Package: tcpdump
Version: 4.6.2
tags: Security
#sudo tcpdump -i lo -s 0 -n -v
This cause segfault on tcpdump.
This bug reports as CVE-2014-8768.
Propose patch is in attached file.
The credit belong to
Steffen Bauch
Twitter: @steffenbauch
http://steffenbauch.de
Original report in bugtraq:
http://seclists.org/bugtraq/2014/Nov/89
--
=====================================================================
Nguyen The Cong (Mr)
Software Engineer
Toshiba Software Development (Vietnam) Co.,Ltd
519 Kim Ma street, Ba Dinh District, Hanoi, Vietnam
tel: +84-4-2220 8801 (Ext. 208)
e-mail: cong.nguyen...@toshiba-tsdv.com
=====================================================================
Note: This e-mail message may contain personal information or confidential
information. If you are not the addressee of this message, please delete this
message and kindly notify the sender as soon as possible - do not copy, use, or
disclose this message.
--- tcpdump-tcpdump_4.5/print-geonet.c 2014-02-17 05:58:41.000000000 +0700
+++ print-geonet.c 2014-11-21 10:06:58.590217933 +0700
@@ -237,6 +237,12 @@
printf("Malformed (small) ");
}
+ /* Checking length before print */
+ u_int caplength;
+ caplength = (ndo->ndo_snapend >= bp) ? ndo->ndo_snapend - bp : 0;
+ if (length > caplength)
+ length = caplength;
+
/* Print user data part */
if (ndo->ndo_vflag)
default_print(bp, length);
