Re: [tcpdump-workers] [the-tcpdump-group/libpcap] CVE-2018-16301 information (#855)
Beuc wrote: > I'm part of the Debian Long Term Support team, and I'd like to assess > if our packaged versions of libpcap are affected by CVE-2018-16301. Yes. > 81c4e00e says it relates to "errors in pcapng reading", but I cannot > identify the related commit. > In addition, https://www.tcpdump.org/public-cve-list.txt doesn't list > it as fixed, and marks it as affecting tcpdump rather than libpcap. !A 2018-08-01 Include Security F1: [libpcap] Remote Packet Capture Daemon (RPCAPD) Integer Overflow Leads to Heap Buffer Overflow rpcapd/daemon.c:daemon_unpackapplyfilter(), fixed in 1.9 branch, not master, CVE-2019-15161 CVE-2018-16301 is, I think, a duplicate of CVE-2019-15161 (libpcap). It is fixed in 7f8d184f60bf3a228e3d17407dcc7c4a8689eb47. It is in rpcapd, which I think that Debian does not ship, and was not present in libpcap 1.8.x -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works| network architect [ ] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[ ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Re: [tcpdump-workers] [the-tcpdump-group/libpcap] CVE-2018-16301 information (#855)
carnil wrote: > Information on CVE-2018-16301 seem to indicate that it first was > thought to be an issue in tcpdump, but then it's clearly stated that it > is fixed in libpcap. > The CVE description submitted to MITRE is as well inline with that: (okay, but don't use that as authoritative, since I am the one that wrote that) >> libpcap before 1.9.1, as used in tcpdump before 4.9.3, has a buffer >> overflow and/or over-read because of errors in pcapng reading. > We have marked it now as such in Debian's records, but if > CVE-2018-16301 is a duplicate of CVE-2019-15161 then preferably > upstream would need to ask MITRE to reject CVE-2018-16301. MITRE has a very poor record and very high latency for responding. I'm happy to get our records cleared up; I will be adding a "duplicates" column to my CSV file. I'm just still in a bit of PTSD from having worked on this stuff for too long :-( -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works| network architect [ ] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[ ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
