SB2017052514 - IBM AIX update for tcpdump
Published: May 25, 2017 Updated: May 30, 2017
Security Bulletin ID
SB2017052514
Severity
Medium
Patch available
YES
Number of vulnerabilities
33
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 33 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2016-7922)
The vulnerability allow a remote attacker to cause DoS condition or potentially execute arbitrary code on the target system.The weakness exists due to buffer overflow in the print-ah.c:ah_print() in the AH parser. A remote attacker can use a specially crafted AH protocol to trigger memory corruption and cause the application to crash or possibly execute arbitrary code.
Successful exploitation of the vulnerability may result system compromise.
2) Buffer overflow (CVE-ID: CVE-2016-7923)
The vulnerability allow a remote attacker to cause DoS condition or potentially execute arbitrary code on the target system.The weakness exists due to buffer overflow in the print-arp.c:arp_print() in the ARP parser. A remote attacker can use a specially crafted ARP protocol to trigger memory corruption and cause the application to crash or possibly execute arbitrary code.
Successful exploitation of the vulnerability may result system compromise.
3) Buffer overflow (CVE-ID: CVE-2016-7924)
The vulnerability allow a remote attacker to cause DoS condition or potentially execute arbitrary code on the target system.The weakness exists due to buffer overflow in the print-atm.c:oam_print() in the compressed ATM parser. A remote attacker can use a specially crafted ATM protocol to trigger memory corruption and cause the application to crash or possibly execute arbitrary code.
Successful exploitation of the vulnerability may result system compromise.
4) Buffer overflow (CVE-ID: CVE-2016-7925)
The vulnerability allow a remote attacker to cause DoS condition or potentially execute arbitrary code on the target system.The weakness exists due to buffer overflow in the print-sl.c:sl_if_print() in the compressed SLIP parser. A remote attacker can use a specially crafted SLIP protocol to trigger memory corruption and cause the application to crash or possibly execute arbitrary code.
Successful exploitation of the vulnerability may result system compromise.
5) Buffer overflow (CVE-ID: CVE-2016-7926)
The vulnerability allow a remote attacker to cause DoS condition or potentially execute arbitrary code on the target system.The weakness exists due to buffer overflow in the print-ether.c:ethertype_print() in the Ethernet parser. A remote attacker can use a specially crafted protocol to trigger memory corruption and cause the application to crash or possibly execute arbitrary code.
Successful exploitation of the vulnerability may result system compromise.
6) Buffer overflow (CVE-ID: CVE-2016-7927)
The vulnerability allow a remote attacker to cause DoS condition or potentially execute arbitrary code on the target system.The weakness exists due to buffer overflow in the print-802_11.c:ieee802_11_radio_print() in the IEEE 802.11 parser. A remote attacker can use a specially crafted protocol to trigger memory corruption and cause the application to crash or possibly execute arbitrary code.
Successful exploitation of the vulnerability may result system compromise.
7) Buffer overflow (CVE-ID: CVE-2016-7928)
The vulnerability allow a remote attacker to cause DoS condition or potentially execute arbitrary code on the target system.The weakness exists due to buffer overflow in the print-ipcomp.c:ipcomp_print() in the IPComp parser. A remote attacker can use a specially crafted IPComp protocol to trigger memory corruption and cause the application to crash or possibly execute arbitrary code.
Successful exploitation of the vulnerability may result system compromise.
8) Buffer overflow (CVE-ID: CVE-2016-7930)
The vulnerability allow a remote attacker to cause DoS condition or potentially execute arbitrary code on the target system.The weakness exists due to buffer overflow in the print-llc.c:llc_print() in the LLC/SNAP parser. A remote attacker can use a specially crafted LLC/SNAP protocol to trigger memory corruption and cause the application to crash or possibly execute arbitrary code.
Successful exploitation of the vulnerability may result system compromise.
9) Buffer overflow (CVE-ID: CVE-2016-7931)
The vulnerability allow a remote attacker to cause DoS condition or potentially execute arbitrary code on the target system.The weakness exists due to buffer overflow in the print-mpls.c:mpls_print() in the MPLS parser. A remote attacker can use a specially crafted MPLS protocol to trigger memory corruption and cause the application to crash or possibly execute arbitrary code.
Successful exploitation of the vulnerability may result system compromise.
10) Buffer overflow (CVE-ID: CVE-2016-7932)
The vulnerability allow a remote attacker to cause DoS condition or potentially execute arbitrary code on the target system.The weakness exists due to buffer overflow in the print-pim.c:pimv2_check_checksum() in the PIM parser. A remote attacker can use a specially crafted PIM protocol to trigger memory corruption and cause the application to crash or possibly execute arbitrary code.
Successful exploitation of the vulnerability may result system compromise.
11) Buffer overflow (CVE-ID: CVE-2016-7933)
The vulnerability allow a remote attacker to cause DoS condition or potentially execute arbitrary code on the target system.The weakness exists due to buffer overflow in the print-ppp.c:ppp_hdlc_if_print() in the PPP parser. A remote attacker can use a specially crafted PPP protocol to trigger memory corruption and cause the application to crash or possibly execute arbitrary code.
Successful exploitation of the vulnerability may result system compromise.
12) Buffer overflow (CVE-ID: CVE-2016-7934)
The vulnerability allow a remote attacker to cause DoS condition or potentially execute arbitrary code on the target system.The weakness exists due to buffer overflow in the print-udp.c:rtcp_print() in the RTCP parser. A remote attacker can use a specially crafted RTCP protocol to trigger memory corruption and cause the application to crash or possibly execute arbitrary code.
Successful exploitation of the vulnerability may result system compromise.
13) Buffer overflow (CVE-ID: CVE-2016-7935)
The vulnerability allow a remote attacker to cause DoS condition or potentially execute arbitrary code on the target system.The weakness exists due to buffer overflow in the print-udp.c:rtp_print() in the RTP parser. A remote attacker can use a specially crafted RTP protocol to trigger memory corruption and cause the application to crash or possibly execute arbitrary code.
Successful exploitation of the vulnerability may result system compromise.
14) Buffer overflow (CVE-ID: CVE-2016-7936)
The vulnerability allow a remote attacker to cause DoS condition or potentially execute arbitrary code on the target system.The weakness exists due to buffer overflow in the print-udp.c:udp_print() in the UDP parser. A remote attacker can use a specially crafted UDP protocol to trigger memory corruption and cause the application to crash or possibly execute arbitrary code.
Successful exploitation of the vulnerability may result system compromise.
15) Buffer overflow (CVE-ID: CVE-2016-7937)
The vulnerability allow a remote attacker to cause DoS condition or potentially execute arbitrary code on the target system.The weakness exists due to buffer overflow in the print-udp.c:vat_print() in the VAT parser. A remote attacker can use a specially crafted VAT protocol to trigger memory corruption and cause the application to crash or possibly execute arbitrary code.
Successful exploitation of the vulnerability may result system compromise.
16) Buffer overflow (CVE-ID: CVE-2016-7939)
The vulnerability allow a remote attacker to cause DoS condition or potentially execute arbitrary code on the target syste.The weakness exists due to buffer overflow in the print-gre.c in the GRE parser. A remote attacker can use a specially crafted GRE protocol to trigger memory corruption and cause the application to crash or possibly execute arbitrary code.
Successful exploitation of the vulnerability may result system compromise.
17) Buffer overflow (CVE-ID: CVE-2016-7940)
The vulnerability allow a remote attacker to cause DoS condition or potentially execute arbitrary code on the target system.The weakness exists due to buffer overflow in the print-stp.c in the STP parser. A remote attacker can use a specially crafted STP protocol to trigger memory corruption and cause the application to crash or possibly execute arbitrary code.
Successful exploitation of the vulnerability may result system compromise.
18) Buffer overflow (CVE-ID: CVE-2016-7973)
The vulnerability allow a remote attacker to cause DoS condition or potentially execute arbitrary code on the target system.The weakness exists due to buffer overflow in the print-atalk.c in the AppleTalk parser. A remote attacker can use a specially crafted protocol to trigger memory corruption and cause the application to crash or possibly execute arbitrary code.
Successful exploitation of the vulnerability may result system compromise.
19) Buffer overflow (CVE-ID: CVE-2016-7974)
The vulnerability allow a remote attacker to cause DoS condition or potentially execute arbitrary code on the target syste.The weakness exists due to buffer overflow in the print-ip.c in the IP parser. A remote attacker can use a speciall crafted IP protocol to trigger memory corruption and cause the application to crash or possibly execute arbitrary code.
Successful exploitation of the vulnerability may result system compromise.
20) Buffer overflow (CVE-ID: CVE-2016-7975)
The vulnerability allow a remote attacker to cause DoS condition or potentially execute arbitrary code on the target syste.The weakness exists due to buffer overflow in the print-tcp.c:tcp_print() in the TCP parser. A remote attacker can use a speciall crafted TCP protocol to trigger memory corruption and cause the application to crash or possibly execute arbitrary code.
Successful exploitation of the vulnerability may result system compromise.
21) Buffer overflow (CVE-ID: CVE-2016-7983)
The vulnerability allow a remote attacker to cause DoS condition or potentially execute arbitrary code on the target syste.The weakness exists due to buffer overflow in the print-bootp.c:bootp_print() in the BOOTP parser. A remote attacker can use a specially crafted protocol to trigger memory corruption and cause the application to crash or possibly execute arbitrary code.
Successful exploitation of the vulnerability may result system compromise.
22) Buffer overflow (CVE-ID: CVE-2016-7984)
The vulnerability allow a remote attacker to cause DoS condition or potentially execute arbitrary code on the target syste.The weakness exists due to buffer overflow in the print-tftp.c:tftp_print() in the TFTP parser. A remote attacker can use a specially crafted protocol to trigger memory corruption and cause the application to crash or possibly execute arbitrary code.
Successful exploitation of the vulnerability may result system compromise.
23) Buffer overflow (CVE-ID: CVE-2016-7992)
The vulnerability allow a remote attacker to cause DoS condition or potentially execute arbitrary code on the target syste.The weakness exists due to buffer overflow in the print-cip.c:cip_if_print() in the Classical IP over ATM parser. A remote attacker can use a specially crafted protocol to trigger memory corruption and cause the application to crash or possibly execute arbitrary code.
Successful exploitation of the vulnerability may result system compromise.
24) Buffer overflow (CVE-ID: CVE-2016-7993)
The vulnerability allow a remote attacker to cause DoS condition or potentially execute arbitrary code on the target syste.The weakness exists due to buffer overflow in the util-print.c:relts_print() in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP, lightweight resolver protocol, PIM). A remote attacker can use a specially crafted protocol to trigger memory corruption and cause the application to crash or possibly execute arbitrary code.
Successful exploitation of the vulnerability may result system compromise.
25) Buffer overflow (CVE-ID: CVE-2016-8574)
The vulnerability allow a remote attacker to cause DoS condition or potentially execute arbitrary code on the target syste.The weakness exists due to buffer overflow in print-fr.c:frf15_print() in the FRF.15 parser. A remote attacker can use a specially crafted FRF.15 protocol to trigger memory corruption and cause the application to crash or possibly execute arbitrary code.
Successful exploitation of the vulnerability may result system compromise.
26) Buffer overflow (CVE-ID: CVE-2016-8575)
The vulnerability allow a remote attacker to cause DoS condition or potentially execute arbitrary code on the target syste.The weakness exists due to buffer overflow in print-fr.c:q933_print() in the Q.933 parser. A remote attacker can use a specially crafted Q.933 protocol to trigger memory corruption and cause the application to crash or possibly execute arbitrary code.
Successful exploitation of the vulnerability may result system compromise.
27) Buffer overflow (CVE-ID: CVE-2017-5202)
The vulnerability allow a remote attacker to cause DoS condition or potentially execute arbitrary code on the target syste.The weakness exists due to buffer overflow in print-isoclns.c:clnp_print() in the ISO CLNS parser. A remote attacker can use a specially crafted ISO CLNS protocol to trigger memory corruption and cause the application to crash or possibly execute arbitrary code.
Successful exploitation of the vulnerability may result system compromise.
28) Buffer overflow (CVE-ID: CVE-2017-5203)
The vulnerability allow a remote attacker to cause DoS condition or potentially execute arbitrary code on the target syste.The weakness exists due to buffer overflow in print-bootp.c:bootp_print() in the BOOTP parser. A remote attacker can use a specially crafted BOOTP protocol to trigger memory corruption and cause the application to crash or possibly execute arbitrary code.
Successful exploitation of the vulnerability may result system compromise.
29) Buffer overflow (CVE-ID: CVE-2017-5204)
The vulnerability allow a remote attacker to cause DoS condition or potentially execute arbitrary code on the target syste.The weakness exists due to buffer overflow in print-ip6.c:ip6_print() in the IPv6 parser. A remote attacker can use a specially crafted IPv6 protocol to trigger memory corruption and cause the application to crash or possibly execute arbitrary code.
Successful exploitation of the vulnerability may result system compromise.
30) Buffer overflow (CVE-ID: CVE-2017-5482)
The vulnerability allow a remote attacker to cause DoS condition or potentially execute arbitrary code on the target syste.The weakness exists due to buffer overflow in print-fr.c:q933_print() in the Q.933 parser. A remote attacker can use a specially crafted Q.933 protocol to trigger memory corruption and cause the application to crash or possibly execute arbitrary code.
Successful exploitation of the vulnerability may result system compromise.
31) Buffer overflow (CVE-ID: CVE-2017-5483)
The vulnerability allow a remote attacker to cause DoS condition or potentially execute arbitrary code on the target syste.The weakness exists due to buffer overflow in print-snmp.c:asn1_parse() in the SNMP parser. A remote attacker can use a specially crafted SNMP protocol to trigger memory corruption and cause the application to crash or possibly execute arbitrary code.
Successful exploitation of the vulnerability may result system compromise.
32) Buffer overflow (CVE-ID: CVE-2017-5484)
The vulnerability allow a remote attacker to cause DoS condition or potentially execute arbitrary code on the target syste.The weakness exists due to buffer overflow in print-atm.c:sig_print() in the ATM parser. A remote attacker can use a specially crafted ATM protocol to trigger memory corruption and cause the application to crash or possibly execute arbitrary code.
Successful exploitation of the vulnerability may result system compromise.
33) Buffer overflow (CVE-ID: CVE-2017-5486)
The vulnerability allow a remote attacker to cause DoS condition or potentially execute arbitrary code on the target syste.The weakness exists due to buffer overflow in print-isoclns.c:clnp_print() in the ISO CLNS parser. A remote attacker can use a specially crafted ISO CLNS protocol to trigger memory corruption and cause the application to crash or possibly execute arbitrary code.
Successful exploitation of the vulnerability may result system compromise.
Remediation
Install update from vendor's website.