tcpdump 緩沖區錯誤漏洞

發布日期:2018-11-26 00:00:00
漏洞信息詳情
CNNVD編號:CNNVD-201811-665
CVE編號: CVE-2018-19519
發布時間: 2018-11-26
更新時間: 2020-02-12
危害等級: 中危
漏洞類型: 緩沖區錯誤
威脅類型: 本地
廠       商:
漏洞簡介

tcpdump是Tcpdump團隊的一套運行在命令行下的嗅探工具。該工具主要用于數據包分析和網絡流量捕獲等。

tcpdump 4.9.2版本中的print-hncp.c文件的‘print_prefix’函數存在緩沖區錯誤漏洞。該漏洞源于網絡系統或產品在內存上執行操作時,未正確驗證數據邊界,導致向關聯的其他內存位置上執行了錯誤的讀寫操作。攻擊者可利用該漏洞導致緩沖區溢出或堆溢出等。

建議

目前廠商暫未發布修復措施解決此安全問題,建議使用此軟件的用戶隨時關注廠商主頁或參考網址以獲取解決辦法:
http://www.tcpdump.org/

參考網址

來源:MISC
鏈接:https://github.com/zyingp/temp/blob/master/tcpdump.md

來源:FEDORA
鏈接:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/

來源: BID
鏈接:https://www.securityfocus.com/bid/106098

來源:aix.software.ibm.com
鏈接::http://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory4.asc

來源:www.tcpdump.org
鏈接:http://www.tcpdump.org/

來源:access.redhat.com
鏈接:https://access.redhat.com/security/cve/cve-2018-19519

來源:FEDORA
鏈接:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/

來源:FEDORA
鏈接:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/

來源:usn.ubuntu.com
鏈接:https://usn.ubuntu.com/4252-2/

來源:usn.ubuntu.com
鏈接:https://usn.ubuntu.com/4252-1/

來源:access.redhat.com
鏈接:https://access.redhat.com/errata/RHSA-2019:3976

來源:www.ibm.com
鏈接:http://www.ibm.com/support/docview.wss

來源:www-01.ibm.com
鏈接:https://www-01.ibm.com/support/docview.wss?uid=ibm10873086

來源:packetstormsecurity.com
鏈接:https://packetstormsecurity.com/files/155468/Red-Hat-Security-Advisory-2019-3976-01.html

來源:www.securityfocus.com
鏈接:http://www.securityfocus.com/bid/106098

來源:www.auscert.org.au
鏈接:https://www.auscert.org.au/bulletins/76122

來源:www.auscert.org.au
鏈接:https://www.auscert.org.au/bulletins/ESB-2019.4489/

來源packetstormsecurity.com
鏈接:https://packetstormsecurity.com/files/156097/Ubuntu-Security-Notice-USN-4252-2.html

來源:www.securityfocus.com
鏈接:https://www.securityfocus.com/bid/106098

來源:www.auscert.org.au
鏈接:https://www.auscert.org.au/bulletins/ESB-2020.0289/