Date: Thu, 29 Oct 2015 20:28:22 -0400 (EDT) From: cve-assign@...re.org To: fw@...eb.enyo.de Cc: cve-assign@...re.org, oss-security@...ts.openwall.com Subject: Re: CVE request: lldpd crash in lldp_decode due large management address -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > https://github.com/vincentbernat/lldpd/commit/dd4f16e7e816f2165fba76e3d162cd8d2978dcb2 > > lldp: fix a buffer overflow when handling management address TLV > > When a remote device was advertising a too large management address > while still respecting TLV boundaries, lldpd would crash due to a buffer > overflow. However, the buffer being a static one, this buffer overflow > is not exploitable if hardening was not disabled. This bug exists since > version 0.5.6. >> https://github.com/vincentbernat/lldpd/blob/master/configure.ac >> [AS_HELP_STRING([--enable-hardening], >> [Enable compiler and linker options to frustrate memory corruption exploits @<:@default=yes@:>@])], Based on the https://github.com/vincentbernat/lldpd/commit/8738a36d30e2e94257c5b1ae9cd3e7c3d314808e commit, there are apparently some platforms, such as the OpenWrt Linux distribution, on which hardening must be disabled. Thus, this is a relevant exploitable problem in the general case. Use CVE-2015-8011. > https://github.com/vincentbernat/lldpd/commit/793526f8884455f43daecd0a2c46772388417a00 > > protocols: don't use assert on paths that can be reached > > Malformed packets should not make lldpd crash. Ensure we can handle them > by not using assert() in this part. Use CVE-2015-8012. (Apparently there are various types of malformed packets that can cause different problems. However, the code changes themselves are all for CWE-617.) - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWMriDAAoJEL54rhJi8gl5QwcQAMzf82elhg+4B1gE2Yg0APUa 6wTU/GsftPClKuy9zVGNGbajoZgDcrkyqADc45aH4Dpb9G+YK/X6s/B9dgf9KqBj 3X+5lreJbNKXJlOfZRU9t9J0HH+qRSYa3uVnU19gmLcSG8Z1rJU2JVHVYGha7ujF Vh6UozSj/U+hgmfMs9ArXCrjWFEz15kiWr3XmAcVH6ARwtkKNbIadGiz5R5w/dqb HF1V7gZHSMz+QHVj/LsMLeuX6Ba6eGFtSAXgrIWKuqZbstTRde2spTUwmB5Njayn RUUkIWxQd4oRqNL4ckAj1hIq28GjEreoO3gn2p8CU8On6kc/geHEc2xXt3PBsaZU k4R+qY/uq4gFiLjNUdrw9oiCEC5LqFgc2PM1EqzwXlPgvBTvAf6end1DIzf8DLVM 7WAChlIPTXJL1+mRz6N5xEGdlEEDiCKDpvgCtUNc1b88IHB6Rr51eJgjypxhDAsp D8gWfyCwuPps2gSLmipz0LXfb/2DwuzAjcJoZ5rAiWRnmz53asI+2DZMUM2Q6/jF kdsgw0lHv5TIO+5MMl/s82s/gmiLbYZ7muvxqzlgCynpTR3UJNs9NDLp6ifLYLAw 27HxxKBq+vGKbCmtK5pDwE2qth9fSR8k5n/ofBcmuPG2mbKMQMPrDvb87Usq5XOR P0vNhiVvQ3oNBE9Ny7UM =dhHo -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.