CVE-2016-7935
Find out more about CVE-2016-7935 from the MITRE CVE dictionary dictionary and NIST NVD.
Statement
Red Hat Product Security has rated these issues as having Moderate security impact. These issues may be fixed in a future minor release of Red Hat Enterprise Linux 7. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
CVSS v3 metrics
| CVSS3 Base Score | 6.5 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | None |
| User Interaction | Required |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity Impact | None |
| Availability Impact | High |
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Enterprise Linux 7 (tcpdump) | RHSA-2017:1871 | 2017-08-01 |
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 6 | tcpdump | Will not fix |
| Red Hat Enterprise Linux 5 | tcpdump | Will not fix |
Acknowledgements
Red Hat would like to thank the Tcpdump project for reporting this issue.Mitigation
When invoked with the "-w" option, to write raw packets to a pcap file (for forensic purposes or offline examination), tcpdump does not use the protocol decoding subsystem and is not affected by these flaws. Red Hat Product Security recommends that any unattended uses of tcpdump use this option to ensure uninterrupted packet capture.
