Vigil@nce - tcpdump: multiple vulnerabilities
December 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of tcpdump.
– Impacted products: Fedora, Unix (platform)
– Severity: 2/4
– Creation date: 18/11/2014
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in tcpdump.
An attacker can send a malicious OLSR packet, in order to trigger
a denial of service. [severity:2/4; CVE-2014-8767]
An attacker can send a malicious Geonet packet, in order to
trigger a denial of service. [severity:2/4; CVE-2014-8768]
An attacker can send malicious AOVD packets, in order to force
tcpdump to display invalid data. [severity:1/4; CVE-2014-8769]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/tcpdump-multiple-vulnerabilities-15660