Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 5 Jul 2016 16:32:05 +0200
From: Christoph Biedl <debian.axhn@...chmal.in-ulm.de>
To: oss-security@...ts.openwall.com
Subject: CVE-2016-6160: Segmentation fault in tcprewrite (tcpreplay)

Hello,

as already reported in Debian BTS#829350, the tcprewrite program, part
of the tcpreplay suite, does not check the size of the frames it
processes. Huge frames may trigger a segmentation fault, and they
occur on interfaces with an MTU of or close to 65536. For example, the
loopback interface lo of the Linux kernel has such a value.

This has been assigned CVE-2016-6160.

The Debian BTS also contains a fix.

    Christoph

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=829350

Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.