NetBSD Problem Report #57586
From www@netbsd.org Wed Aug 16 12:03:20 2023
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id 3F44A1A9238
for <gnats-bugs@gnats.NetBSD.org>; Wed, 16 Aug 2023 12:03:20 +0000 (UTC)
Message-Id: <20230816120319.36DFF1A923A@mollari.NetBSD.org>
Date: Wed, 16 Aug 2023 12:03:19 +0000 (UTC)
From: thresh416@outlook.com
Reply-To: thresh416@outlook.com
To: gnats-bugs@NetBSD.org
Subject: tcpdump used in this NetBSD is vulnerable
X-Send-Pr-Version: www-1.0
>Number: 57586
>Category: lib
>Synopsis: tcpdump used in this NetBSD is vulnerable
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: lib-bug-people
>State: needs-pullups
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed Aug 16 12:05:00 +0000 2023
>Closed-Date:
>Last-Modified: Wed Mar 13 03:07:03 +0000 2024
>Originator: ChenHao Lu
>Release: trunk
>Organization:
Fudan University
>Environment:
>Description:
As CVE-2020-8037 described, the ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory, which is still used in this project.
This can be easily fixed by apply the patch of this CVE ( CVE-2020-8037 ).
CVE-2020-8037's description:https://nvd.nist.gov/vuln/detail/CVE-2020-8037
CVE-2020-8037's patch commit:https://github.com/the-tcpdump-group/tcpdump/commit/32027e199368dad9508965aae8cd8de5b6ab5231
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
From: Benny Siegert <bsiegert@gmail.com>
To: gnats-bugs@netbsd.org
Cc: pkg-manager@netbsd.org, gnats-admin@netbsd.org, pkgsrc-bugs@netbsd.org
Subject: Re: pkg/57586: tcpdump used in this NetBSD is vulnerable
Date: Thu, 17 Aug 2023 14:19:07 +0200
On Thu, Aug 17, 2023 at 7:08=E2=80=AFAM <thresh416@outlook.com> wrote:
> As CVE-2020-8037 described, the ppp decapsulator in tcpdump 4.9.3 can be =
convinced to allocate a large amount of memory, which is still used in this=
project.
Is this talking about tcpdump in base, or about the net/tcpdump
package in pkgsrc? The latter is at 4.99.4.
--=20
Benny
Responsible-Changed-From-To: pkg-manager->lib-bug-people
Responsible-Changed-By: wiz@NetBSD.org
Responsible-Changed-When: Thu, 17 Aug 2023 22:19:38 +0000
Responsible-Changed-Why:
Fixed in HEAD, needs to be pulled up to 10 at least.
State-Changed-From-To: open->needs-pullups
State-Changed-By: wiz@NetBSD.org
State-Changed-When: Thu, 17 Aug 2023 22:19:38 +0000
State-Changed-Why:
Problem in the base system, not pkgsrc.
From: Lu ChenHao <thresh416@outlook.com>
To: "gnats-bugs@NetBSD.org" <gnats-bugs@NetBSD.org>
Cc:
Subject: Re: lib/57586
Date: Fri, 18 Aug 2023 12:51:45 +0000
--_000_SA1PR10MB6615CF1C98EAF4889ED9F19CFF1BASA1PR10MB6615namp_
Content-Type: text/plain; charset="gb2312"
Content-Transfer-Encoding: base64
RG8gSSBuZWVkIHRvIG1ha2UgYSBQUiBvbiB5b3VyIEdpdEh1YiByZXBvPyBPciB5b3UgaGF2ZSBm
aXhlZCB0aGlzIGFscmVhZHk/DQpCeSB0aGUgd2F5LCBzaG91bGQgd2UgYXBwbHkgZm9yIGEgQ1ZF
IGZvciB0aGlzIHNlY3VyaXR5IHByb2JsZW0/DQo=
--_000_SA1PR10MB6615CF1C98EAF4889ED9F19CFF1BASA1PR10MB6615namp_
Content-Type: text/html; charset="gb2312"
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dgb2312">
<style type=3D"text/css" style=3D"display:none;"> P {margin-top:0;margin-bo=
ttom:0;} </style>
</head>
<body dir=3D"ltr">
<div style=3D"font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, =
Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" clas=
s=3D"elementToProof">
Do I need to make a PR on your GitHub repo? Or you have fixed this already?=
</div>
<div style=3D"font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, =
Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" clas=
s=3D"elementToProof">
By the way, should we apply for a CVE for this security problem?</div>
</body>
</html>
--_000_SA1PR10MB6615CF1C98EAF4889ED9F19CFF1BASA1PR10MB6615namp_--
From: Lu ChenHao <thresh416@outlook.com>
To: "gnats-bugs@netbsd.org" <gnats-bugs@netbsd.org>
Cc:
Subject: Re: pkg/57586: tcpdump used in this NetBSD is vulnerable
Date: Fri, 18 Aug 2023 12:54:28 +0000
--_000_SA1PR10MB66154BC4D61C67AFFEF6E8C2FF1BASA1PR10MB6615namp_
Content-Type: text/plain; charset="gb2312"
Content-Transfer-Encoding: base64
RG8gSSBuZWVkIHRvIG1ha2UgYSBQUiBvbiB5b3VyIEdpdEh1YiByZXBvPyBPciB5b3UgaGF2ZSBm
aXhlZCB0aGlzIGFscmVhZHk/DQpCeSB0aGUgd2F5LCBzaG91bGQgd2UgYXBwbHkgZm9yIGEgQ1ZF
IGZvciB0aGlzIHNlY3VyaXR5IHByb2JsZW0/DQoNCg==
--_000_SA1PR10MB66154BC4D61C67AFFEF6E8C2FF1BASA1PR10MB6615namp_
Content-Type: text/html; charset="gb2312"
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dgb2312">
<style type=3D"text/css" style=3D"display:none;"> P {margin-top:0;margin-bo=
ttom:0;} </style>
</head>
<body dir=3D"ltr">
<span class=3D"x_elementToProof" style=3D"font-size: 12pt; font-family: Apt=
os, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif=
; margin: 0px; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">=
Do I need to make a PR on your GitHub
repo? Or you have fixed this already?</span><br>
<span class=3D"x_elementToProof" style=3D"font-size: 12pt; font-family: Apt=
os, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif=
; margin: 0px; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">=
By the way, should we apply for a CVE
for this security problem?</span>
<div style=3D"font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, =
Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" clas=
s=3D"elementToProof">
<br>
</div>
</body>
</html>
--_000_SA1PR10MB66154BC4D61C67AFFEF6E8C2FF1BASA1PR10MB6615namp_--
From: Lu ChenHao <thresh416@outlook.com>
To: "gnats-bugs@NetBSD.org" <gnats-bugs@NetBSD.org>
Cc:
Subject: Re: pkg/57586: tcpdump used in this NetBSD is vulnerable
Date: Fri, 18 Aug 2023 13:03:44 +0000
--_000_SA1PR10MB6615D305382E668DA1D5A074FF1BASA1PR10MB6615namp_
Content-Type: text/plain; charset="gb2312"
Content-Transfer-Encoding: base64
RG8gSSBuZWVkIHRvIG1ha2UgYSBQUiBvbiB5b3VyIEdpdEh1YiByZXBvPyBPciB5b3UgaGF2ZSBm
aXhlZCB0aGlzIGFscmVhZHk/DQpCeSB0aGUgd2F5LCBzaG91bGQgd2UgYXBwbHkgZm9yIGEgQ1ZF
IGZvciB0aGlzIHNlY3VyaXR5IHByb2JsZW0/DQo=
--_000_SA1PR10MB6615D305382E668DA1D5A074FF1BASA1PR10MB6615namp_
Content-Type: text/html; charset="gb2312"
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dgb2312">
<style type=3D"text/css" style=3D"display:none;"> P {margin-top:0;margin-bo=
ttom:0;} </style>
</head>
<body dir=3D"ltr">
<div style=3D"font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, =
Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" clas=
s=3D"elementToProof">
<span class=3D"x_x_x_elementToProof x_ContentPasted0 ContentPasted0" style=
=3D"font-size: 12pt; margin: 0px; background-color: rgb(255, 255, 255);">Do=
I need to make a PR on your GitHub repo? Or you have fixed this already?</=
span><br class=3D"x_ContentPasted0 ContentPasted0" style=3D"font-size: 15px=
; color: rgb(36, 36, 36); background-color: rgb(255, 255, 255);">
<span class=3D"x_x_x_elementToProof x_ContentPasted0 ContentPasted0" style=
=3D"font-size: 12pt; margin: 0px; background-color: rgb(255, 255, 255);">By=
the way, should we apply for a CVE for this security problem?</span><br>
</div>
</body>
</html>
--_000_SA1PR10MB6615D305382E668DA1D5A074FF1BASA1PR10MB6615namp_--
From: Lu ChenHao <thresh416@outlook.com>
To: "gnats-bugs@netbsd.org" <gnats-bugs@netbsd.org>
Cc:
Subject: Re: pkg/57586: tcpdump used in this NetBSD is vulnerable
Date: Fri, 18 Aug 2023 13:04:59 +0000
--_000_SA1PR10MB66158A5AD86A999E78A7237EFF1BASA1PR10MB6615namp_
Content-Type: text/plain; charset="gb2312"
Content-Transfer-Encoding: base64
RG8gSSBuZWVkIHRvIG1ha2UgYSBQUiBvbiB5b3VyIEdpdEh1YiByZXBvPyBPciB5b3UgaGF2ZSBm
aXhlZCB0aGlzIGFscmVhZHk/DQpCeSB0aGUgd2F5LCBzaG91bGQgd2UgYXBwbHkgZm9yIGEgQ1ZF
IGZvciB0aGlzIHNlY3VyaXR5IHByb2JsZW0/DQoNCg==
--_000_SA1PR10MB66158A5AD86A999E78A7237EFF1BASA1PR10MB6615namp_
Content-Type: text/html; charset="gb2312"
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dgb2312">
<style type=3D"text/css" style=3D"display:none;"> P {margin-top:0;margin-bo=
ttom:0;} </style>
</head>
<body dir=3D"ltr">
<span class=3D"x_x_x_x_elementToProof x_x_ContentPasted0 x_ContentPasted0" =
style=3D"font-size: 12pt; font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSF=
ontService, Calibri, Helvetica, sans-serif; margin: 0px; color: rgb(0, 0, 0=
); background-color: rgb(255, 255, 255);">Do
I need to make a PR on your GitHub repo? Or you have fixed this already?</=
span><br class=3D"x_x_ContentPasted0 x_ContentPasted0" style=3D"font-family=
: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-=
serif; font-size: 15px; color: rgb(36, 36, 36); background-color: rgb(255, =
255, 255);">
<span class=3D"x_x_x_x_elementToProof x_x_ContentPasted0 x_ContentPasted0" =
style=3D"font-size: 12pt; font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSF=
ontService, Calibri, Helvetica, sans-serif; margin: 0px; color: rgb(0, 0, 0=
); background-color: rgb(255, 255, 255);">By
the way, should we apply for a CVE for this security problem?</span>
<div style=3D"font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, =
Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" clas=
s=3D"elementToProof">
<br>
</div>
</body>
</html>
--_000_SA1PR10MB66158A5AD86A999E78A7237EFF1BASA1PR10MB6615namp_--
From: Lu ChenHao <thresh416@outlook.com>
To: "gnats-bugs@NetBSD.org" <gnats-bugs@NetBSD.org>
Cc:
Subject: Subject: Re: pkg/57586: tcpdump used in this NetBSD is vulnerable
Date: Fri, 18 Aug 2023 13:02:01 +0000
--_000_SA1PR10MB66155D7E0F22CA5844233B16FF1BASA1PR10MB6615namp_
Content-Type: text/plain; charset="gb2312"
Content-Transfer-Encoding: base64
RG8gSSBuZWVkIHRvIG1ha2UgYSBQUiBvbiB5b3VyIEdpdEh1YiByZXBvPyBPciB5b3UgaGF2ZSBm
aXhlZCB0aGlzIGFscmVhZHk/DQpCeSB0aGUgd2F5LCBzaG91bGQgd2UgYXBwbHkgZm9yIGEgQ1ZF
IGZvciB0aGlzIHNlY3VyaXR5IHByb2JsZW0/DQo=
--_000_SA1PR10MB66155D7E0F22CA5844233B16FF1BASA1PR10MB6615namp_
Content-Type: text/html; charset="gb2312"
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dgb2312">
<style type=3D"text/css" style=3D"display:none;"> P {margin-top:0;margin-bo=
ttom:0;} </style>
</head>
<body dir=3D"ltr">
<div style=3D"font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, =
Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" clas=
s=3D"elementToProof">
<span class=3D"x_x_elementToProof ContentPasted0" style=3D"font-size: 12pt;=
margin: 0px; background-color: rgb(255, 255, 255);">Do I need to make a PR=
on your GitHub repo? Or you have fixed this already?</span><br style=3D"fo=
nt-family: "Segoe UI", "Segoe UI Web (West European)", =
"Segoe UI", -apple-system, BlinkMacSystemFont, Roboto, "Helv=
etica Neue", sans-serif; font-size: 15px; color: rgb(36, 36, 36); back=
ground-color: rgb(255, 255, 255);" class=3D"ContentPasted0">
<span class=3D"x_x_elementToProof ContentPasted0" style=3D"font-size: 12pt;=
margin: 0px; background-color: rgb(255, 255, 255);">By the way, should we =
apply for a CVE for this security problem?</span><br>
</div>
</body>
</html>
--_000_SA1PR10MB66155D7E0F22CA5844233B16FF1BASA1PR10MB6615namp_--
State-Changed-From-To: needs-pullups->pending-pullups
State-Changed-By: martin@NetBSD.org
State-Changed-When: Sat, 09 Mar 2024 15:36:21 +0000
State-Changed-Why:
[pullup-10 #623]
From: "Manuel Bouyer" <bouyer@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/57586 CVS commit: [netbsd-10] src/external/bsd/tcpdump/dist
Date: Sat, 9 Mar 2024 18:25:30 +0000
Module Name: src
Committed By: bouyer
Date: Sat Mar 9 18:25:30 UTC 2024
Modified Files:
src/external/bsd/tcpdump/dist [netbsd-10]: print-ppp.c
Log Message:
Apply patch, requested by martin in ticket #623:
external/bsd/tcpdump/dist/print-ppp.c patch
Apply upstream commit 32027e199368dad9508965aae8cd8de5b6ab5231
to fix CVE-2020-803:
PPP: When un-escaping, don't allocate a too-large buffer.
The buffer should be big enough to hold the captured data, but it
doesn't need to be big enough to hold the entire on-the-network packet,
if we haven't captured all of it.
fixes PR 57586
To generate a diff of this commit:
cvs rdiff -u -r1.9 -r1.9.14.1 src/external/bsd/tcpdump/dist/print-ppp.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: pending-pullups->needs-pullups
State-Changed-By: riastradh@NetBSD.org
State-Changed-When: Wed, 13 Mar 2024 03:07:03 +0000
State-Changed-Why:
still need pullup-9 and pullup-8, or a determination that we're not going
to do that
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.47 2022/09/11 19:34:41 kim Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2024
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.