CVE-2018-10105
Description
tcpdump before 4.9.3 mishandles SMB data printing, potentially leading to denial of service or arbitrary code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
tcpdump before 4.9.3 mishandles SMB data printing, potentially leading to denial of service or arbitrary code execution.
Vulnerability
A vulnerability in tcpdump versions prior to 4.9.3 mishandles the printing of SMB (Server Message Block) protocol data. When tcpdump processes a specially crafted SMB packet, it can trigger an improper memory access due to a flaw in how the packet data is decoded and printed. This issue affects multiple UNIX-like systems, including those using Apple macOS and Ubuntu Linux distributions. The bug is specifically related to SMB packet handling and is the second of two related issues identified in tcpdump's SMB printing code [1][2][3][4].
Exploitation
An attacker can exploit this vulnerability by sending a crafted SMB network packet to a system where tcpdump is actively capturing traffic. No authentication is required, as the packet can be delivered over the network if the victim runs tcpdump in promiscuous mode to monitor traffic. The victim does not need to respond to the packet; simply receiving and processing it with tcpdump's packet parsing ability is sufficient to trigger the flaw. Successful exploitation may cause tcpdump to crash or potentially allow arbitrary code execution [2][3].
Impact
If exploited, this vulnerability could lead to a denial of service by causing tcpdump to crash, disrupting network monitoring activities. In more severe cases, a remote attacker might be able to execute arbitrary code with the privileges of the tcpdump process, which is typically run as root or with elevated privileges. This could result in full compromise of the affected system [2][3].
Mitigation
The vulnerability is fixed in tcpdump version 4.9.3 and later. The official fix was released upstream and is included in the tcpdump 4.9.3 changelog [4]. For Ubuntu systems, updates are available in version 4.9.3-0ubuntu0.18.04.1 for Ubuntu 18.04 LTS and corresponding versions for other releases [3]. Apple addressed this issue in macOS Catalina 10.15.2 and subsequent updates, though their advisory does not explicitly list this CVE [1]. Users should update to the latest version of tcpdump or apply the appropriate security patches from their operating system vendor. No workaround is available; updating is the recommended action.
- About the security content of macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra - Apple Support
- USN-4252-2: tcpdump vulnerabilities | Ubuntu security notices | Ubuntu
- USN-4252-1: tcpdump vulnerabilities | Ubuntu security notices | Ubuntu
- tcpdump/CHANGES at tcpdump-4.9 · the-tcpdump-group/tcpdump
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
10- tcpdump/tcpdumpdescription
- osv-coords9 versionspkg:rpm/opensuse/tcpdump&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/tcpdump&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/tcpdump&distro=openSUSE%20Tumbleweedpkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/tcpdump&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5
< 4.9.2-lp150.10.1+ 8 more
- (no CPE)range: < 4.9.2-lp150.10.1
- (no CPE)range: < 4.9.2-lp151.4.6.1
- (no CPE)range: < 4.99.1-1.2
- (no CPE)range: < 4.9.2-3.9.1
- (no CPE)range: < 4.9.2-3.9.1
- (no CPE)range: < 3.9.8-1.30.13.1
- (no CPE)range: < 3.9.8-1.30.13.1
- (no CPE)range: < 4.9.2-14.17.1
- (no CPE)range: < 4.9.2-14.17.1
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
16- lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/mitrevendor-advisoryx_refsource_FEDORA
- usn.ubuntu.com/4252-1/mitrevendor-advisoryx_refsource_UBUNTU
- usn.ubuntu.com/4252-2/mitrevendor-advisoryx_refsource_UBUNTU
- www.debian.org/security/2019/dsa-4547mitrevendor-advisoryx_refsource_DEBIAN
- seclists.org/fulldisclosure/2019/Dec/26mitremailing-listx_refsource_FULLDISC
- github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGESmitrex_refsource_CONFIRM
- lists.debian.org/debian-lts-announce/2019/10/msg00015.htmlmitremailing-listx_refsource_MLIST
- seclists.org/bugtraq/2019/Dec/23mitremailing-listx_refsource_BUGTRAQ
- seclists.org/bugtraq/2019/Oct/28mitremailing-listx_refsource_BUGTRAQ
- security.netapp.com/advisory/ntap-20200120-0001/mitrex_refsource_CONFIRM
- support.apple.com/kb/HT210788mitrex_refsource_CONFIRM
- support.f5.com/csp/article/K44551633mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.