Vulnerability CVE-2011-1935
Published: 2017-10-20   Modified: 2017-10-22

Description:
pcap-linux.c in libpcap 1.1.1 before commit ea9432fabdf4b33cbc76d9437200e028f1c47c93 when snaplen is set may truncate packets, which might allow remote attackers to send arbitrary data while avoiding detection via crafted packets.

Type:

CWE-19

 (Data Handling)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Debain -> Libpcap 

 References:
http://article.gmane.org/gmane.network.tcpdump.devel/4968
http://thread.gmane.org/gmane.network.tcpdump.devel/5018
http://www.openwall.com/lists/oss-security/2011/05/19/11
http://www.openwall.com/lists/oss-security/2014/02/08/5
https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=623868;filename=0001-Fix-the-calculation-of-the-frame-size-in-memory-mapp.patch;msg=10
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=623868
https://security-tracker.debian.org/tracker/CVE-2011-1935/
Copyright 2024, cxsecurity.com

 

Back to Top