Candidate: CVE-2019-15162
CRD: 2019-09-30
PublicDate: 2019-10-03 19:15:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15162
 https://www.tcpdump.org/libpcap-changes.txt
 http://www.tcpdump.org/public-cve-list.txt
Description:
 rpcapd/daemon.c in libpcap before 1.9.1 on non-Windows platforms provides
 details about why authentication failed, which might make it easier for
 attackers to enumerate valid usernames.
Ubuntu-Description: 
Notes: 
 sbeattie> issue is in the libpcap daemon, introduced
   in 1.9.0 and is not included in debian/ubuntu packaging

Mitigation: 
Bugs: 
Priority: medium
Discovered-by:
Assigned-to: 
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N [5.3 MEDIUM]


Patches_libpcap:
 upstream: https://github.com/the-tcpdump-group/libpcap/commit/484d60cbf7ca4ec758c3cbb8a82d68b244a78d58
upstream_libpcap: released (1.9.1-1)
precise/esm_libpcap: not-affected (code not present)
trusty_libpcap: ignored (out of standard support)
trusty/esm_libpcap: not-affected (code not present)
xenial_libpcap: not-affected (code not present)
esm-infra/xenial_libpcap: not-affected (code not present)
bionic_libpcap: not-affected (code not present)
disco_libpcap: not-affected (code not present)
eoan_libpcap: not-affected (code not built)
devel_libpcap: not-affected (code not built)