Home / vulnerabilities tcpdump Denial Of Service / Code Execution
Posted on 10 March 2015
Source : packetstormsecurity.org Link
Hi, please find tcpdump 4.7.2 source code at:
http://www.ca.tcpdump.org/beta/tcpdump-4.7.2.tar.gz
http://www.ca.tcpdump.org/beta/tcpdump-4.7.2.tar.gz.sig
(there is also a matching libpcap)
To validate the source code with the "make check" you need to have
libpcap-4.7.2 or the geneve test cases will not function.
The signature files are made by mcr@sandelman.ca, and will get replaced
with tcpdump ones once I get physical access to the key later today.
This fixes CVE-2014-9140 --- issue with PPP printer (previously notified)
CVE-2015-0261 --- issues with IPv6 mobility printer.
CVE-2015-2153 --- issue with tcp printer.
CVE-2015-2154 --- issue with ethernet printer.
CVE-2015-2155 --- issue with force printer.
There are also other issues which related to Capsicum that were
already public, as well as DECNET fixes that came in.
Our tcpdump 4.7.0 process failed (flailed?) over CVE-2014-9140,
and was never properly released. 4.7.1 was internally marked, but not
released.
A patch for tcpdump 4.3 is at:
http://www.ca.tcpdump.org/cve/
0001-in-some-cases-we-expect-tcpdump-to-fail-with-an-erro.patch
0002-test-case-files-for-CVE-2015-2153-2154-2155.patch
0003-test-case-for-cve2015-0261-corrupted-IPv6-mobility-h.patch
If you require patches for other versions, please let us know.
Patch 0001 is needed only so that "make check" will function.
(tcpdump 4.3 may not detect libssl properly since ssl churn, so the ESP/IKE
test cases will fail since libssl was not detected)
Please ACK this email, and let me know when I can let this source code out.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | network architect [
] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails [