Bug 24581

Summary: tcpreplay new security issues CVE-2019-8376, CVE-2019-8377, and CVE-2019-8381
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: andrewsfarm, brtians1, geiger.david68210, sysadmin-bugs, tmb
Version: 6Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA6-64-OK
Source RPM: tcpreplay-4.3.1-1.mga6.src.rpm CVE:
Status comment:

Description David Walser 2019-03-28 21:09:56 CET 
Fedora has issued an advisory on March 23:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4V3SADKXUSHWTVAPU3WLXBDEQUHRA6ZO/

The issues are fixed upstream in 4.3.2.
David Walser 2019-03-28 21:23:59 CET

Status comment: (none) => Fixed upstream in 4.3.2

Comment 1 David GEIGER 2019-03-28 21:52:13 CET 
fixed for mga6!

CC: (none) => geiger.david68210

Comment 2 David Walser 2019-03-28 22:13:43 CET 
Advisory:
========================

Updated tcpreplay package fixes security vulnerabilities:

An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred
in the function get_layer4_v6() located at get.c. This can be triggered by
sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker
to cause a Denial of Service (Segmentation fault) or possibly have unspecified
other impact (CVE-2019-8376).

An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred
in the function get_ipv6_l4proto() located at get.c. This can be triggered by
sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker
to cause a Denial of Service (Segmentation fault) or possibly have unspecified
other impact (CVE-2019-8377).

An issue was discovered in Tcpreplay 4.3.1. An invalid memory access occurs in
do_checksum in checksum.c. It can be triggered by sending a crafted pcap file
to the tcpreplay-edit binary. It allows an attacker to cause a Denial of
Service (Segmentation fault) or possibly have unspecified other impact
(CVE-2019-8381).

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8376
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8377
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8381
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4V3SADKXUSHWTVAPU3WLXBDEQUHRA6ZO/
========================

Updated packages in core/updates_testing:
========================
tcpreplay-4.3.2-1.mga6

from tcpreplay-4.3.2-1.mga6.src.rpm

Status comment: Fixed upstream in 4.3.2 => (none)
Assignee: bugsquad => qa-bugs

Comment 3 Brian Rockwell 2019-04-15 00:18:24 CEST 
The following 2 packages are going to be installed:

- meta-task-6-3.3.mga6.noarch
- tcpreplay-4.3.2-1.mga6.x86_64

1.3MB of additional disk space will be used.

343KB of packages will be retrieved.


I had installed tcpdump.  I ran this test against an unencrypted internal ftp server I had laying around.

# tcpdump -w dmp1.pcap

I did an FTP login and get a file (which is unimportant).

Then I did an tcpreplay with 

# tcpreplay -v --intf1=enp0s3 dmp1.pcap

It will then run through the pcap file processing the transactions (do this only to internal servers you are controlling, else you may be considered a hacker).

I didn't test the weakness, but the utility is working as designed.  I'm approving it.

Whiteboard: (none) => MGA6-64-OK
CC: (none) => brtians1

Comment 4 Thomas Andrews 2019-04-28 04:14:10 CEST 
Going with it. Validating. Advisory in Comment 2.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Thomas Backlund 2019-05-12 08:59:40 CEST

CC: (none) => tmb
Keywords: (none) => advisory

Comment 5 Mageia Robot 2019-05-12 11:37:00 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2019-0158.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED