Tcpdump 4.8.1 parsers Overflow Vulnerability

Summary

In tcpdump before 4.9.0, a bug in multiple protocol parsers (Geneve, GRE, NSH, OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in print-ether.c:ether_print().

Credit:

The original article can be found at: http://www.securityfocus.com/bid/95852


Details

Vulnerable Systems:
 * Tcpdump 4.8.1

Tcpdump is prone to a overflow vulnerability.This allows a remote attackers to execute arbitrary code via crafted packets and cause a denial of service (memory corruption)

CVE Information:
CVE-2017-5342

Disclosure Timeline:
Publish Date : 2017-01-27
Last Update Date : 2017-02-01

Categories: News