CVE-2018-10103

Vulnerability

CVE-2018-10103 is a vulnerability in tcpdump versions prior to 4.9.3, where the SMB data printing functionality is mishandled. The flaw occurs in the packet dissection code when processing malformed or specially crafted SMB packets. Affected versions include all tcpdump releases before 4.9.3, as confirmed by upstream changelogs and downstream advisories [1][2][3][4].

Exploitation

An unauthenticated remote attacker can exploit this vulnerability by sending a crafted SMB packet to a target running a vulnerable version of tcpdump. No special privileges or user interaction beyond normal network monitoring is required; the vulnerability triggers during the packet capture and printing phase. The attacker must be able to inject packets onto the network segment monitored by tcpdump [2][3].

Impact

Successful exploitation could cause tcpdump to crash, resulting in a denial of service (DoS). In more severe cases, arbitrary code execution may be possible, allowing the attacker to gain control of the affected system. The impact aligns with typical memory corruption issues in packet dissectors, potentially compromising the confidentiality, integrity, and availability of the host [2][3].

Mitigation

The vulnerability is fixed in tcpdump version 4.9.3, released in late 2019. Users should upgrade to tcpdump 4.9.3 or later. Apple addressed this in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra [1]. Ubuntu has released updated packages in USN-4252-1 and USN-4252-2 for affected releases, including Ubuntu 12.04 ESM, 14.04 ESM, and 18.04 LTS [2][3]. No workarounds are documented; upgrading is the recommended action.