Date: Thu, 29 Oct 2015 20:28:22 -0400 (EDT) From: cve-assign@...re.org To: fw@...eb.enyo.de Cc: cve-assign@...re.org, oss-security@...ts.openwall.com Subject: Re: CVE request: lldpd crash in lldp_decode due large management address -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > https://github.com/vincentbernat/lldpd/commit/dd4f16e7e816f2165fba76e3d162cd8d2978dcb2 > > lldp: fix a buffer overflow when handling management address TLV > > When a remote device was advertising a too large management address > while still respecting TLV boundaries, lldpd would crash due to a buffer > overflow. However, the buffer being a static one, this buffer overflow > is not exploitable if hardening was not disabled. This bug exists since > version 0.5.6. >> https://github.com/vincentbernat/lldpd/blob/master/configure.ac >> [AS_HELP_STRING([--enable-hardening], >> [Enable compiler and linker options to frustrate memory corruption exploits @<:@default=yes@:>@])], Based on the https://github.com/vincentbernat/lldpd/commit/8738a36d30e2e94257c5b1ae9cd3e7c3d314808e commit, there are apparently some platforms, such as the OpenWrt Linux distribution, on which hardening must be disabled. Thus, this is a relevant exploitable problem in the general case. Use CVE-2015-8011. > https://github.com/vincentbernat/lldpd/commit/793526f8884455f43daecd0a2c46772388417a00 > > protocols: don't use assert on paths that can be reached > > Malformed packets should not make lldpd crash. Ensure we can handle them > by not using assert() in this part. Use CVE-2015-8012. (Apparently there are various types of malformed packets that can cause different problems. However, the code changes themselves are all for CWE-617.) - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWMriDAAoJEL54rhJi8gl5QwcQAMzf82elhg+4B1gE2Yg0APUa 6wTU/GsftPClKuy9zVGNGbajoZgDcrkyqADc45aH4Dpb9G+YK/X6s/B9dgf9KqBj 3X+5lreJbNKXJlOfZRU9t9J0HH+qRSYa3uVnU19gmLcSG8Z1rJU2JVHVYGha7ujF Vh6UozSj/U+hgmfMs9ArXCrjWFEz15kiWr3XmAcVH6ARwtkKNbIadGiz5R5w/dqb HF1V7gZHSMz+QHVj/LsMLeuX6Ba6eGFtSAXgrIWKuqZbstTRde2spTUwmB5Njayn RUUkIWxQd4oRqNL4ckAj1hIq28GjEreoO3gn2p8CU8On6kc/geHEc2xXt3PBsaZU k4R+qY/uq4gFiLjNUdrw9oiCEC5LqFgc2PM1EqzwXlPgvBTvAf6end1DIzf8DLVM 7WAChlIPTXJL1+mRz6N5xEGdlEEDiCKDpvgCtUNc1b88IHB6Rr51eJgjypxhDAsp D8gWfyCwuPps2gSLmipz0LXfb/2DwuzAjcJoZ5rAiWRnmz53asI+2DZMUM2Q6/jF kdsgw0lHv5TIO+5MMl/s82s/gmiLbYZ7muvxqzlgCynpTR3UJNs9NDLp6ifLYLAw 27HxxKBq+vGKbCmtK5pDwE2qth9fSR8k5n/ofBcmuPG2mbKMQMPrDvb87Usq5XOR P0vNhiVvQ3oNBE9Ny7UM =dhHo -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ