31926 – tcpreplay new security issues CVE-2023-2778[3-9]

Bug 31926 - tcpreplay new security issues CVE-2023-2778[3-9]

Summary: tcpreplay new security issues CVE-2023-2778[3-9]

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	8
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA8-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2023-05-15 16:58 CEST by David Walser
Modified:	2023-05-31 08:42 CEST (History)
CC List:	5 users (show)

See Also:
Source RPM:	tcpreplay-4.4.2-1.mga8.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2023-05-15 16:58:03 CEST

Fedora has issued an advisory today (May 15):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UE3J4LKYFNKPKNSLDQK4JG36THQMQH3V/

Mageia 8 is also affected.

David Walser 2023-05-15 16:58:16 CEST

Status comment: (none) => Patches available from Fedora
Whiteboard: (none) => MGA8TOO

Comment 1 Lewis Smith 2023-05-15 21:33:13 CEST

Alas, this is a patch rather than new version fix.

No one packager in view for tcpreplay, so assigning this globally.

Assignee: bugsquad => pkg-bugs

Comment 2 Nicolas Salguero 2023-05-16 13:47:08 CEST

Suggested advisory:
========================

The updated package fixes security vulnerabilities:

An issue found in TCPreplay tcprewrite v.4.4.3 allows a remote attacker to cause a denial of service via the tcpedit_dlt_cleanup function at plugins/dlt_plugins.c. (CVE-2023-27783)

An issue found in TCPReplay v.4.4.3 allows a remote attacker to cause a denial of service via the read_hexstring function at the utils.c:309 endpoint. (CVE-2023-27784)

An issue found in TCPreplay TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parse endpoints function. (CVE-2023-27785)

An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the macinstring function. (CVE-2023-27786)

An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parse_list function at the list.c:81 endpoint. (CVE-2023-27787)

An issue found in TCPrewrite v.4.4.3 allows a remote attacker to cause a denial of service via the ports2PORT function at the portmap.c:69 endpoint. (CVE-2023-27788)

An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the cidr2cidr function at the cidr.c:178 endpoint. (CVE-2023-27789)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27783
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27784
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27785
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27786
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27787
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27788
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27789
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UE3J4LKYFNKPKNSLDQK4JG36THQMQH3V/
========================

Updated package in core/updates_testing:
========================
tcpreplay-4.4.2-1.1.mga8

from SRPM:
tcpreplay-4.4.2-1.1.mga8.src.rpm

Status: NEW => ASSIGNED
Whiteboard: MGA8TOO => (none)
Source RPM: tcpreplay-4.4.3-1.mga9.src.rpm => tcpreplay-4.4.2-1.mga8.src.rpm
Version: Cauldron => 8
Assignee: pkg-bugs => qa-bugs
Status comment: Patches available from Fedora => (none)
CC: (none) => nicolas.salguero

Comment 3 Herman Viaene 2023-05-19 11:38:07 CEST

MGA8-64 MATE on Acer Aspire 5253
No installation issues
Ref bug 30822 for testing
# tcprewrite --infile=wiresharktest50 --outfile=new.pcap --dstipmap=0.0.0.0/0:192.168.2.7
# tcpreplay --intf1=wlp7s0 new.pcap
Actual: 50 packets (15637 bytes) sent in 20.30 seconds
Rated: 769.9 Bps, 0.006 Mbps, 2.46 pps
Flows: 9 flows, 0.44 fps, 28 flow packets, 22 non-flow
Statistics for network device: wlp7s0
	Successful packets:        50
	Failed packets:            0
	Truncated packets:         0
	Retried packets (ENOBUFS): 0
	Retried packets (EAGAIN):  0
To the contrary of bug 30822, the command stopped by itself.
Looks OK, but my wifi was not working anymore, network center showed connected, but nothing comes thru. I had to disconnect and reconnect, and then all was normal.
I'll OK the update, I've got the idea that the tcpreplay somehow interrupts the normal working of the network interface. If this behavior is not OK, the block the update.

Whiteboard: (none) => MGA8-64-OK
CC: (none) => herman.viaene

Comment 4 Thomas Andrews 2023-05-23 14:09:10 CEST

I watched a few videos on using tcpreplay, and I saw nothing that mentioned restarting the interface, but none of them appeared to be using wifi for it. All used an "eth(N)" interface. So that was no help.

I would validate, but the behavior with the wifi troubles me, as my knowledge of such things is limited. So I ask: Is it OK, or not?

CC: (none) => andrewsfarm

Comment 5 Herman Viaene 2023-05-23 18:00:30 CEST

I checked previous updates and Brian and myself were the only ones to use the wifi in the command. But neither of us made any note on wifi begavior after the test.
I cann't do the test again, since the laptop involved is now taken by an M9 upgrade exercise.

Comment 6 Thomas Andrews 2023-05-24 02:04:03 CEST

OK, sending it on. Validating. Advisory in comment 2.

CC: (none) => sysadmin-bugs
Keywords: (none) => validated_update

Dave Hodgins 2023-05-30 18:34:00 CEST

CC: (none) => davidwhodgins
Keywords: (none) => advisory

Comment 7 Mageia Robot 2023-05-31 08:42:44 CEST

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2023-0188.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.