Sense of Security is one of Australia’s most trusted providers of cyber resilience, information security and risk management services.

Latest announcements
© Copyright Sense of Security

Security Advisory – SOS-15-001 – tcpdump Memory Disclosure Vulnerability

Release Date: 21-Jan-2015

Last Update:

Vendor Notification Date: 05-Jan-2015

Product: tcpdump

Platform: Windows / *nix / Mac OSX

Affected versions: 4.1 – 4.6.2

Severity Rating: Medium

Impact: Memory disclosure
Out-of-bound read access
Denial of Service

Attack Vector: Local

Solution Status: Vendor update

CVE reference: CVE-2015-1037


tcpdump is a common command line packet analyser. It allows the user to display TCP/IP and other packets being transmitted or received over a network to which the computer is attached. When dissecting an ARCNet packet type, tcpdump uses the length announced in the PCAP in the ARCNet header to read and display the packet content mapped in memory, by calling the function hex_and_ascii_print_with_offset(). If the captured length is less than the length announced in the packet (which can be forged), the call to arcnet_if_print() function will dump memory content, eventually causing tcpdump to generate a segmentation fault crash if the pointer reaches an invalid address.

Please refer to the PDF version of this advisory for proof of concept code examples.


Update to tcpdump version 4.6.3.

Discovered By

Christophe Alladoum from Sense of Security Labs.

Our expert consultants are here to help you. For all your Cyber Security needs please contact us today.

No Comments

Sorry, the comment form is closed at this time.