NetBSD Problem Report #57586

From www@netbsd.org  Wed Aug 16 12:03:20 2023
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 3F44A1A9238
	for <gnats-bugs@gnats.NetBSD.org>; Wed, 16 Aug 2023 12:03:20 +0000 (UTC)
Message-Id: <20230816120319.36DFF1A923A@mollari.NetBSD.org>
Date: Wed, 16 Aug 2023 12:03:19 +0000 (UTC)
From: thresh416@outlook.com
Reply-To: thresh416@outlook.com
To: gnats-bugs@NetBSD.org
Subject: tcpdump used in this NetBSD is vulnerable
X-Send-Pr-Version: www-1.0

>Number:         57586
>Category:       lib
>Synopsis:       tcpdump used in this NetBSD is vulnerable
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    lib-bug-people
>State:          needs-pullups
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Aug 16 12:05:00 +0000 2023
>Closed-Date:    
>Last-Modified:  Wed Mar 13 03:07:03 +0000 2024
>Originator:     ChenHao Lu
>Release:        trunk
>Organization:
Fudan University
>Environment:
>Description:
As CVE-2020-8037 described, the ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory, which is still used in this project.
This can be easily fixed by apply the patch of this CVE ( CVE-2020-8037 ).
CVE-2020-8037's description:https://nvd.nist.gov/vuln/detail/CVE-2020-8037
CVE-2020-8037's patch commit:https://github.com/the-tcpdump-group/tcpdump/commit/32027e199368dad9508965aae8cd8de5b6ab5231
>How-To-Repeat:

>Fix:

>Release-Note:

>Audit-Trail:
From: Benny Siegert <bsiegert@gmail.com>
To: gnats-bugs@netbsd.org
Cc: pkg-manager@netbsd.org, gnats-admin@netbsd.org, pkgsrc-bugs@netbsd.org
Subject: Re: pkg/57586: tcpdump used in this NetBSD is vulnerable
Date: Thu, 17 Aug 2023 14:19:07 +0200

 On Thu, Aug 17, 2023 at 7:08=E2=80=AFAM <thresh416@outlook.com> wrote:

 > As CVE-2020-8037 described, the ppp decapsulator in tcpdump 4.9.3 can be =
 convinced to allocate a large amount of memory, which is still used in this=
  project.

 Is this talking about tcpdump in base, or about the net/tcpdump
 package in pkgsrc? The latter is at 4.99.4.

 --=20
 Benny

Responsible-Changed-From-To: pkg-manager->lib-bug-people
Responsible-Changed-By: wiz@NetBSD.org
Responsible-Changed-When: Thu, 17 Aug 2023 22:19:38 +0000
Responsible-Changed-Why:
Fixed in HEAD, needs to be pulled up to 10 at least.


State-Changed-From-To: open->needs-pullups
State-Changed-By: wiz@NetBSD.org
State-Changed-When: Thu, 17 Aug 2023 22:19:38 +0000
State-Changed-Why:
Problem in the base system, not pkgsrc.


From: Lu ChenHao <thresh416@outlook.com>
To: "gnats-bugs@NetBSD.org" <gnats-bugs@NetBSD.org>
Cc: 
Subject: Re: lib/57586 
Date: Fri, 18 Aug 2023 12:51:45 +0000

 --_000_SA1PR10MB6615CF1C98EAF4889ED9F19CFF1BASA1PR10MB6615namp_
 Content-Type: text/plain; charset="gb2312"
 Content-Transfer-Encoding: base64

 RG8gSSBuZWVkIHRvIG1ha2UgYSBQUiBvbiB5b3VyIEdpdEh1YiByZXBvPyBPciB5b3UgaGF2ZSBm
 aXhlZCB0aGlzIGFscmVhZHk/DQpCeSB0aGUgd2F5LCBzaG91bGQgd2UgYXBwbHkgZm9yIGEgQ1ZF
 IGZvciB0aGlzIHNlY3VyaXR5IHByb2JsZW0/DQo=

 --_000_SA1PR10MB6615CF1C98EAF4889ED9F19CFF1BASA1PR10MB6615namp_
 Content-Type: text/html; charset="gb2312"
 Content-Transfer-Encoding: quoted-printable

 <html>
 <head>
 <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dgb2312">
 <style type=3D"text/css" style=3D"display:none;"> P {margin-top:0;margin-bo=
 ttom:0;} </style>
 </head>
 <body dir=3D"ltr">
 <div style=3D"font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, =
 Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" clas=
 s=3D"elementToProof">
 Do I need to make a PR on your GitHub repo? Or you have fixed this already?=
 </div>
 <div style=3D"font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, =
 Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" clas=
 s=3D"elementToProof">
 By the way, should we apply for a CVE for this security problem?</div>
 </body>
 </html>

 --_000_SA1PR10MB6615CF1C98EAF4889ED9F19CFF1BASA1PR10MB6615namp_--

From: Lu ChenHao <thresh416@outlook.com>
To: "gnats-bugs@netbsd.org" <gnats-bugs@netbsd.org>
Cc: 
Subject: Re: pkg/57586: tcpdump used in this NetBSD is vulnerable
Date: Fri, 18 Aug 2023 12:54:28 +0000

 --_000_SA1PR10MB66154BC4D61C67AFFEF6E8C2FF1BASA1PR10MB6615namp_
 Content-Type: text/plain; charset="gb2312"
 Content-Transfer-Encoding: base64

 RG8gSSBuZWVkIHRvIG1ha2UgYSBQUiBvbiB5b3VyIEdpdEh1YiByZXBvPyBPciB5b3UgaGF2ZSBm
 aXhlZCB0aGlzIGFscmVhZHk/DQpCeSB0aGUgd2F5LCBzaG91bGQgd2UgYXBwbHkgZm9yIGEgQ1ZF
 IGZvciB0aGlzIHNlY3VyaXR5IHByb2JsZW0/DQoNCg==

 --_000_SA1PR10MB66154BC4D61C67AFFEF6E8C2FF1BASA1PR10MB6615namp_
 Content-Type: text/html; charset="gb2312"
 Content-Transfer-Encoding: quoted-printable

 <html>
 <head>
 <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dgb2312">
 <style type=3D"text/css" style=3D"display:none;"> P {margin-top:0;margin-bo=
 ttom:0;} </style>
 </head>
 <body dir=3D"ltr">
 <span class=3D"x_elementToProof" style=3D"font-size: 12pt; font-family: Apt=
 os, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif=
 ; margin: 0px; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">=
 Do I need to make a PR on your GitHub
  repo? Or you have fixed this already?</span><br>
 <span class=3D"x_elementToProof" style=3D"font-size: 12pt; font-family: Apt=
 os, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif=
 ; margin: 0px; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">=
 By the way, should we apply for a CVE
  for this security problem?</span>
 <div style=3D"font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, =
 Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" clas=
 s=3D"elementToProof">
 <br>
 </div>
 </body>
 </html>

 --_000_SA1PR10MB66154BC4D61C67AFFEF6E8C2FF1BASA1PR10MB6615namp_--

From: Lu ChenHao <thresh416@outlook.com>
To: "gnats-bugs@NetBSD.org" <gnats-bugs@NetBSD.org>
Cc: 
Subject: Re: pkg/57586: tcpdump used in this NetBSD is vulnerable
Date: Fri, 18 Aug 2023 13:03:44 +0000

 --_000_SA1PR10MB6615D305382E668DA1D5A074FF1BASA1PR10MB6615namp_
 Content-Type: text/plain; charset="gb2312"
 Content-Transfer-Encoding: base64

 RG8gSSBuZWVkIHRvIG1ha2UgYSBQUiBvbiB5b3VyIEdpdEh1YiByZXBvPyBPciB5b3UgaGF2ZSBm
 aXhlZCB0aGlzIGFscmVhZHk/DQpCeSB0aGUgd2F5LCBzaG91bGQgd2UgYXBwbHkgZm9yIGEgQ1ZF
 IGZvciB0aGlzIHNlY3VyaXR5IHByb2JsZW0/DQo=

 --_000_SA1PR10MB6615D305382E668DA1D5A074FF1BASA1PR10MB6615namp_
 Content-Type: text/html; charset="gb2312"
 Content-Transfer-Encoding: quoted-printable

 <html>
 <head>
 <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dgb2312">
 <style type=3D"text/css" style=3D"display:none;"> P {margin-top:0;margin-bo=
 ttom:0;} </style>
 </head>
 <body dir=3D"ltr">
 <div style=3D"font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, =
 Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" clas=
 s=3D"elementToProof">
 <span class=3D"x_x_x_elementToProof x_ContentPasted0 ContentPasted0" style=
 =3D"font-size: 12pt; margin: 0px; background-color: rgb(255, 255, 255);">Do=
  I need to make a PR on your GitHub repo? Or you have fixed this already?</=
 span><br class=3D"x_ContentPasted0 ContentPasted0" style=3D"font-size: 15px=
 ; color: rgb(36, 36, 36); background-color: rgb(255, 255, 255);">
 <span class=3D"x_x_x_elementToProof x_ContentPasted0 ContentPasted0" style=
 =3D"font-size: 12pt; margin: 0px; background-color: rgb(255, 255, 255);">By=
  the way, should we apply for a CVE for this security problem?</span><br>
 </div>
 </body>
 </html>

 --_000_SA1PR10MB6615D305382E668DA1D5A074FF1BASA1PR10MB6615namp_--

From: Lu ChenHao <thresh416@outlook.com>
To: "gnats-bugs@netbsd.org" <gnats-bugs@netbsd.org>
Cc: 
Subject: Re: pkg/57586: tcpdump used in this NetBSD is vulnerable
Date: Fri, 18 Aug 2023 13:04:59 +0000

 --_000_SA1PR10MB66158A5AD86A999E78A7237EFF1BASA1PR10MB6615namp_
 Content-Type: text/plain; charset="gb2312"
 Content-Transfer-Encoding: base64

 RG8gSSBuZWVkIHRvIG1ha2UgYSBQUiBvbiB5b3VyIEdpdEh1YiByZXBvPyBPciB5b3UgaGF2ZSBm
 aXhlZCB0aGlzIGFscmVhZHk/DQpCeSB0aGUgd2F5LCBzaG91bGQgd2UgYXBwbHkgZm9yIGEgQ1ZF
 IGZvciB0aGlzIHNlY3VyaXR5IHByb2JsZW0/DQoNCg==

 --_000_SA1PR10MB66158A5AD86A999E78A7237EFF1BASA1PR10MB6615namp_
 Content-Type: text/html; charset="gb2312"
 Content-Transfer-Encoding: quoted-printable

 <html>
 <head>
 <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dgb2312">
 <style type=3D"text/css" style=3D"display:none;"> P {margin-top:0;margin-bo=
 ttom:0;} </style>
 </head>
 <body dir=3D"ltr">
 <span class=3D"x_x_x_x_elementToProof x_x_ContentPasted0 x_ContentPasted0" =
 style=3D"font-size: 12pt; font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSF=
 ontService, Calibri, Helvetica, sans-serif; margin: 0px; color: rgb(0, 0, 0=
 ); background-color: rgb(255, 255, 255);">Do
  I need to make a PR on your GitHub repo? Or you have fixed this already?</=
 span><br class=3D"x_x_ContentPasted0 x_ContentPasted0" style=3D"font-family=
 : Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-=
 serif; font-size: 15px; color: rgb(36, 36, 36); background-color: rgb(255, =
 255, 255);">
 <span class=3D"x_x_x_x_elementToProof x_x_ContentPasted0 x_ContentPasted0" =
 style=3D"font-size: 12pt; font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSF=
 ontService, Calibri, Helvetica, sans-serif; margin: 0px; color: rgb(0, 0, 0=
 ); background-color: rgb(255, 255, 255);">By
  the way, should we apply for a CVE for this security problem?</span>
 <div style=3D"font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, =
 Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" clas=
 s=3D"elementToProof">
 <br>
 </div>
 </body>
 </html>

 --_000_SA1PR10MB66158A5AD86A999E78A7237EFF1BASA1PR10MB6615namp_--

From: Lu ChenHao <thresh416@outlook.com>
To: "gnats-bugs@NetBSD.org" <gnats-bugs@NetBSD.org>
Cc: 
Subject: Subject: Re: pkg/57586: tcpdump used in this NetBSD is vulnerable
Date: Fri, 18 Aug 2023 13:02:01 +0000

 --_000_SA1PR10MB66155D7E0F22CA5844233B16FF1BASA1PR10MB6615namp_
 Content-Type: text/plain; charset="gb2312"
 Content-Transfer-Encoding: base64

 RG8gSSBuZWVkIHRvIG1ha2UgYSBQUiBvbiB5b3VyIEdpdEh1YiByZXBvPyBPciB5b3UgaGF2ZSBm
 aXhlZCB0aGlzIGFscmVhZHk/DQpCeSB0aGUgd2F5LCBzaG91bGQgd2UgYXBwbHkgZm9yIGEgQ1ZF
 IGZvciB0aGlzIHNlY3VyaXR5IHByb2JsZW0/DQo=

 --_000_SA1PR10MB66155D7E0F22CA5844233B16FF1BASA1PR10MB6615namp_
 Content-Type: text/html; charset="gb2312"
 Content-Transfer-Encoding: quoted-printable

 <html>
 <head>
 <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dgb2312">
 <style type=3D"text/css" style=3D"display:none;"> P {margin-top:0;margin-bo=
 ttom:0;} </style>
 </head>
 <body dir=3D"ltr">
 <div style=3D"font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, =
 Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" clas=
 s=3D"elementToProof">
 <span class=3D"x_x_elementToProof ContentPasted0" style=3D"font-size: 12pt;=
  margin: 0px; background-color: rgb(255, 255, 255);">Do I need to make a PR=
  on your GitHub repo? Or you have fixed this already?</span><br style=3D"fo=
 nt-family: &quot;Segoe UI&quot;, &quot;Segoe UI Web (West European)&quot;, =
 &quot;Segoe UI&quot;, -apple-system, BlinkMacSystemFont, Roboto, &quot;Helv=
 etica Neue&quot;, sans-serif; font-size: 15px; color: rgb(36, 36, 36); back=
 ground-color: rgb(255, 255, 255);" class=3D"ContentPasted0">
 <span class=3D"x_x_elementToProof ContentPasted0" style=3D"font-size: 12pt;=
  margin: 0px; background-color: rgb(255, 255, 255);">By the way, should we =
 apply for a CVE for this security problem?</span><br>
 </div>
 </body>
 </html>

 --_000_SA1PR10MB66155D7E0F22CA5844233B16FF1BASA1PR10MB6615namp_--

State-Changed-From-To: needs-pullups->pending-pullups
State-Changed-By: martin@NetBSD.org
State-Changed-When: Sat, 09 Mar 2024 15:36:21 +0000
State-Changed-Why:
[pullup-10 #623]


From: "Manuel Bouyer" <bouyer@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/57586 CVS commit: [netbsd-10] src/external/bsd/tcpdump/dist
Date: Sat, 9 Mar 2024 18:25:30 +0000

 Module Name:	src
 Committed By:	bouyer
 Date:		Sat Mar  9 18:25:30 UTC 2024

 Modified Files:
 	src/external/bsd/tcpdump/dist [netbsd-10]: print-ppp.c

 Log Message:
 Apply patch, requested by martin in ticket #623:
 	external/bsd/tcpdump/dist/print-ppp.c	patch

 Apply upstream commit 32027e199368dad9508965aae8cd8de5b6ab5231
 to fix CVE-2020-803:

    PPP: When un-escaping, don't allocate a too-large buffer.

    The buffer should be big enough to hold the captured data, but it
    doesn't need to be big enough to hold the entire on-the-network packet,
    if we haven't captured all of it.

 fixes PR 57586


 To generate a diff of this commit:
 cvs rdiff -u -r1.9 -r1.9.14.1 src/external/bsd/tcpdump/dist/print-ppp.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

State-Changed-From-To: pending-pullups->needs-pullups
State-Changed-By: riastradh@NetBSD.org
State-Changed-When: Wed, 13 Mar 2024 03:07:03 +0000
State-Changed-Why:
still need pullup-9 and pullup-8, or a determination that we're not going
to do that


>Unformatted:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.47 2022/09/11 19:34:41 kim Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2024 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.