Bug 1760505 (CVE-2018-10105)
Summary: | CVE-2018-10105 tcpdump: SMB data printing mishandled | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Pedro Sampaio <psampaio> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | luhliari, mlichvar, mruprich, msehnout, msekleta, thozza |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | tcpdump 4.9.3 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2020-11-04 02:22:15 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1760626, 1801563, 1801564, 1957140 | ||
Bug Blocks: | 1760628 |
Description
Pedro Sampaio
2019-10-10 17:15:04 UTC
Created tcpdump tracking bugs for this issue: Affects: fedora-all [bug 1760626] It seems there is no real fix for this issue and no details about it. The SMB printer has been disabled in tcpdump 4.9.3 (as it can be seen at https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES#L17 and https://github.com/the-tcpdump-group/tcpdump/commit/eb585ee78413978df836dd6dda42914b53981d75). The score for this flaw is very high as there are no details about it and upstream was not able to provide more information on its nature. We could not determine the real impact of this security issue. This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-10105 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4760 https://access.redhat.com/errata/RHSA-2020:4760 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:2191 https://access.redhat.com/errata/RHSA-2021:2191 |