Date: Tue, 5 Jul 2016 16:32:05 +0200 From: Christoph Biedl <debian.axhn@...chmal.in-ulm.de> To: oss-security@...ts.openwall.com Subject: CVE-2016-6160: Segmentation fault in tcprewrite (tcpreplay) Hello, as already reported in Debian BTS#829350, the tcprewrite program, part of the tcpreplay suite, does not check the size of the frames it processes. Huge frames may trigger a segmentation fault, and they occur on interfaces with an MTU of or close to 65536. For example, the loopback interface lo of the Linux kernel has such a value. This has been assigned CVE-2016-6160. The Debian BTS also contains a fix. Christoph  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=829350 [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ