details:

Wilfried Kirsch discovered a buffer overflow in the SLIP decoder
in tcpdump. A remote attacker could use this to cause a denial
of service (application crash) or possibly execute arbitrary
code. (CVE-2017-11543)

Bhargava Shastry discovered a buffer overflow in the bitfield converter
utility function bittok2str_internal() in tcpdump. A remote attacker
could use this to cause a denial of service (application crash)
or possibly execute arbitrary code. (CVE-2017-13011)

Otto Airamo and Antti Levom=E4ki discovered logic errors in different
protocol parsers in tcpdump that could lead to an infinite loop. A
remote attacker could use these to cause a denial of service
(application hang). CVE-2017-12989, CVE-2017-12990, CVE-2017-12995,
CVE-2017-12997)

Otto Airamo, Brian Carpenter, Yannick Formaggio, Kamil Frankowicz,
Katie Holly, Kim Gwan Yeong, Antti Levom=E4ki, Henri Salo, and Bhargava
Shastry discovered out-of-bounds reads in muliptle protocol parsers
in tcpdump.  A remote attacker could use these to cause a denial
of service (application crash). (CVE-2017-11108, CVE-2017-11541,
CVE-2017-11542, CVE-2017-12893, CVE-2017-12894, CVE-2017-12895,
CVE-2017-12896, CVE-2017-12897, CVE-2017-12898, CVE-2017-12899,
CVE-2017-12900, CVE-2017-12901, CVE-2017-12902, CVE-2017-12985,
CVE-2017-12986, CVE-2017-12987, CVE-2017-12988, CVE-2017-12991,
CVE-2017-12992, CVE-2017-12993, CVE-2017-12994, CVE-2017-12996,
CVE-2017-12998, CVE-2017-12999, CVE-2017-13000, CVE-2017-13001,
CVE-2017-13002, CVE-2017-13003, CVE-2017-13004, CVE-2017-13005,
CVE-2017-13006, CVE-2017-13007, CVE-2017-13008, CVE-2017-13009,
CVE-2017-13010, CVE-2017-13012, CVE-2017-13013, CVE-2017-13014,
CVE-2017-13015, CVE-2017-13016, CVE-2017-13017, CVE-2017-13018,
CVE-2017-13019, CVE-2017-13020, CVE-2017-13021, CVE-2017-13022,
CVE-2017-13023, CVE-2017-13024, CVE-2017-13025, CVE-2017-13026,
CVE-2017-13027, CVE-2017-13028, CVE-2017-13029, CVE-2017-13030,
CVE-2017-13031, CVE-2017-13032, CVE-2017-13033, CVE-2017-13034,
CVE-2017-13035, CVE-2017-13036, CVE-2017-13037, CVE-2017-13038,
CVE-2017-13039, CVE-2017-13040, CVE-2017-13041, CVE-2017-13042,
CVE-2017-13043, CVE-2017-13044, CVE-2017-13045, CVE-2017-13046,
CVE-2017-13047, CVE-2017-13048, CVE-2017-13049, CVE-2017-13050,
CVE-2017-13051, CVE-2017-13052, CVE-2017-13053, CVE-2017-13054,
CVE-2017-13055, CVE-2017-13687, CVE-2017-13688, CVE-2017-13689,
CVE-2017-13690, CVE-2017-13725)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.04:
  tcpdump                         4.9.2-0ubuntu0.17.04.2

Ubuntu 16.04 LTS:
  tcpdump                         4.9.2-0ubuntu0.16.04.1

Ubuntu 14.04 LTS:
  tcpdump                         4.9.2-0ubuntu0.14.04.1

In general, a standard system update will make all the necessary changes.

References:
  https://www.ubuntu.com/usn/usn-3415-1
  CVE-2017-11108, CVE-2017-11541, CVE-2017-11542, CVE-2017-11543,
  CVE-2017-12893, CVE-2017-12894, CVE-2017-12895, CVE-2017-12896,
  CVE-2017-12897, CVE-2017-12898, CVE-2017-12899, CVE-2017-12900,
  CVE-2017-12901, CVE-2017-12902, CVE-2017-12985, CVE-2017-12986,
  CVE-2017-12987, CVE-2017-12988, CVE-2017-12989, CVE-2017-12990,
  CVE-2017-12991, CVE-2017-12992, CVE-2017-12993, CVE-2017-12994,
  CVE-2017-12995, CVE-2017-12996, CVE-2017-12997, CVE-2017-12998,
  CVE-2017-12999, CVE-2017-13000, CVE-2017-13001, CVE-2017-13002,
  CVE-2017-13003, CVE-2017-13004, CVE-2017-13005, CVE-2017-13006,
  CVE-2017-13007, CVE-2017-13008, CVE-2017-13009, CVE-2017-13010,
  CVE-2017-13011, CVE-2017-13012, CVE-2017-13013, CVE-2017-13014,
  CVE-2017-13015, CVE-2017-13016, CVE-2017-13017, CVE-2017-13018,
  CVE-2017-13019, CVE-2017-13020, CVE-2017-13021, CVE-2017-13022,
  CVE-2017-13023, CVE-2017-13024, CVE-2017-13025, CVE-2017-13026,
  CVE-2017-13027, CVE-2017-13028, CVE-2017-13029, CVE-2017-13030,
  CVE-2017-13031, CVE-2017-13032, CVE-2017-13033, CVE-2017-13034,
  CVE-2017-13035, CVE-2017-13036, CVE-2017-13037, CVE-2017-13038,
  CVE-2017-13039, CVE-2017-13040, CVE-2017-13041, CVE-2017-13042,
  CVE-2017-13043, CVE-2017-13044, CVE-2017-13045, CVE-2017-13046,
  CVE-2017-13047, CVE-2017-13048, CVE-2017-13049, CVE-2017-13050,
  CVE-2017-13051, CVE-2017-13052, CVE-2017-13053, CVE-2017-13054,
  CVE-2017-13055, CVE-2017-13687, CVE-2017-13688, CVE-2017-13689,
  CVE-2017-13690, CVE-2017-13725

Package Information:
  https://launchpad.net/ubuntu/+source/tcpdump/4.9.2-0ubuntu0.17.04.2
  https://launchpad.net/ubuntu/+source/tcpdump/4.9.2-0ubuntu0.16.04.1
  https://launchpad.net/ubuntu/+source/tcpdump/4.9.2-0ubuntu0.14.04.1

========================================================================

Ubuntu Security Notice USN-3415-2
September 14, 2017

tcpdump vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

- - Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in tcpdump

Software Description:
- - tcpdump: command-line network traffic analyzer

Details:

USN-3415-1 fixed vulnerabilities in tcpdump for Ubuntu 14.04 LTS,
Ubuntu 16.04 LTS, and Ubuntu 17.04. This update provides the
corresponding tcpdump update for Ubuntu 12.04 ESM.

Original advisory details:

 Wilfried Kirsch discovered a buffer overflow in the SLIP decoder
 in tcpdump. A remote attacker could use this to cause a denial
 of service (application crash) or possibly execute arbitrary
 code. (CVE-2017-11543)

 Bhargava Shastry discovered a buffer overflow in the bitfield converter
 utility function bittok2str_internal() in tcpdump. A remote attacker
 could use this to cause a denial of service (application crash)
 or possibly execute arbitrary code. (CVE-2017-13011)

 Otto Airamo and Antti Levom=E4ki discovered logic errors in different
 protocol parsers in tcpdump that could lead to an infinite loop. A
 remote attacker could use these to cause a denial of service
 (application hang). CVE-2017-12989, CVE-2017-12990, CVE-2017-12995,
 CVE-2017-12997)

 Otto Airamo, Brian Carpenter, Yannick Formaggio, Kamil Frankowicz,
 Katie Holly, Kim Gwan Yeong, Antti Levom=E4ki, Henri Salo, and Bhargava
 Shastry discovered out-of-bounds reads in muliptle protocol parsers
 in tcpdump.  A remote attacker could use these to cause a denial
 of service (application crash). (CVE-2017-11108, CVE-2017-11541,
 CVE-2017-11542, CVE-2017-12893, CVE-2017-12894, CVE-2017-12895,
 CVE-2017-12896, CVE-2017-12897, CVE-2017-12898, CVE-2017-12899,
 CVE-2017-12900, CVE-2017-12901, CVE-2017-12902, CVE-2017-12985,
 CVE-2017-12986, CVE-2017-12987, CVE-2017-12988, CVE-2017-12991,
 CVE-2017-12992, CVE-2017-12993, CVE-2017-12994, CVE-2017-12996,
 CVE-2017-12998, CVE-2017-12999, CVE-2017-13000, CVE-2017-13001,
 CVE-2017-13002, CVE-2017-13003, CVE-2017-13004, CVE-2017-13005,
 CVE-2017-13006, CVE-2017-13007, CVE-2017-13008, CVE-2017-13009,
 CVE-2017-13010, CVE-2017-13012, CVE-2017-13013, CVE-2017-13014,
 CVE-2017-13015, CVE-2017-13016, CVE-2017-13017, CVE-2017-13018,
 CVE-2017-13019, CVE-2017-13020, CVE-2017-13021, CVE-2017-13022,
 CVE-2017-13023, CVE-2017-13024, CVE-2017-13025, CVE-2017-13026,
 CVE-2017-13027, CVE-2017-13028, CVE-2017-13029, CVE-2017-13030,
 CVE-2017-13031, CVE-2017-13032, CVE-2017-13033, CVE-2017-13034,
 CVE-2017-13035, CVE-2017-13036, CVE-2017-13037, CVE-2017-13038,
 CVE-2017-13039, CVE-2017-13040, CVE-2017-13041, CVE-2017-13042,
 CVE-2017-13043, CVE-2017-13044, CVE-2017-13045, CVE-2017-13046,
 CVE-2017-13047, CVE-2017-13048, CVE-2017-13049, CVE-2017-13050,
 CVE-2017-13051, CVE-2017-13052, CVE-2017-13053, CVE-2017-13054,
 CVE-2017-13055, CVE-2017-13687, CVE-2017-13688, CVE-2017-13689,
 CVE-2017-13690, CVE-2017-13725)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
  tcpdump                         4.9.2-0ubuntu0.12.04.1

In general, a standard system update will make all the necessary changes.

References:
  https://www.ubuntu.com/usn/usn-3415-2
  https://www.ubuntu.com/usn/usn-3415-1
  CVE-2017-11108, CVE-2017-11541, CVE-2017-11542, CVE-2017-11543,
  CVE-2017-12893, CVE-2017-12894, CVE-2017-12895, CVE-2017-12896,
  CVE-2017-12897, CVE-2017-12898, CVE-2017-12899, CVE-2017-12900,
  CVE-2017-12901, CVE-2017-12902, CVE-2017-12985, CVE-2017-12986,
  CVE-2017-12987, CVE-2017-12988, CVE-2017-12989, CVE-2017-12990,
  CVE-2017-12991, CVE-2017-12992, CVE-2017-12993, CVE-2017-12994,
  CVE-2017-12995, CVE-2017-12996, CVE-2017-12997, CVE-2017-12998,
  CVE-2017-12999, CVE-2017-13000, CVE-2017-13001, CVE-2017-13002,
  CVE-2017-13003, CVE-2017-13004, CVE-2017-13005, CVE-2017-13006,
  CVE-2017-13007, CVE-2017-13008, CVE-2017-13009, CVE-2017-13010,
  CVE-2017-13011, CVE-2017-13012, CVE-2017-13013, CVE-2017-13014,
  CVE-2017-13015, CVE-2017-13016, CVE-2017-13017, CVE-2017-13018,
  CVE-2017-13019, CVE-2017-13020, CVE-2017-13021, CVE-2017-13022,
  CVE-2017-13023, CVE-2017-13024, CVE-2017-13025, CVE-2017-13026,
  CVE-2017-13027, CVE-2017-13028, CVE-2017-13029, CVE-2017-13030,
  CVE-2017-13031, CVE-2017-13032, CVE-2017-13033, CVE-2017-13034,
  CVE-2017-13035, CVE-2017-13036, CVE-2017-13037, CVE-2017-13038,
  CVE-2017-13039, CVE-2017-13040, CVE-2017-13041, CVE-2017-13042,
  CVE-2017-13043, CVE-2017-13044, CVE-2017-13045, CVE-2017-13046,
  CVE-2017-13047, CVE-2017-13048, CVE-2017-13049, CVE-2017-13050,
  CVE-2017-13051, CVE-2017-13052, CVE-2017-13053, CVE-2017-13054,
  CVE-2017-13055, CVE-2017-13687, CVE-2017-13688, CVE-2017-13689,
  CVE-2017-13690, CVE-2017-13725

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWboGFIx+lLeg9Ub1AQjQHg/9GvndNsliGPO8Ch8UNAP/3JMVMHwSQlPy
XCfgdKZ4+QCe8JiOYn5nI9g8yC+d5PZST1zPhq7lPBBai42hugCvNgL+VA+ulHrF
50Qq4VYweoI+ITpKdeRJzJ+h0JNqoQA6C7PdR/qn8jpiTYJVq4Tf/Lm+HiPu7rRa
XC6N/ocB9+sa8MKte5i2/cazw6FT0GvzrnIKorz3xHAYMVJDjrka9DMU+PmqHzLk
Im1XG9vr3Isxsm8Fb92GxcLt1BNDxAJKsBq/Wm9x0E7FNzZON/G3GoNGPQBz9tEl
DC2ISQlWd5pmJnUn8GH/qLspkFPkhWuiK/mvxX6kqzrSYRepM793MFKO1nEQLh6A
UtsrSs/hVQQHn4Abh9YpqqE9eT3fbVDihS6MeBP09as/Oq6NHTYuTRz3Va+o0DGy
RLjy5fBcKM2/nt3Yz8R0nBXrtYyUnNkF8AIjqdVmMbYbMaQmtuZ0CC8Jj1O6YBEZ
BBCJMkZcDaI4mBTWl+RUg6mhC2jPgyEMb6EcJrhwlZLs8o5L6N4fMDnsIsnI7s6Q
rWE+e4K8mI07cXB6CuQXXa0zGxcG6mpdWDFcbx0fZEZZsf+bWQSkUv175vm9n+fL
NQwJqcczHvWrm72KN7OMlfD9JDFK6oKfmP1SWkzUHlQUh4X624ijwF5kD0msSky9
zS2iC+HncqM=
=STkN
-----END PGP SIGNATURE-----

« Back to bulletins