Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 5 Jul 2016 16:32:05 +0200
From: Christoph Biedl <debian.axhn@...chmal.in-ulm.de>
To: oss-security@...ts.openwall.com
Subject: CVE-2016-6160: Segmentation fault in tcprewrite (tcpreplay)

Hello,

as already reported in Debian BTS#829350, the tcprewrite program, part
of the tcpreplay suite, does not check the size of the frames it
processes. Huge frames may trigger a segmentation fault, and they
occur on interfaces with an MTU of or close to 65536. For example, the
loopback interface lo of the Linux kernel has such a value.

This has been assigned CVE-2016-6160.

The Debian BTS also contains a fix.

    Christoph

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=829350

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ