CVE-2015-0261

Publication date 24 March 2015

Last updated 24 July 2024

Ubuntu priority

Description

Integer signedness error in the mobility_opt_print function in the IPv6 mobility printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) or possibly execute arbitrary code via a negative length value.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
tcpdump	15.04 vivid	Not affected
	14.10 utopic	Fixed 4.6.2-1ubuntu1.2
	14.04 LTS trusty	Fixed 4.5.1-2ubuntu1.2
	12.04 LTS precise	Fixed 4.2.1-1ubuntu2.2
	10.04 LTS lucid	Ignored end of life

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
tcpdump	Upstream: 192fabf Upstream: beec87b Upstream: http://www.ca.tcpdump.org/cve/0001-in-some-cases-we-expect-tcpdump-to-fail-with-an-erro.patch Upstream: http://www.ca.tcpdump.org/cve/0002-test-case-files-for-CVE-2015-2153-2154-2155.patch Upstream: http://www.ca.tcpdump.org/cve/0003-test-case-for-cve2015-0261-corrupted-IPv6-mobility-h.patch

References

Related Ubuntu Security Notices (USN)

USN-2580-1
tcpdump vulnerabilities
27 April 2015