Bug 24581 - tcpreplay new security issues CVE-2019-8376, CVE-2019-8377, and CVE-2019-8381
Summary: tcpreplay new security issues CVE-2019-8376, CVE-2019-8377, and CVE-2019-8381
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA6-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2019-03-28 21:09 CET by David Walser
Modified: 2019-05-12 11:37 CEST (History)
5 users (show)

See Also:
Source RPM: tcpreplay-4.3.1-1.mga6.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2019-03-28 21:09:56 CET
Fedora has issued an advisory on March 23:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4V3SADKXUSHWTVAPU3WLXBDEQUHRA6ZO/

The issues are fixed upstream in 4.3.2.
David Walser 2019-03-28 21:23:59 CET

Status comment: (none) => Fixed upstream in 4.3.2

Comment 1 David GEIGER 2019-03-28 21:52:13 CET
fixed for mga6!

CC: (none) => geiger.david68210

Comment 2 David Walser 2019-03-28 22:13:43 CET
Advisory:
========================

Updated tcpreplay package fixes security vulnerabilities:

An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred
in the function get_layer4_v6() located at get.c. This can be triggered by
sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker
to cause a Denial of Service (Segmentation fault) or possibly have unspecified
other impact (CVE-2019-8376).

An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred
in the function get_ipv6_l4proto() located at get.c. This can be triggered by
sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker
to cause a Denial of Service (Segmentation fault) or possibly have unspecified
other impact (CVE-2019-8377).

An issue was discovered in Tcpreplay 4.3.1. An invalid memory access occurs in
do_checksum in checksum.c. It can be triggered by sending a crafted pcap file
to the tcpreplay-edit binary. It allows an attacker to cause a Denial of
Service (Segmentation fault) or possibly have unspecified other impact
(CVE-2019-8381).

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8376
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8377
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8381
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4V3SADKXUSHWTVAPU3WLXBDEQUHRA6ZO/
========================

Updated packages in core/updates_testing:
========================
tcpreplay-4.3.2-1.mga6

from tcpreplay-4.3.2-1.mga6.src.rpm

Assignee: bugsquad => qa-bugs
Status comment: Fixed upstream in 4.3.2 => (none)

Comment 3 Brian Rockwell 2019-04-15 00:18:24 CEST
The following 2 packages are going to be installed:

- meta-task-6-3.3.mga6.noarch
- tcpreplay-4.3.2-1.mga6.x86_64

1.3MB of additional disk space will be used.

343KB of packages will be retrieved.


I had installed tcpdump.  I ran this test against an unencrypted internal ftp server I had laying around.

# tcpdump -w dmp1.pcap

I did an FTP login and get a file (which is unimportant).

Then I did an tcpreplay with 

# tcpreplay -v --intf1=enp0s3 dmp1.pcap

It will then run through the pcap file processing the transactions (do this only to internal servers you are controlling, else you may be considered a hacker).

I didn't test the weakness, but the utility is working as designed.  I'm approving it.

CC: (none) => brtians1
Whiteboard: (none) => MGA6-64-OK

Comment 4 Thomas Andrews 2019-04-28 04:14:10 CEST
Going with it. Validating. Advisory in Comment 2.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

Thomas Backlund 2019-05-12 08:59:40 CEST

CC: (none) => tmb
Keywords: (none) => advisory

Comment 5 Mageia Robot 2019-05-12 11:37:00 CEST
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2019-0158.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.