openpkg
/
openpkg-packages
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9692 Commits
1 Branch
2 Tags
594 MiB
 
 
 
 
 
 
Tree: 0c29b962d2
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '0c29b962d2'
${ noResults }
openpkg-packages/tcpdump/tcpdump.patch

91 lines
2.8 KiB
Raw Blame History

tcpdump patch patrix; thl@dev.de.cw.com
tcpdump 371 371 372 381
OpenPKG 120 121 130 20020822
--- --- --- ---
CAN-2002-0380 nfs y n n n see past OpenPKG-SA-2003.014-tcpdump
CAN-2002-1350 bgp y n n n see past OpenPKG-SA-2003.014-tcpdump
CAN-2003-0108 isakmp y n n n see past OpenPKG-SA-2003.014-tcpdump
depth y y y n (*)
CAN-2003-0989 isakmp y y y n updates CAN-2003-0108-isakmp
CAN-2003-1029 l2tp y y n n
CAN-2004-0055 radius y y y y
CAN-2004-0057 isakmp y y y y
(*) the vendor code fix for CAN-2003-0108 had two other unrelated code
changes piggybacked. We removed the cosmetics (constify) and
extracted an enhancement (depth).
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0055 (radius)
The print_attr_string function in print-radius.c for tcpdump 3.8.1
and earlier allows remote attackers to cause a denial of service
(segmentation fault) via a RADIUS attribute with a large length
value.
Index: print-radius.c
===================================================================
RCS file: /tcpdump/master/tcpdump/print-radius.c,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -d -u -d -r1.23 -r1.24
--- print-radius.c.CAN-2004-0055 15 Dec 2003 13:52:15 -0000 1.23
+++ print-radius.c 7 Jan 2004 08:00:52 -0000 1.24
@@ -476,7 +476,7 @@
break;
}
- for (i=0; i < length ; i++, data++)
+ for (i=0; *data && i < length ; i++, data++)
printf("%c",(*data < 32 || *data > 128) ? '.' : *data );
return;
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0057 (isakmp)
The rawprint function in the ISAKMP decoding routines
(print-isakmp.c) for tcpdump 3.8.1 and earlier allows remote
attackers to cause a denial of service (segmentation fault) via
malformed ISAKMP packets that cause invalid "len" or "loc" values to
be used in a loop, a different vulnerability than CAN-2003-0989.
Index: print-isakmp.c
===================================================================
RCS file: /tcpdump/master/tcpdump/print-isakmp.c,v
retrieving revision 1.41
retrieving revision 1.42
diff -u -d -u -d -r1.41 -r1.42
--- print-isakmp.c.CAN-2004-0057 20 Dec 2003 10:03:19 -0000 1.41
+++ print-isakmp.c 7 Jan 2004 08:00:51 -0000 1.42
@@ -327,9 +327,13 @@
static u_char *p;
size_t i;
+ TCHECK2(*loc, len);
+
p = (u_char *)loc;
for (i = 0; i < len; i++)
printf("%02x", p[i] & 0xff);
+trunc:
+ return;
}
struct attrmap {
@@ -1111,6 +1115,8 @@
cp = (const u_char *)ext;
while (np) {
+ TCHECK2(*ext, sizeof(e));
+
safememcpy(&e, ext, sizeof(e));
if (ep < (u_char *)ext + ntohs(e.len)) {
@@ -1136,6 +1142,8 @@
ext = (struct isakmp_gen *)cp;
}
return cp;
+trunc:
+ return NULL;
}
static char *