-
Notifications
You must be signed in to change notification settings - Fork 831
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2015-3138 over-read issues in tcpdump Whiteboard decoder #446
Comments
Could you take the input pcap file(s) and use one of the binary-to-hex convertors (xxd, uuencode or base64, also available online) and then paste the encoded version as a comment? Thank you. |
Absolutely, they are small (4kb). Doing this now. On Wed, Mar 25, 2015 at 3:05 PM, Denis Ovsienko notifications@github.com
http://volatile-minds.blogspot.com -- blog |
Following base64-encoded pcap should be run with 'tcpdump -r': 1MOyoQIABAAALBAAAAAAAGAABQABAAAAuDFgVKUIAABAAAAASgAAAAAAAAAASgAAAAAAAAgARRAAPJw3QABAEQAAAX8AAAEAAIAXZxHXAwAAAACgAoAY/jAAAO4HQAwEAkgKI5dVSgA= This pcap should be run with 'tcpdump -ntr': 1MOyoQIAAAAYLAAAAAAAAEAAAAABAAAAuDFgSKUIAAAtAAAASgAAAAAAAAAASgAAAAAAAAgARRAAPJw3QABAEQAA/4AAAAHgGgAXZxHXAwAAn5+fn5+fn5+fAAQHgCwAAgEAAAC4MWCfn5+fEgCgAoAY/jAAAAIEQAwEAkgKI5dVSgA= Let me know if you need anything else. |
Thank you. I confirm a segfault for each case (both with |
This is a follow-up to commit 3a3ec26.
Could you check the latest master branch build? |
I can later tonight, give me a couple hours. Am in CST timezone.
|
Got a short amount of time to test, I can confirm master has fixed the parsing the test cases correctly. |
This is a follow-up to commit 3a3ec26.
Thank you for the report and detailed feedback! |
- Bump PORTREVISION Obtained from: the-tcpdump-group/tcpdump#446 MFH: 2015Q2 Security: CVE-2015-3138 git-svn-id: svn+ssh://svn.freebsd.org/ports/head@384101 35697150-7ecd-e111-bb59-0022644237b5
- Bump PORTREVISION Obtained from: the-tcpdump-group/tcpdump#446 MFH: 2015Q2 Security: CVE-2015-3138
- Add a patch to fix heap overflow - Bump PORTREVISION Obtained from: the-tcpdump-group/tcpdump#446 Security: CVE-2015-3138 Approved by: portmgr (erwin)
CVE-2015-3138 over-read issues in tcpdump Whiteboard decoderOverviewtcpdump is a network protocol analyzer available on most UNIX-like operating DescriptionOne of the protocols supported in tcpdump is Whiteboard, a UDP-based protocol. During a recent unification of the source code a few such checks in the ImpactCVSSv2 score: 1.0 |
- Add a patch to fix heap overflow - Bump PORTREVISION Obtained from: the-tcpdump-group/tcpdump#446 Security: CVE-2015-3138 Approved by: portmgr (erwin)
- Bump PORTREVISION Obtained from: the-tcpdump-group/tcpdump#446 MFH: 2015Q2 Security: CVE-2015-3138
Hello,
In learning how to use american fuzzy lop, I decided to make libpcap/tcpdump my first fuzzing foray. I was able to find two possible heap overflows in print-wb.c (lines 274 and 280).
Loading tcpdump (4.7.3) in gdb and running the two testcases that consistently segfault:
gdb ../../tcpdump-4.7.3/tcpdump
And...
What would be the best way to get the testcases to you that cause the crashes?
Thanks!
The text was updated successfully, but these errors were encountered: