Date: Sat, 27 Dec 2003 13:07:30 -0700 From: Brett Glass <brett@lariat.org> To: security@freebsd.org Subject: Heads up: Does this affect FreeBSD's tcpdump? Message-ID: <6.0.0.22.2.20031227130657.03825808@localhost>
next in thread | raw e-mail | index | archive | help
Subject: user/3610: repetable tcpdump remote crash Resent-Date: Sat, 20 Dec 2003 08:55:02 -0700 (MST) Resent-From: gnats@cvs.openbsd.org (GNATS Filer) Resent-To: bugs@cvs.openbsd.org Date: Sat, 20 Dec 2003 16:42:25 +0100 (CET) From: venglin@freebsd.lublin.pl Reply-To: venglin@freebsd.lublin.pl To: gnats@openbsd.org >Number: 3610 >Category: user >Synopsis: repetable tcpdump remote crash >Confidential: yes >Severity: critical >Priority: high >Responsible: bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: net >Arrival-Date: Sat Dec 20 15:50:02 GMT 2003 >Closed-Date: >Last-Modified: >Originator: Przemyslaw Frasunek >Release: 3.3-RELEASE >Organization: net >Environment: System : OpenBSD 3.3 Architecture: OpenBSD.i386 Machine : i386 >Description: Sending a packet containg 0xff,0x02 bytes to port 1701/udp causes a L2TP protocol parser in tcpdump to enter an infinite loop, eating all available memory and then segfaulting. This bug also affects tcpdump in -CURRENT. >How-To-Repeat: tcpdump -i lo0 -n udp and dst port 1701 & perl -e 'print "\xff\x02"' | nc -u localhost 1701 >Fix: Unknown, recent versions of tcpdump are immune to this problem. >Release-Note: >Audit-Trail: >Unformatted: `
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6.0.0.22.2.20031227130657.03825808>