Bug 25954

Summary: scapy new security issues CVE-2019-1010142 and CVE-2019-1010262
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: critical    
Priority: Normal CC: andrewsfarm, herman.viaene, mageia, sysadmin-bugs
Version: 7Keywords: validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA7-64-OK
Source RPM: scapy-2.4.0-3.mga7.src.rpm CVE:
Status comment:

Description David Walser 2019-12-26 03:54:59 CET 
Fedora has issued an advisory on October 6:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/GICTAGUAV4OGIAPKKWXSEVIXU7DZEJ2V/

The issues are fixed upstream in 2.4.3.
David Walser 2020-01-14 17:38:48 CET

Status comment: (none) => Fixed upstream in 2.4.3

Comment 1 Nicolas Lécureuil 2020-05-29 00:02:26 CEST 
update pushed on mga7 updates_testing

src.rpm:   scapy-2.4.0-3.1.mga7

CC: (none) => mageia
Assignee: guillomovitch => qa-bugs

Comment 2 David Walser 2020-05-29 02:54:07 CEST 
Advisory:
========================

Updated scapy packages fix security vulnerabilities:

A vulnerability was found in scapy 2.4.0 and earlier is affected by: Denial of
Services. The impact is: busy loop forever. The component is:
_RADIUSAttrPacketListField class. The attack vector is: a packet sent over the
network or in a pcap (CVE-2019-1010262).

scapy 2.4.0 is affected by: Denial of Service. The impact is: infinite loop,
resource consumption and program unresponsive. The component is:
_RADIUSAttrPacketListField.getfield(self..). The attack vector is: over the
network or in a pcap. both work (CVE-2019-1010142).

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010142
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010262
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/GICTAGUAV4OGIAPKKWXSEVIXU7DZEJ2V/
========================

Updated packages in core/updates_testing:
========================
python2-scapy-2.4.0-3.1.mga7
python3-scapy-2.4.0-3.1.mga7

from scapy-2.4.0-3.1.mga7.src.rpm
David Walser 2020-05-29 02:58:17 CEST

Status comment: Fixed upstream in 2.4.3 => (none)

Comment 3 Herman Viaene 2020-05-29 16:31:06 CEST 
MGA7-64 Plasma on Lenovo B50
No installation issues.
No Wiki or previous updates, so hunting around and found https://scapy.readthedocs.io/en/latest/introduction.html#quick-demo
Tried first session at CLI.
$ scapy3
INFO: Can't import PyX. Won't be able to use psdump() or pdfdump().
WARNING: Failed to execute tcpdump. Check it is installed and in the PATH
WARNING: No route found for IPv6 destination :: (no default route?)
WARNING: IPython not available. Using standard Python shell instead.
AutoCompletion, History are disabled.
                                      
                     aSPY//YASa       
             apyyyyCY//////////YCa       |
            sY//////YSpcs  scpCY//Pp     | Welcome to Scapy
 ayp ayyyyyyySCP//Pp           syY//C    | Version git-archive.devae348f861
 AYAsAYYYYYYYY///Ps              cY//S   |
         pCCCCY//p          cSSps y//Y   | https://github.com/secdev/scapy
         SPPPP///a          pP///AC//Y   |
              A//A            cyP////C   | Have fun!
              p///Ac            sC///a   |
              P////YCpc           A//A   | Craft packets like I craft my beer.
       scccccp///pSP///p          p//Y   |               -- Jean De Clerck
      sY/////////y  caa           S//P   |
       cayCyayP//Ya              pY/Ya
        sY/PsY////YCc          aC//Yp 
         sc  sccaCY//PCypaapyCP//YSs  
                  spCPY//////YPSps    
                       ccaacs         
I felt quite helpless at that point, so
>>> help
Type help() for interactive help, or help(object) for help about object.
>>> help()

Welcome to Python 3.7's help utility!

If this is your first time using Python, you should definitely check out
the tutorial on the Internet at https://docs.python.org/3.7/tutorial/.
and a lot more ...., so
help> quit

You are now leaving help and returning to the Python interpreter.
If you want to ask for help on a particular object directly from the
interpreter, you can type "help(object)".  Executing "help('string')"
has the same effect as typing a particular string at the help> prompt.
then decided to follow the quick demo
>>> IP()
<IP  |>
>>> target="www.target.com/30"
>>> ip=IP(dst=target)
>>> ip
<IP  dst=Net('www.target.com/30') |>
>>> [p for p in ip]
[<IP  dst=151.101.122.184 |>, <IP  dst=151.101.122.185 |>, <IP  dst=151.101.122.186 |>, <IP  dst=151.101.122.187 |>]

 and there I stopped as I was not sure what I was really doing, butit looks OK.

Someone else which speaks fluently python and "IP" might have a go?

CC: (none) => herman.viaene

Comment 4 Thomas Andrews 2020-06-15 13:13:48 CEST 
Well, it installed cleanly, and didn't crash on you, Herman. That's about as far as most of us in QA could take it, I think.

I'm going to pass it on that basis. Giving it an OK, and validating. Advisory in Comment 2.

Keywords: (none) => validated_update
Whiteboard: (none) => MGA7-64-OK
CC: (none) => andrewsfarm, sysadmin-bugs

Comment 5 Mageia Robot 2020-06-16 09:46:22 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2020-0266.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED