Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.1787 Security Bulletin: Multiple Security Issues in IBM Tealeaf Customer Experience PCA (2018.06.18) 19 June 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM Tealeaf Customer Experience PCA Publisher: IBM Operating System: Linux variants Windows Virtualisation Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Access Privileged Data -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Provide Misleading Information -- Remote/Unauthenticated Reduced Security -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2017-16808 CVE-2017-13725 CVE-2017-13690 CVE-2017-13689 CVE-2017-13688 CVE-2017-13687 CVE-2017-13055 CVE-2017-13054 CVE-2017-13053 CVE-2017-13052 CVE-2017-13051 CVE-2017-13050 CVE-2017-13049 CVE-2017-13048 CVE-2017-13047 CVE-2017-13046 CVE-2017-13045 CVE-2017-13044 CVE-2017-13043 CVE-2017-13042 CVE-2017-13041 CVE-2017-13040 CVE-2017-13039 CVE-2017-13038 CVE-2017-13037 CVE-2017-13036 CVE-2017-13035 CVE-2017-13034 CVE-2017-13033 CVE-2017-13032 CVE-2017-13031 CVE-2017-13030 CVE-2017-13029 CVE-2017-13028 CVE-2017-13027 CVE-2017-13026 CVE-2017-13025 CVE-2017-13024 CVE-2017-13023 CVE-2017-13022 CVE-2017-13021 CVE-2017-13020 CVE-2017-13019 CVE-2017-13018 CVE-2017-13017 CVE-2017-13016 CVE-2017-13015 CVE-2017-13014 CVE-2017-13013 CVE-2017-13012 CVE-2017-13011 CVE-2017-13010 CVE-2017-13009 CVE-2017-13008 CVE-2017-13007 CVE-2017-13006 CVE-2017-13005 CVE-2017-13004 CVE-2017-13003 CVE-2017-13002 CVE-2017-13001 CVE-2017-13000 CVE-2017-12999 CVE-2017-12998 CVE-2017-12997 CVE-2017-12996 CVE-2017-12995 CVE-2017-12994 CVE-2017-12993 CVE-2017-12992 CVE-2017-12991 CVE-2017-12990 CVE-2017-12989 CVE-2017-12988 CVE-2017-12987 CVE-2017-12986 CVE-2017-12985 CVE-2017-12933 CVE-2017-12932 CVE-2017-12902 CVE-2017-12901 CVE-2017-12900 CVE-2017-12899 CVE-2017-12898 CVE-2017-12897 CVE-2017-12896 CVE-2017-12895 CVE-2017-12894 CVE-2017-12893 CVE-2017-12171 CVE-2017-11142 CVE-2017-9951 CVE-2017-9798 CVE-2017-7679 CVE-2017-7668 CVE-2017-3735 CVE-2017-3169 CVE-2015-3138 Reference: ASB-2018.0095 ASB-2018.0019 ASB-2017.0219 ASB-2017.0209 ESB-2018.1703 ESB-2018.1247 ESB-2018.1196 Original Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22016641 - --------------------------BEGIN INCLUDED TEXT-------------------- Security Bulletin: Multiple Security Issues in IBM Tealeaf Customer Experience PCA Document information More support for: Tealeaf Customer Experience Software version: 8.7, 8.8, 9.0.1, 9.0.2 Operating system(s): Platform Independent Reference #: 2016641 Modified date: 18 June 2018 Summary Multiple vulnerabilities in Apache HTTPD can cause denial of service and allow a remote attacker to bypass security restrictions and obtain sensitive information in IBM Tealeaf Customer Experience PCA. A Vulnerability in the Memcached library used by the IBM Tealeaf Customer Experience PCA could permit a denial of service attack. Multiple vulnerabilities in the PHP library used by the IBM Tealeaf Customer Experience PCA could permit a denial of service attack, allowing a remote attacker to bypass security restrictions and obtain sensitive information and thus providing weaker than expected security. Apache HTTP Server vulnerability could allow a remote attacker to obtain sensitive information and gain access to restricted HTTP resource. Apache HTTP Server is used by IBM Tealeaf Customer Experience PCA and the applicable CVEs have been addressed. Multiple vulnerabilities in the tcpdump library used by the IBM Tealeaf Customer Experience PCA could allow a denial of service attack and allow a remote attacker to obtain sensitive information. A Vulnerability in the OpenSSL library used by the IBM Tealeaf Customer Experience PCA could permit a a remote attacker to obtain sensitive information. Vulnerability Details CVEID: CVE-2017-7679 DESCRIPTION: Apache HTTPD could allow a remote attacker to obtain sensitive information, caused by a buffer overread in mod_mime. By sending a specially crafted Content-Type response header, a remote attacker could exploit this vulnerability to read one byte past the end of a buffer. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 127420 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-7668 DESCRIPTION: Apache HTTPD is vulnerable to a denial of service, caused by a buffer overread in the ap_find_token() function. By sending a specially crafted sequence of request headers, a remote attacker could exploit this vulnerability to cause a segmentation fault. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 127419 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID: CVE-2017-3169 DESCRIPTION: Apache HTTPD is vulnerable to a denial of service, caused by a NULL pointer dereference in mod_ssl. By sending a specially crafted HTTP request to an HTTPS port, a remote attacker could exploit this vulnerability to cause a denial of service. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 127417 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID: CVE-2017-9951 DESCRIPTION: Memcached is vulnerable to a denial of service, caused by a heap-based buffer over-read in the try_read_command function. By sending a request to add/set a key, a remote attacker could exploit this vulnerability to cause a segmentation fault. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 128607 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID: CVE-2017-11142 DESCRIPTION: PHP is vulnerable to a denial of service, caused by a flaw in the main/php_variables.c. By injecting long form variables, a remote attacker could exploit this vulnerability to cause a CPU consumption. CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 129131 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2017-12933 DESCRIPTION: PHP could provide weaker than expected security, caused by a buffer over-read in the finish_nested_data function in ext/standard/ var_unserializer.re. A remote attacker could exploit this vulnerability to have an unspecified impact on the integrity of PHP. CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 130648 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) CVEID: CVE-2017-12932 DESCRIPTION: PHP could provide weaker than expected security, caused by a flaw in the ext/standard/var_unserializer.re. A remote attacker could exploit this vulnerability to have an unspecified impact on the integrity of PHP. CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 130649 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) CVEID: CVE-2017-9798 DESCRIPTION: Apache HTTP Server could allow a remote attacker to obtain sensitive information, caused by a flaw in the HTTP OPTIONS method, aka Optionsbleed. By sending an OPTIONS HTTP request, a remote attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 132159 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) CVEID: CVE-2017-12171 DESCRIPTION: A regression error in Apache HTTPD on Red Hat Enterprise Linux could allow a remote attacker to bypass security restrictions, caused by the improper parsing of comments in the "Allow" and "Deny" configuration lines. An attacker could exploit this vulnerability to bypass security restrictions and allow any client to gain access to restricted HTTP resource. CVSS Base Score: 6.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 133645 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) CVEID: CVE-2017-13725 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IPv6 routing headers component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 132014 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-13690 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IKEv2 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 132013 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-13689 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IKEv1 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 132012 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-13688 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the OLSR component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 132011 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-13687 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the Cisco HDLC component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 132010 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-13055 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISO IS-IS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131898 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-13054 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the LLDP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131988 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-12985 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IPv6 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131875 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-12902 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the Zephyr component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131874 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-12901 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the EIGRP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131873 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-12900 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the tok2strbuf component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131872 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-12899 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the DECnet component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131871 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-12898 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the NFS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131868 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-12897 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISO CLNS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131867 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-12896 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISAKMP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131877 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-12895 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ICMP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131865 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-12993 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the Juniper component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131892 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-12992 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the RIPng component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131891 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-12991 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the BGP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131886 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-12990 DESCRIPTION: tcpdump is vulnerable to a denial of service, caused by an error in the ISAKMP component. By sending specially crafted data, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131807 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2017-12989 DESCRIPTION: tcpdump is vulnerable to a denial of service, caused by an error in the RESP component. By sending specially crafted data, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131794 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2017-12988 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the telnet component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131885 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-12987 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IEEE 802.11 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131883 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-12986 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IPv6 routing headers component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131876 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-12893 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the SMB/CIFS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131810 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-12894 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the lookup_bytestring component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131864 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2015-3138 DESCRIPTION: tcpdump is vulnerable to a denial of service, caused by a flaw in the print-wb.c. An attacker could exploit this vulnerability to cause segmentation fault and process crash. CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 132784 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2017-13033 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the VTP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131983 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-13030 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the PIM component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131991 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-13029 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the PPP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131990 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-13028 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the BOOTP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131989 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-13027 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the LLDP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131987 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-13026 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISO IS-IS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131897 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-13032 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the RADIUS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131997 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-13031 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IPv6 fragmentation header component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131996 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-13025 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IPv6 mobility component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131882 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-13024 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IPv6 mobility component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131881 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-13023 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IPv6 mobility component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131880 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-13022 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131986 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-13021 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ICMPv6 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131984 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-13020 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the VTP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131982 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-13019 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the PGM component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131913 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-13018 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the PGM component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131912 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-13017 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the DHCPv6 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131911 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-13016 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISO ES-IS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131909 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-13015 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the EAP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131908 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-13014 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the White Board component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131907 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-13012 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ICMP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131878 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-13011 DESCRIPTION: tcpdump is vulnerable to a buffer overflow, caused by improper bounds checking by the bittok2str_internal component. By sending an overly long string argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. CVSS Base Score: 7.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131781 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) CVEID: CVE-2017-13010 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the BEEP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131905 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-13009 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IPv6 mobility component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131879 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-13008 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IEEE 802.11 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131884 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-13007 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the Apple PKTAP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131904 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-13006 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the L2TP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131903 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-13005 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the NFS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131869 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-13004 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the Juniper component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131893 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-13003 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the LMP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131902 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-13002 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the AODV component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131901 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-13001 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the NFS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131870 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-13000 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IEEE 802.15.4 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131900 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-12999 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISO IS-IS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131896 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-13013 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ARP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131906 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-12998 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISO IS-IS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131895 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-12997 DESCRIPTION: tcpdump is vulnerable to a denial of service, caused by an error in the LLDP component. By sending specially crafted data, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131809 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2017-12996 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the PIMv2 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131894 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-12995 DESCRIPTION: tcpdump is vulnerable to a denial of service, caused by an error in the DNS component. By sending specially crafted data, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131808 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2017-12994 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the BGP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131887 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-13051 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the RSVP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 132006 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-13050 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the RPKI-Router component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 132008 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-13049 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the Rx component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 132007 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-13048 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the RSVP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 132005 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-13047 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISO ES-IS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131910 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-13046 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the BGP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131889 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-13045 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the VQP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 132004 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-13044 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the HNCP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 132003 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-13043 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the BGP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131890 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-13042 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the HNCP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 132002 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-13041 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ICMPv6 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131985 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-13040 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the MPTCP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 132001 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-13039 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISAKMP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131866 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-13036 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the OSPFv3 component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131998 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-13053 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the BGP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131888 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-13052 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the CFM component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 132009 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-13035 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the ISO IS-IS component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131899 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-13034 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the PGM component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131914 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-13038 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the PPP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 132000 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-13037 DESCRIPTION: tcpdump could allow a remote attacker to obtain sensitive information, caused by a buffer overread memory in the IP component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131999 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-3735 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error while parsing an IPAdressFamily extension in an X.509 certificate. An attacker could exploit this vulnerability to trigger an out-of-bounds read, resulting in an incorrect text display of the certificate. CVSS Base Score: 4.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131047 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N) CVEID: CVE-2017-16808 DESCRIPTION: Tcpdump is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the aoe_print in print-aoe.c and lookup_emem in addrtoname.c. By sending a specially-crafted data, a remote attacker could overflow a buffer and cause the application to crash. CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 134999 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Affected Products and Versions IBM Tealeaf Customer Experience v9.0.2, v9.0.1, v8.8.x and v8.7.x Remediation/Fixes +-------------+-----------+-------------------------------------------------------------+ | Product | VRMF | Remediation/First Fix | +-------------+-----------+-------------------------------------------------------------+ | IBM Tealeaf | 9.0.2A |http://www.ibm.com/support/fixcentral/swg/quickorderparent= | | Customer | |Enterprise%20Marketing%20Management&product=ibm/ | | Experience | |Other+software/Tealeaf+Customer+Experience&release=All& | | | |platform=All&function=fixId&fixids= | | | |9.0.2A_IBMTealeaf_PCA-3732-28_FixPack&includeRequisites=1& | | | |includeSupersedes=0&downloadMethod=http&source=fc | +-------------+-----------+-------------------------------------------------------------+ | IBM Tealeaf | 9.0.2 |http://www.ibm.com/support/fixcentral/swg/quickorderparent= | | Customer | |Enterprise%20Marketing%20Management&product=ibm/ | | Experience | |Other+software/Tealeaf+Customer+Experience&release=All& | | | |platform=All&function=fixId&fixids= | | | |9.0.2_IBMTealeaf_PCA-3682-28_FixPack&includeRequisites=1& | | | |includeSupersedes=0&downloadMethod=http&source=fc | +-------------+-----------+-------------------------------------------------------------+ Customers using versions 9.0.1, 8.8.x and 8.7.x should upgrade to v9.0.2 and apply the fix. Workarounds and Mitigations None References Complete CVSS v3 Guide On-line Calculator v3 Related information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Change History 18 June 2018 - Original Version *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWyhqP2aOgq3Tt24GAQjCCw//Y29uerQ+vaau82aupOuEwkf6cJGqs3nG r546jS/xQpcobBfo+wbOj37ByvS4uVJbnBnIzylnPTLQNnahf7dGrt/aI+p4fDG3 pTXjuJGjIQVtJgbIaPfhTrT410N61yACaT1EZ3H51nJSczoySEQj8sJwbnqyohV+ Qbm9DrsD8rfhlneiiyY9ZAhSyC5lOrtzUh41UavPTn+aiA44Yb2m+cQnkMGrqSo7 M60L2JXmuN2br0TqDrZTEAnLcts1DfOKLyKQPsQavFSsvE7n9FaRsrj7TdpZ/mTX HsMEI7O8cLxQJ9cmGTbenAPhttorxt5K9K8/daR4Rw06L9Zz8naqGpYI/7oPRwbK 9Iiakk80rGla+BQCOyALewAZ/qH0X3ETOGR9CoWWyQxP7B/jNLW7qKph3h2P4jtZ 1uKwNFk5ATBgbtxgLdqKLVzpppttHYITvC42jHMBeZd9MX8EfFI9fnvwM/fYyWQx IMr06wokHg8WQgEoFA0+zQ0UGIa0eE2NNros5v7QWKFJ/wISP3BLfgDIkjDKvK2P AGaf1MTMp8Ys/OMEStCN+WnkPvqs8TlckfOXCF5vMdY8FhBe9PhYyFkB3Hm91kmv PVSo1pHWwCnAMAsFy8QLvoW6vbbDmTep/6NaDTeKBPDrMWmYTqVF+Fvw009Ia3h1 WMm9qHj5Jro= =eayo -----END PGP SIGNATURE-----