Learn about CVE-2017-12999, a buffer over-read vulnerability in tcpdump versions prior to 4.9.2. Find out how to mitigate the issue and protect your systems.
In the print-isoclns.c file within tcpdump, a buffer over-read issue exists in the IS-IS parser, specifically in the isis_print() function. This vulnerability affects tcpdump versions prior to 4.9.2.
Understanding CVE-2017-12999
What is CVE-2017-12999?
The IS-IS parser in tcpdump before version 4.9.2 is susceptible to a buffer over-read in print-isoclns.c:isis_print().
The Impact of CVE-2017-12999
This vulnerability could allow an attacker to exploit the buffer over-read issue, potentially leading to information disclosure or denial of service.
Technical Details of CVE-2017-12999
Vulnerability Description
The buffer over-read vulnerability is present in the IS-IS parser within the isis_print() function of tcpdump versions prior to 4.9.2.
Affected Systems and Versions
Exploitation Mechanism
The vulnerability can be exploited by crafting a malicious IS-IS packet to trigger the buffer over-read in the isis_print() function.
Mitigation and Prevention
Immediate Steps to Take
Long-Term Security Practices
Patching and Updates