Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-Id: <20151030002822.EA52E6C0116@smtpvmsrv1.mitre.org>
Date: Thu, 29 Oct 2015 20:28:22 -0400 (EDT)
From: cve-assign@...re.org
To: fw@...eb.enyo.de
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request: lldpd crash in lldp_decode due large management address

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> https://github.com/vincentbernat/lldpd/commit/dd4f16e7e816f2165fba76e3d162cd8d2978dcb2
> 
> lldp: fix a buffer overflow when handling management address TLV
> 
> When a remote device was advertising a too large management address
> while still respecting TLV boundaries, lldpd would crash due to a buffer
> overflow. However, the buffer being a static one, this buffer overflow
> is not exploitable if hardening was not disabled. This bug exists since
> version 0.5.6.

>> https://github.com/vincentbernat/lldpd/blob/master/configure.ac

>> [AS_HELP_STRING([--enable-hardening],
>>   [Enable compiler and linker options to frustrate memory corruption exploits @<:@default=yes@:>@])],

Based on the
https://github.com/vincentbernat/lldpd/commit/8738a36d30e2e94257c5b1ae9cd3e7c3d314808e
commit, there are apparently some platforms, such as the OpenWrt Linux
distribution, on which hardening must be disabled. Thus, this is a
relevant exploitable problem in the general case.

Use CVE-2015-8011.


> https://github.com/vincentbernat/lldpd/commit/793526f8884455f43daecd0a2c46772388417a00
> 
> protocols: don't use assert on paths that can be reached
> 
> Malformed packets should not make lldpd crash. Ensure we can handle them
> by not using assert() in this part.

Use CVE-2015-8012.

(Apparently there are various types of malformed packets that can
cause different problems. However, the code changes themselves are all
for CWE-617.)

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWMriDAAoJEL54rhJi8gl5QwcQAMzf82elhg+4B1gE2Yg0APUa
6wTU/GsftPClKuy9zVGNGbajoZgDcrkyqADc45aH4Dpb9G+YK/X6s/B9dgf9KqBj
3X+5lreJbNKXJlOfZRU9t9J0HH+qRSYa3uVnU19gmLcSG8Z1rJU2JVHVYGha7ujF
Vh6UozSj/U+hgmfMs9ArXCrjWFEz15kiWr3XmAcVH6ARwtkKNbIadGiz5R5w/dqb
HF1V7gZHSMz+QHVj/LsMLeuX6Ba6eGFtSAXgrIWKuqZbstTRde2spTUwmB5Njayn
RUUkIWxQd4oRqNL4ckAj1hIq28GjEreoO3gn2p8CU8On6kc/geHEc2xXt3PBsaZU
k4R+qY/uq4gFiLjNUdrw9oiCEC5LqFgc2PM1EqzwXlPgvBTvAf6end1DIzf8DLVM
7WAChlIPTXJL1+mRz6N5xEGdlEEDiCKDpvgCtUNc1b88IHB6Rr51eJgjypxhDAsp
D8gWfyCwuPps2gSLmipz0LXfb/2DwuzAjcJoZ5rAiWRnmz53asI+2DZMUM2Q6/jF
kdsgw0lHv5TIO+5MMl/s82s/gmiLbYZ7muvxqzlgCynpTR3UJNs9NDLp6ifLYLAw
27HxxKBq+vGKbCmtK5pDwE2qth9fSR8k5n/ofBcmuPG2mbKMQMPrDvb87Usq5XOR
P0vNhiVvQ3oNBE9Ny7UM
=dhHo
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.