CVE-2019-15162

Published: 30 September 2019

rpcapd/daemon.c in libpcap before 1.9.1 on non-Windows platforms provides details about why authentication failed, which might make it easier for attackers to enumerate valid usernames.

Priority

Medium

CVSS 3 base score: 5.3

Status

Package Release Status
libpcap
Launchpad, Ubuntu, Debian
Upstream
Released (1.9.1-1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(code not built)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(code not present)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(code not present)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(code not present)
Ubuntu 12.04 ESM (Precise Pangolin) Not vulnerable
(code not present)
Patches:
Upstream: https://github.com/the-tcpdump-group/libpcap/commit/484d60cbf7ca4ec758c3cbb8a82d68b244a78d58

Notes

AuthorNote
sbeattie issue is in the libpcap daemon, introduced in 1.9.0 and is not included in debian/ubuntu packaging

References