tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Official patches for CVE-2014-8767/CVE-2014-8768/CVE-2014-8769?

From: Guy Harris <guy () alum mit edu>
Date: Mon, 24 Nov 2014 11:06:08 -0800

On Nov 24, 2014, at 1:04 AM, Romain Francoise <rfrancoise () debian org> wrote:


On Sun, Nov 23, 2014 at 11:35:21PM -0800, Guy Harris wrote:

So did I. :-)



(See branches tcpdump_4.1 through tcpdump_4.6.)


Ah, great, I need patches for Debian stable, which ships tcpdump 4.3.0.
I was about to use Michal's patches for 4.4.0 from the fc19 srpm, but if
you have "official" backports, even better.

The branch also has fixes for print-udp.c and print-ppp.c. Are these
security-sensitive?


print-udp.c just makes the UDP dissector take the length field in the UDP header into account; I don't think it fixes 
security issues, but it does handle the "arguably this should never happen" case where the length is shorter than the 
IP payload.  (So was RFC 768 written before they'd decided to put a total length field into the IP header, or something 
such as that?  The length field doesn't serve any obvious purpose I can see, unless the intent was to run UDP atop 
something other than IPv4 as defined in RFC 791.)

print-ppp.c fixes a case where the un-escaping code could overrun a buffer and crash, so I'd call that one 
security-sensitive.


Should I pick them up as well?


The print-ppp.c one, yes.  The print-udp.c one is your choice.


If so, do they have CVE identifiers?


No.  Michal (Zalewski), that's a fix to the issue you reported; should it get a CVE?
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Previous By Date Next
Previous By Thread Next

Current thread: