[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Re: CVE request: lldpd crash in lldp_decode due large management address
From:       cve-assign () mitre ! org
Date:       2015-10-30 0:28:22
Message-ID: 20151030002822.EA52E6C0116 () smtpvmsrv1 ! mitre ! org
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> https://github.com/vincentbernat/lldpd/commit/dd4f16e7e816f2165fba76e3d162cd8d2978dcb2
> 
> lldp: fix a buffer overflow when handling management address TLV
> 
> When a remote device was advertising a too large management address
> while still respecting TLV boundaries, lldpd would crash due to a buffer
> overflow. However, the buffer being a static one, this buffer overflow
> is not exploitable if hardening was not disabled. This bug exists since
> version 0.5.6.

>> https://github.com/vincentbernat/lldpd/blob/master/configure.ac

>> [AS_HELP_STRING([--enable-hardening],
>>   [Enable compiler and linker options to frustrate memory corruption exploits @<:@default=yes@:>@])],

Based on the
https://github.com/vincentbernat/lldpd/commit/8738a36d30e2e94257c5b1ae9cd3e7c3d314808e
commit, there are apparently some platforms, such as the OpenWrt Linux
distribution, on which hardening must be disabled. Thus, this is a
relevant exploitable problem in the general case.

Use CVE-2015-8011.


> https://github.com/vincentbernat/lldpd/commit/793526f8884455f43daecd0a2c46772388417a00
> 
> protocols: don't use assert on paths that can be reached
> 
> Malformed packets should not make lldpd crash. Ensure we can handle them
> by not using assert() in this part.

Use CVE-2015-8012.

(Apparently there are various types of malformed packets that can
cause different problems. However, the code changes themselves are all
for CWE-617.)

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWMriDAAoJEL54rhJi8gl5QwcQAMzf82elhg+4B1gE2Yg0APUa
6wTU/GsftPClKuy9zVGNGbajoZgDcrkyqADc45aH4Dpb9G+YK/X6s/B9dgf9KqBj
3X+5lreJbNKXJlOfZRU9t9J0HH+qRSYa3uVnU19gmLcSG8Z1rJU2JVHVYGha7ujF
Vh6UozSj/U+hgmfMs9ArXCrjWFEz15kiWr3XmAcVH6ARwtkKNbIadGiz5R5w/dqb
HF1V7gZHSMz+QHVj/LsMLeuX6Ba6eGFtSAXgrIWKuqZbstTRde2spTUwmB5Njayn
RUUkIWxQd4oRqNL4ckAj1hIq28GjEreoO3gn2p8CU8On6kc/geHEc2xXt3PBsaZU
k4R+qY/uq4gFiLjNUdrw9oiCEC5LqFgc2PM1EqzwXlPgvBTvAf6end1DIzf8DLVM
7WAChlIPTXJL1+mRz6N5xEGdlEEDiCKDpvgCtUNc1b88IHB6Rr51eJgjypxhDAsp
D8gWfyCwuPps2gSLmipz0LXfb/2DwuzAjcJoZ5rAiWRnmz53asI+2DZMUM2Q6/jF
kdsgw0lHv5TIO+5MMl/s82s/gmiLbYZ7muvxqzlgCynpTR3UJNs9NDLp6ifLYLAw
27HxxKBq+vGKbCmtK5pDwE2qth9fSR8k5n/ofBcmuPG2mbKMQMPrDvb87Usq5XOR
P0vNhiVvQ3oNBE9Ny7UM
=dhHo
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]