CVE-2015-2153

Publication date 24 March 2015

Last updated 24 July 2024

Ubuntu priority

The rpki_rtr_pdu_print function in print-rpki-rtr.c in the TCP printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via a crafted header length in an RPKI-RTR Protocol Data Unit (PDU).

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
tcpdump	15.04 vivid	Not affected
	14.10 utopic	Fixed 4.6.2-1ubuntu1.2
	14.04 LTS trusty	Fixed 4.5.1-2ubuntu1.2
	12.04 LTS precise	Fixed 4.2.1-1ubuntu2.2
	10.04 LTS lucid	Ignored end of life

Notes

tyhicks

The github link in the Patches section contains what looks to be a fix for a regression

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
tcpdump	Upstream: 364b001 Upstream: fb6e537 Upstream: 3152237 Upstream: http://www.ca.tcpdump.org/cve/0001-in-some-cases-we-expect-tcpdump-to-fail-with-an-erro.patch Upstream: http://www.ca.tcpdump.org/cve/0002-test-case-files-for-CVE-2015-2153-2154-2155.patch Upstream: http://www.ca.tcpdump.org/cve/0003-test-case-for-cve2015-0261-corrupted-IPv6-mobility-h.patch

References

Related Ubuntu Security Notices (USN)