Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Required
Privileges Required
None
Attack Vector
Local
0

CVE-2018-14879

Disclosure Date: October 03, 2019
CVE-2018-14879 CVSS v3 Base Score: 7.0
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file().

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
7.0 High
Impact Score:
5.9
Exploitability Score:
1
Vector:
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector (AV):
Local
Attack Complexity (AC):
High
Privileges Required (PR):
None
User Interaction (UI):
Required
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • apple,
  • debian,
  • f5,
  • fedoraproject,
  • opensuse,
  • redhat,
  • tcpdump

Products

  • debian linux 10.0,
  • debian linux 8.0,
  • debian linux 9.0,
  • enterprise linux 7.0,
  • enterprise linux 8.0,
  • fedora 29,
  • fedora 30,
  • fedora 31,
  • leap 15.0,
  • leap 15.1,
  • mac os x,
  • tcpdump,
  • traffix signaling delivery controller

References

Canonical
CVE-2018-14879 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14879)
Advisory
https://github.com/the-tcpdump-group/tcpdump/commit/9ba91381954ad325ea4fd26b9c65a8bd9a2a85b6
[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update (https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html)
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html
20191021 [SECURITY] [DSA 4547-1] tcpdump security update (https://seclists.org/bugtraq/2019/Oct/28)
DSA-4547 (https://www.debian.org/security/2019/dsa-4547)
FEDORA-2019-85d92df70f (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU)
FEDORA-2019-d06bc63433 (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN)
FEDORA-2019-6db0d5b9d9 (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN)
https://support.f5.com/csp/article/K51512510?utm_source=f5support&utm_medium=RSS
https://support.apple.com/kb/HT210788
20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra (https://seclists.org/bugtraq/2019/Dec/23)
20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra (http://seclists.org/fulldisclosure/2019/Dec/26)
https://security.netapp.com/advisory/ntap-20200120-0001
USN-4252-2 (https://usn.ubuntu.com/4252-2)
USN-4252-1 (https://usn.ubuntu.com/4252-1)
Miscellaneous
https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis