Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2014-8768 CVE-2014-8767 CVE-2014-8769

Source

Debian Bug report logs - #770415
tcpdump: CVE-2014-8768: denial of service in verbose mode using malformed Geonet payload

Package: tcpdump; Maintainer for tcpdump is Romain Francoise <rfrancoise@debian.org>; Source for tcpdump is src:tcpdump (PTS, buildd, popcon).

Reported by: Nguyen Cong <cong.nguyenthe@toshiba-tsdv.com>

Date: Fri, 21 Nov 2014 03:45:01 UTC

Severity: serious

Tags: security, upstream

Found in version tcpdump/4.6.2-1

Fixed in version tcpdump/4.6.2-2

Done: Romain Francoise <rfrancoise@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Romain Francoise <rfrancoise@debian.org>:
Bug#770415; Package tcpdump. (Fri, 21 Nov 2014 03:45:06 GMT) (full text, mbox, link).

Acknowledgement sent to Nguyen Cong <cong.nguyenthe@toshiba-tsdv.com>:
New Bug report received and forwarded. Copy sent to Romain Francoise <rfrancoise@debian.org>. (Fri, 21 Nov 2014 03:45:06 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

[Message part 1 (text/plain, inline)]

Package: tcpdump
Version: 4.6.2
tags: Security

#sudo tcpdump -i lo -s 0 -n -v
This cause segfault on tcpdump.

This bug reports as CVE-2014-8768.
Propose patch is in attached file.

The credit belong to
Steffen Bauch
Twitter: @steffenbauch
http://steffenbauch.de

Original report in bugtraq:
http://seclists.org/bugtraq/2014/Nov/89

-- 
=====================================================================
Nguyen The Cong (Mr)
Software Engineer
Toshiba Software Development (Vietnam) Co.,Ltd
519 Kim Ma street, Ba Dinh District, Hanoi, Vietnam
tel:    +84-4-2220 8801 (Ext. 208)
e-mail: cong.nguyenthe@toshiba-tsdv.com
=====================================================================

Note: This e-mail message may contain personal information or confidential information. If you are not the addressee of this message, please delete this message and kindly notify the sender as soon as possible - do not copy, use, or disclose this message.

[Fix_uncheck_length.patch (text/x-patch, attachment)]

Changed Bug title to 'tcpdump: CVE-2014-8768: denial of service in verbose mode using malformed Geonet payload' from 'tcpdump denial of service in verbose mode using malformed Geonet payload' Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Fri, 21 Nov 2014 07:45:18 GMT) (full text, mbox, link).

Added tag(s) upstream. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Fri, 21 Nov 2014 07:45:19 GMT) (full text, mbox, link).

Marked as found in versions tcpdump/4.6.2-1. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Fri, 21 Nov 2014 07:45:20 GMT) (full text, mbox, link).

Severity set to 'serious' from 'normal' Request was from Romain Francoise <rfrancoise@debian.org> to control@bugs.debian.org. (Fri, 21 Nov 2014 08:30:08 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#770415; Package tcpdump. (Fri, 21 Nov 2014 09:15:05 GMT) (full text, mbox, link).

Acknowledgement sent to Romain Francoise <rfrancoise@debian.org>:
Extra info received and forwarded to list. (Fri, 21 Nov 2014 09:15:05 GMT) (full text, mbox, link).

Message #18 received at 770415@bugs.debian.org (full text, mbox, reply):

Thanks. Upstream doesn't seem to have released official patches yet, or
if they have they haven't kept me in the loop. I've asked for
clarification on the mailing list.

-- 
Romain Francoise <rfrancoise@debian.org>
http://people.debian.org/~rfrancoise/

No longer marked as found in versions 4.6.2. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Fri, 21 Nov 2014 09:21:17 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Romain Francoise <rfrancoise@debian.org>:
Bug#770415; Package tcpdump. (Fri, 21 Nov 2014 09:36:16 GMT) (full text, mbox, link).

Acknowledgement sent to Nguyen Cong <cong.nguyenthe@toshiba-tsdv.com>:
Extra info received and forwarded to list. Copy sent to Romain Francoise <rfrancoise@debian.org>. (Fri, 21 Nov 2014 09:36:16 GMT) (full text, mbox, link).

Message #25 received at 770415@bugs.debian.org (full text, mbox, reply):

Thanks for your information.
I already try on master branch of tcpdump on github, it seems that they 
haven't
fixed it yet. Still see segfault message on dmesg.
On 21/11/2014 16:10, Romain Francoise wrote:
> Thanks. Upstream doesn't seem to have released official patches yet, or
> if they have they haven't kept me in the loop. I've asked for
> clarification on the mailing list.
>

-- 
CongNT

Reply sent to Romain Francoise <rfrancoise@debian.org>:
You have taken responsibility. (Sat, 22 Nov 2014 11:09:36 GMT) (full text, mbox, link).

Notification sent to Nguyen Cong <cong.nguyenthe@toshiba-tsdv.com>:
Bug acknowledged by developer. (Sat, 22 Nov 2014 11:09:36 GMT) (full text, mbox, link).

Message #30 received at 770415-close@bugs.debian.org (full text, mbox, reply):

Source: tcpdump
Source-Version: 4.6.2-2

We believe that the bug you reported is fixed in the latest version of
tcpdump, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 770415@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Romain Francoise <rfrancoise@debian.org> (supplier of updated tcpdump package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 22 Nov 2014 11:48:08 +0100
Source: tcpdump
Binary: tcpdump
Architecture: amd64 source
Version: 4.6.2-2
Distribution: unstable
Urgency: high
Maintainer: Romain Francoise <rfrancoise@debian.org>
Changed-By: Romain Francoise <rfrancoise@debian.org>
Closes: 770415 770424 770434
Description: 
 tcpdump    - command-line network traffic analyzer
Changes:
 tcpdump (4.6.2-2) unstable; urgency=high
 .
   * Urgency high due to security fixes.
   * Add three patches extracted from various upstream commits fixing
     vulnerabilities in three dissectors:
     + CVE-2014-8767: missing bounds checks in OLSR dissector (closes: #770434).
     + CVE-2014-8768: missing bounds checks in Geonet dissector
       (closes: #770415).
     + CVE-2014-8769: missing bounds checks in AOVD dissector (closes: #770424).
Checksums-Sha1: 
 57c8f0416165d208c8ae198dc98356d91afd09a9 1915 tcpdump_4.6.2-2.dsc
 7eaa17f35087f264ae326d76b31755f9742cb2b1 16688 tcpdump_4.6.2-2.debian.tar.xz
 7a1d0ae5a24ac88460613be7eacfd09780c8a9c4 376982 tcpdump_4.6.2-2_amd64.deb
Checksums-Sha256: 
 8487b9f862d770d803dcd0c6822c2202312f943492755b4841135a26256f4fc4 1915 tcpdump_4.6.2-2.dsc
 0ae5ff1b8513b9218a01d38de2d4009f0f25c1437ba2d94eb4a6c8314466d6d2 16688 tcpdump_4.6.2-2.debian.tar.xz
 ce138f564b1d427cdbec57ab626f967da7ba92e9d9411911fdfce0c311aa1c23 376982 tcpdump_4.6.2-2_amd64.deb
Files: 
 b71ede0c26d7fa4bf8feca523e51efba 1915 net optional tcpdump_4.6.2-2.dsc
 4a0c1dd046d8e6d930c4407b6440bcac 16688 net optional tcpdump_4.6.2-2.debian.tar.xz
 3d9c3b86c1f252c7fa0c1de43f221077 376982 net optional tcpdump_4.6.2-2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJUcGwXAAoJEK0V9DXwX5Yt3WsP/1sjl9ezNdLHIhfTdKmfUJP6
xbG69dF5kIF5NgADtbVVcSQ21xMImTyuLPMCp0/mzPgU4G8V0qJIS4D4KmD9oZ/v
vJ0fC4ol5MBY3S6/uUXTJ/xTnFi1qZ/t07Efr1GVFymSHyDxiepSiYY+5fIsYl41
hnhqheKuSQQzU5mlaXDvaVCt8Bek/L1G4B1LbWAwIapkSBcop5e+CSiZ+kp3iVwG
CEyZR5QQLz8WkIzltjqak0fFYtMFim1bg+7/w5KkWCX4pax6GUsOboj364Y1wExz
ffgvAoTu9RQO8DF33ubyuK2Y3VatyxhLNelLQzLXOFyle2Wu5EfCexWEqkMJWFsu
WU9GMA+A3uYpdqZJzu3QJVIp5kG/jSuGWMnY5PLkh45VHZdH89m9d4cEbsd/w2jg
qlYGQj3rQeZcjdfDDRHCNTgAQKDIhn9CYzGphAfgNIbNh45T6WjF6oBGd/H5pBJ3
7GUVMX9nHeURRjnA3R9BICVkthWf25K2Hgq2H3TeOqqwlNdt+X7+SXd7ezzNbpdN
PiI9/WNNNOBqoIh56RKk0i8+tsbdO+QoL/dRPcpCfXvRTY5MPTDq6cJnqReftnXE
obbt0wFYVugIMFwvccVqcQ2OTW6tGqai5RD0bXrn9e9vynFBxgRJNaMjg17Z3Y+C
ETQcMhfhjAjUi4iq9U8B
=Rbni
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 23 Dec 2014 07:27:25 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 18:42:56 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

tcpdump: CVE-2014-8768: denial of service in verbose mode using malformed Geonet payload

Debian Bug report logs - #770415
tcpdump: CVE-2014-8768: denial of service in verbose mode using malformed Geonet payload

Vulmon Search

About

Products

Connect

tcpdump: CVE-2014-8768: denial of service in verbose mode using malformed Geonet payload

Debian Bug report logs - #770415 tcpdump: CVE-2014-8768: denial of service in verbose mode using malformed Geonet payload

Vulmon Search

About

Products

Connect

Debian Bug report logs - #770415
tcpdump: CVE-2014-8768: denial of service in verbose mode using malformed Geonet payload