| Vulnerability Name: | CVE-2007-1218 (CCN-32749) | ||||||||||||||||||||||||
| Assigned: | 2007-03-01 | ||||||||||||||||||||||||
| Published: | 2007-03-01 | ||||||||||||||||||||||||
| Updated: | 2017-10-11 | ||||||||||||||||||||||||
| Summary: | Off-by-one buffer overflow in the parse_elements function in the 802.11 printer code (print-802_11.c) for tcpdump 3.9.5 and earlier allows remote attackers to cause a denial of service (crash) via a crafted 802.11 frame. Note: this was originally referred to as heap-based, but it might be stack-based. | ||||||||||||||||||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P) 5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||
| Vulnerability Type: | CWE-189 CWE-119 | ||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Mon Dec 17 2007 - 15:47:29 CST Apple OS X Software Update Remote Command Execution Source: MITRE Type: CNA CVE-2007-1218 Source: CCN Type: tcpdump CVS Repository CVS log for tcpdump/print-802_11.c Source: CONFIRM Type: UNKNOWN http://cvs.tcpdump.org/cgi-bin/cvsweb/tcpdump/print-802_11.c Source: MISC Type: UNKNOWN http://cvs.tcpdump.org/cgi-bin/cvsweb/tcpdump/print-802_11.c?r1=1.31.2.11&r2=1.31.2.12 Source: CCN Type: Apple Web site About Security Update 2007-009 Source: CONFIRM Type: UNKNOWN http://docs.info.apple.com/article.html?artnum=307179 Source: FEDORA Type: UNKNOWN FEDORA-2007-347 Source: FEDORA Type: UNKNOWN FEDORA-2007-348 Source: APPLE Type: UNKNOWN APPLE-SA-2007-12-17 Source: CCN Type: Full-Disclosure Mailing List, 2007-03-01 12:59:23 tcpdump: off-by-one heap overflow in 802.11 printer Source: CCN Type: RHSA-2007-0368 Moderate: tcpdump security and bug fix update Source: CCN Type: RHSA-2007-0387 Moderate: tcpdump security and bug fix update Source: FULLDISC Type: UNKNOWN 20070301 tcpdump: off-by-one heap overflow in 802.11 printer Source: CCN Type: SA24318 tcpdump 802.11 "parse_elements()" Off-By-One Vulnerability Source: SECUNIA Type: Vendor Advisory 24318 Source: SECUNIA Type: Vendor Advisory 24354 Source: SECUNIA Type: Vendor Advisory 24423 Source: SECUNIA Type: Vendor Advisory 24451 Source: SECUNIA Type: Vendor Advisory 24583 Source: SECUNIA Type: Vendor Advisory 24610 Source: SECUNIA Type: Vendor Advisory 27580 Source: CCN Type: SA28136 Apple Mac OS X Security Update Fixes Multiple Vulnerabilities Source: SECUNIA Type: Vendor Advisory 28136 Source: CCN Type: SECTRACK ID: 1017717 Tcpdump Off-by-One Heap Overflow Lets Remote Users Deny Service Source: CCN Type: ASA-2007-528 tcpdump security and bug fix update (RHSA-2007-0387) Source: DEBIAN Type: UNKNOWN DSA-1272 Source: DEBIAN Type: DSA-1272 tcpdump -- buffer overflow Source: MANDRIVA Type: UNKNOWN MDKSA-2007:056 Source: MANDRIVA Type: UNKNOWN MDKSA-2007:155 Source: OSVDB Type: UNKNOWN 32427 Source: CCN Type: OSVDB ID: 32427 tcpdump 802.11 parse_elements() Function Off-By-One Source: REDHAT Type: UNKNOWN RHSA-2007:0368 Source: REDHAT Type: UNKNOWN RHSA-2007:0387 Source: BID Type: UNKNOWN 22772 Source: CCN Type: BID-22772 tcpdump IEEE802.11 Printer Remote Buffer Overflow Vulnerability Source: SECTRACK Type: UNKNOWN 1017717 Source: CCN Type: TLSA-2007-46 Tcpdump denial of service attack Source: TURBO Type: UNKNOWN TLSA-2007-46 Source: CCN Type: USN-429-1 tcpdump vulnerability Source: UBUNTU Type: UNKNOWN USN-429-1 Source: CERT Type: US Government Resource TA07-352A Source: VUPEN Type: UNKNOWN ADV-2007-0793 Source: VUPEN Type: UNKNOWN ADV-2007-4238 Source: MISC Type: Vendor Advisory https://bugs.gentoo.org/show_bug.cgi?id=168916 Source: XF Type: UNKNOWN tcpdump-print80211c-bo(32749) Source: XF Type: UNKNOWN tcpdump-print80211c-bo(32749) Source: CONFIRM Type: UNKNOWN https://issues.rpath.com/browse/RPL-1100 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:9520 | ||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration RedHat 4: Configuration RedHat 5: Configuration RedHat 6: Configuration RedHat 7: Configuration RedHat 8: Configuration RedHat 9:  Denotes that component is vulnerable | ||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||