oss-sec mailing list archives
Re: CVE request: lldpd crash in lldp_decode due large management address
From: cve-assign () mitre org
Date: Thu, 29 Oct 2015 20:28:22 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
https://github.com/vincentbernat/lldpd/commit/dd4f16e7e816f2165fba76e3d162cd8d2978dcb2 lldp: fix a buffer overflow when handling management address TLV When a remote device was advertising a too large management address while still respecting TLV boundaries, lldpd would crash due to a buffer overflow. However, the buffer being a static one, this buffer overflow is not exploitable if hardening was not disabled. This bug exists since version 0.5.6.
https://github.com/vincentbernat/lldpd/blob/master/configure.ac
[AS_HELP_STRING([--enable-hardening], [Enable compiler and linker options to frustrate memory corruption exploits @<:@default=yes@:>@])],
Based on the https://github.com/vincentbernat/lldpd/commit/8738a36d30e2e94257c5b1ae9cd3e7c3d314808e commit, there are apparently some platforms, such as the OpenWrt Linux distribution, on which hardening must be disabled. Thus, this is a relevant exploitable problem in the general case. Use CVE-2015-8011.
https://github.com/vincentbernat/lldpd/commit/793526f8884455f43daecd0a2c46772388417a00 protocols: don't use assert on paths that can be reached Malformed packets should not make lldpd crash. Ensure we can handle them by not using assert() in this part.
Use CVE-2015-8012. (Apparently there are various types of malformed packets that can cause different problems. However, the code changes themselves are all for CWE-617.) - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWMriDAAoJEL54rhJi8gl5QwcQAMzf82elhg+4B1gE2Yg0APUa 6wTU/GsftPClKuy9zVGNGbajoZgDcrkyqADc45aH4Dpb9G+YK/X6s/B9dgf9KqBj 3X+5lreJbNKXJlOfZRU9t9J0HH+qRSYa3uVnU19gmLcSG8Z1rJU2JVHVYGha7ujF Vh6UozSj/U+hgmfMs9ArXCrjWFEz15kiWr3XmAcVH6ARwtkKNbIadGiz5R5w/dqb HF1V7gZHSMz+QHVj/LsMLeuX6Ba6eGFtSAXgrIWKuqZbstTRde2spTUwmB5Njayn RUUkIWxQd4oRqNL4ckAj1hIq28GjEreoO3gn2p8CU8On6kc/geHEc2xXt3PBsaZU k4R+qY/uq4gFiLjNUdrw9oiCEC5LqFgc2PM1EqzwXlPgvBTvAf6end1DIzf8DLVM 7WAChlIPTXJL1+mRz6N5xEGdlEEDiCKDpvgCtUNc1b88IHB6Rr51eJgjypxhDAsp D8gWfyCwuPps2gSLmipz0LXfb/2DwuzAjcJoZ5rAiWRnmz53asI+2DZMUM2Q6/jF kdsgw0lHv5TIO+5MMl/s82s/gmiLbYZ7muvxqzlgCynpTR3UJNs9NDLp6ifLYLAw 27HxxKBq+vGKbCmtK5pDwE2qth9fSR8k5n/ofBcmuPG2mbKMQMPrDvb87Usq5XOR P0vNhiVvQ3oNBE9Ny7UM =dhHo -----END PGP SIGNATURE-----
Current thread:
- CVE request: lldpd crash in lldp_decode due large management address Florian Weimer (Oct 15)
- Re: CVE request: lldpd crash in lldp_decode due large management address Florian Weimer (Oct 18)
- Re: CVE request: lldpd crash in lldp_decode due large management address cve-assign (Oct 29)