6.8 - CVE-2007-1218

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Informations
Name	CVE-2007-1218	First vendor Publication	2007-03-02
Vendor	Cve	Last vendor Modification	2017-10-11

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score	6.8	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Off-by-one buffer overflow in the parse_elements function in the 802.11 printer code (print-802_11.c) for tcpdump 3.9.5 and earlier allows remote attackers to cause a denial of service (crash) via a crafted 802.11 frame. NOTE: this was originally referred to as heap-based, but it might be stack-based.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1218

CWE : Common Weakness Enumeration

%	Id	Name
50 %	CWE-189	Numeric Errors (CWE/SANS Top 25)
50 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:9520

Oval ID:	oval:org.mitre.oval:def:9520
Title:	Off-by-one buffer overflow in the parse_elements function in the 802.11 printer code (print-802_11.c) for tcpdump 3.9.5 and earlier allows remote attackers to cause a denial of service (crash) via a crafted 802.11 frame. NOTE: this was originally referred to as heap-based, but it might be stack-based.
Description:	Off-by-one buffer overflow in the parse_elements function in the 802.11 printer code (print-802_11.c) for tcpdump 3.9.5 and earlier allows remote attackers to cause a denial of service (crash) via a crafted 802.11 frame. NOTE: this was originally referred to as heap-based, but it might be stack-based.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2007-1218	Version:	5
Platform(s):	Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section arpwatch is earlier than 14:2.1a13-12.el4 AND libpcap is earlier than 14:0.8.3-12.el4 AND tcpdump is earlier than 14:3.8.2-12.el4 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section arpwatch is earlier than 14:2.1a13-18.el5 AND libpcap-devel is earlier than 14:0.9.4-11.el5 AND libpcap is earlier than 14:0.9.4-11.el5 AND tcpdump is earlier than 14:3.9.4-11.el5

CPE : Common Platform Enumeration

Type	Description	Count
Application	Tcpdump cpe:2.3:a:tcpdump:tcpdump::::::::	1

OpenVAS Exploits

Date	Description
2010-05-12	Name : Mac OS X Security Update 2007-009 File : nvt/macosx_secupd_2007-009.nasl
2009-04-09	Name : Mandriva Update for tcpdump MDKSA-2007:056 (tcpdump) File : nvt/gb_mandriva_MDKSA_2007_056.nasl
2009-03-23	Name : Ubuntu Update for tcpdump vulnerability USN-429-1 File : nvt/gb_ubuntu_USN_429_1.nasl
2009-02-27	Name : Fedora Update for tcpdump FEDORA-2007-347 File : nvt/gb_fedora_2007_347_tcpdump_fc6.nasl
2009-02-27	Name : Fedora Update for tcpdump FEDORA-2007-348 File : nvt/gb_fedora_2007_348_tcpdump_fc5.nasl
2008-01-17	Name : Debian Security Advisory DSA 1272-1 (tcpdump) File : nvt/deb_1272_1.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
32427	tcpdump 802.11 parse_elements() Function Off-By-One Tcpdump contains a flaw that may allow a remote denial of service. The issue is triggered due to a off-by-one heap overflow in the 'parse_elements()' function. By sending a malformed 802.11 frame, a remote attacker could cause a denial of service resulting in a loss of availability.

Nessus® Vulnerability Scanner

Date	Description
2013-06-29	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0387.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071109_tcpdump_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071115_tcpdump_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2007-155.nasl - Type : ACT_GATHER_INFO
2007-12-18	Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2007-009.nasl - Type : ACT_GATHER_INFO
2007-11-16	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0387.nasl - Type : ACT_GATHER_INFO
2007-11-10	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-429-1.nasl - Type : ACT_GATHER_INFO
2007-11-08	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0368.nasl - Type : ACT_GATHER_INFO
2007-03-26	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1272.nasl - Type : ACT_GATHER_INFO
2007-03-18	Name : The remote Fedora Core host is missing a security update. File : fedora_2007-347.nasl - Type : ACT_GATHER_INFO
2007-03-18	Name : The remote Fedora Core host is missing a security update. File : fedora_2007-348.nasl - Type : ACT_GATHER_INFO
2007-03-12	Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2007-056.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source	Url
APPLE	http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
BID	http://www.securityfocus.com/bid/22772
CERT	http://www.us-cert.gov/cas/techalerts/TA07-352A.html
CONFIRM	http://cvs.tcpdump.org/cgi-bin/cvsweb/tcpdump/print-802_11.c http://docs.info.apple.com/article.html?artnum=307179 https://issues.rpath.com/browse/RPL-1100
DEBIAN	http://www.debian.org/security/2007/dsa-1272
FEDORA	http://fedoranews.org/cms/node/2798 http://fedoranews.org/cms/node/2799
FULLDISC	http://seclists.org/fulldisclosure/2007/Mar/0003.html
MANDRIVA	http://www.mandriva.com/security/advisories?name=MDKSA-2007:056 http://www.mandriva.com/security/advisories?name=MDKSA-2007:155
MISC	http://cvs.tcpdump.org/cgi-bin/cvsweb/tcpdump/print-802_11.c?r1=1.31.2.11&... https://bugs.gentoo.org/show_bug.cgi?id=168916
OSVDB	http://www.osvdb.org/32427
OVAL	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
REDHAT	http://www.redhat.com/support/errata/RHSA-2007-0368.html http://www.redhat.com/support/errata/RHSA-2007-0387.html
SECTRACK	http://www.securitytracker.com/id?1017717
SECUNIA	http://secunia.com/advisories/24318 http://secunia.com/advisories/24354 http://secunia.com/advisories/24423 http://secunia.com/advisories/24451 http://secunia.com/advisories/24583 http://secunia.com/advisories/24610 http://secunia.com/advisories/27580 http://secunia.com/advisories/28136
TURBO	http://www.turbolinux.com/security/2007/TLSA-2007-46.txt
UBUNTU	http://www.ubuntu.com/usn/usn-429-1
VUPEN	http://www.vupen.com/english/advisories/2007/0793 http://www.vupen.com/english/advisories/2007/4238
XF	https://exchange.xforce.ibmcloud.com/vulnerabilities/32749

Alert History

If you want to see full details history, please login or register.

Date	Informations
2021-05-05 01:03:22	Multiple Updates
2021-04-22 01:06:00	Multiple Updates
2020-05-23 01:37:54	Multiple Updates
2020-05-23 00:19:22	Multiple Updates
2019-10-05 12:01:58	Multiple Updates
2017-10-11 09:23:52	Multiple Updates
2017-07-29 12:02:04	Multiple Updates
2016-06-28 16:15:18	Multiple Updates
2016-04-26 15:49:36	Multiple Updates
2014-02-17 10:39:18	Multiple Updates
2013-05-11 10:20:04	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	2
Oval ID(s)	1
CPE ID(s)	1
Sources(s)	32
osvdb(s)	1
Openvas Exploit(s)	6
Nessus® Exploit(s)	12

	Related
10	TA07-352A
6.8	USN-429-1
6.8	RHSA-2007:0387
6.8	RHSA-2007:0368
6.8	DSA-1272
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 5 more Alert(s)