tcpdump 缓冲区错误漏洞
+ 查看更多
tcpdump是Tcpdump团队的一套运行在命令行下的嗅探工具。该工具主要用于数据包分析和网络流量捕获等。
tcpdump 4.9.2版本中的print-hncp.c文件的‘print_prefix’函数存在缓冲区错误漏洞。该漏洞源于网络系统或产品在内存上执行操作时,未正确验证数据边界,导致向关联的其他内存位置上执行了错误的读写操作。攻击者可利用该漏洞导致缓冲区溢出或堆溢出等。
目前厂商暂未发布修复措施解决此安全问题,建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法:
http://www.tcpdump.org/
来源:MISC
链接:https://github.com/zyingp/temp/blob/master/tcpdump.md
来源: BID
链接:https://www.securityfocus.com/bid/106098
来源:aix.software.ibm.com
链接::http://aix.software.ibm.com/aix/efixes/security/tcpdump_advisory4.asc
来源:www.tcpdump.org
链接:http://www.tcpdump.org/
来源:access.redhat.com
链接:https://access.redhat.com/security/cve/cve-2018-19519
来源:usn.ubuntu.com
链接:https://usn.ubuntu.com/4252-2/
来源:usn.ubuntu.com
链接:https://usn.ubuntu.com/4252-1/
来源:access.redhat.com
链接:https://access.redhat.com/errata/RHSA-2019:3976
来源:www.ibm.com
链接:http://www.ibm.com/support/docview.wss
来源:www-01.ibm.com
链接:https://www-01.ibm.com/support/docview.wss?uid=ibm10873086
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/155468/Red-Hat-Security-Advisory-2019-3976-01.html
来源:www.securityfocus.com
链接:http://www.securityfocus.com/bid/106098
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/76122
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2019.4489/
来源packetstormsecurity.com
链接:https://packetstormsecurity.com/files/156097/Ubuntu-Security-Notice-USN-4252-2.html
来源:www.securityfocus.com
链接:https://www.securityfocus.com/bid/106098
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.0289/