Bug 33432 - tcpreplay new security issue CVE-2024-3024
Summary: tcpreplay new security issue CVE-2024-3024
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 9
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA9-32-OK, MGA9-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2024-07-25 09:17 CEST by Nicolas Salguero
Modified: 2024-09-16 19:45 CEST (History)
4 users (show)

See Also:
Source RPM: tcpreplay-4.4.3-2.1.mga9.src.rpm
CVE: CVE-2024-3024
Status comment: Fixed in v4.5.1


Attachments

Nicolas Salguero 2024-07-25 09:17:37 CEST

Source RPM: (none) => tcpreplay-4.4.3-2.1.mga9.src.rpm
CVE: (none) => CVE-2024-3024

Comment 1 Lewis Smith 2024-07-25 21:37:01 CEST
The given URL announces a new version of tcpreplay:
Announcing v4.5.1
This release contains contributions from a record number of new contributors.
This is greatly appreciated since I am a team of one, and do Tcpreplay
maintenance in my spare time.
There are many bug fixes and new features.

The project site download page:
 http://tcpreplay.appneta.com/wiki/installation.html#download-releases
Download Releases for Users
Latest release:
tcpreplay-4.5.1.tar.xz
https://github.com/appneta/tcpreplay/releases/download/v4.4.2/tcpreplay-4.5.1.tar.xz

* Sat Jul 13 2024 Bojan Smojver <bojan@rexursive com> - 4.5.1-1
- Update to 4.5.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2271992 - CVE-2024-3024 tcpreplay: heap-based buffer overflow

This is already in Cauldron (DavidG); it looks OK to update M9.

Assignee: bugsquad => geiger.david68210
Status comment: (none) => Fixed in v4.5.1

Comment 2 David GEIGER 2024-09-11 17:54:13 CEST
Assigning to QA,

Packages in 9/Core/Updates_testing:
======================
tcpreplay-4.5.1-1.mga9

From SRPMS:
tcpreplay-4.5.1-1.mga9.src.rpm

Assignee: geiger.david68210 => qa-bugs

katnatek 2024-09-11 19:26:06 CEST

Keywords: (none) => advisory

Comment 3 Brian Rockwell 2024-09-15 03:09:01 CEST
# tcpreplay -i wlp4s0 t
tmp/        tpcap.pcap  
[root@localhost brian]# tcpreplay -i wlp4s0 tpcap.pcap
Warning: flow_decode failed to determine Ethernet header length for packet 1
Warning: flow_decode failed to determine Ethernet header length for packet 3

Warning: flow_decode failed to determine Ethernet header length for packet 51
Warning: flow_decode failed to determine Ethernet header length for packet 95
Warning: flow_decode failed to determine Ethernet header length for packet 97
Warning: flow_decode failed to determine Ethernet header length for packet 99
Warning: flow_decode failed to determine Ethernet header length for packet 100
Warning: flow_decode failed to determine Ethernet header length for packet 102
Warning: flow_decode failed to determine Ethernet header length for packet 103
Actual: 103 packets (9750 bytes) sent in 44.04 seconds
Rated: 221.3 Bps, 0.001 Mbps, 2.33 pps
Flows: 13 flows, 0.29 fps, 89 unique flow packets, 5 unique non-flow packets
Statistics for network device: wlp4s0
	Successful packets:        103
	Failed packets:            0
	Truncated packets:         0
	Retried packets (ENOBUFS): 0
	Retried packets (EAGAIN):  0

Whiteboard: (none) => MGA9-32-OK
CC: (none) => brtians1

Comment 4 Len Lawrence 2024-09-15 20:03:16 CEST
mga9, x64
CVE-2024-3024
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3024
PoC data at https://vuldb.com/?id.258333
No indication about how to test this so the best we can do is treat it as a pcap file and hope for the best.  There is supposed to be more information at Google Drive but I don't have access.
Before update:
# tcpreplay -i enp0s13f0u1u4 poc.pcap

Failed: Error opening pcap file: unknown file format

Cannot draw any conclusions from this.
# file poc.pcap
poc.pcap: ASCII text

The first 8 bytes are c3d4 a1b2 0002 0004 which match those of a valid .pcap file - they differ beyond that.
# file test2.pcap
test2.pcap: pcap capture file, microsecond ts (little-endian) - version 2.4 (Linux cooked v1, capture length 262144)

Giving up on that.

Updated the package and ran Brian's command again:

# tcpreplay -i enp0s13f0u1u4 test2.pcap

^C User interrupt...
sendpacket_abort
Actual: 14 packets (1456 bytes) sent in 9.52 seconds
Rated: 152.8 Bps, 0.001 Mbps, 1.46 pps
Flows: 8 flows, 0.83 fps, 13 unique flow packets, 1 unique non-flow packets
Statistics for network device: enp0s13f0u1u4
	Successful packets:        13
	Failed packets:            0
	Truncated packets:         0
	Retried packets (ENOBUFS): 0
	Retried packets (EAGAIN):  0

No regression there.

CC: (none) => tarazed25

Len Lawrence 2024-09-15 20:05:03 CEST

Whiteboard: MGA9-32-OK => MGA9-32-OK, MGA9-64-OK

katnatek 2024-09-15 20:06:31 CEST

CC: (none) => andrewsfarm

Comment 5 Thomas Andrews 2024-09-16 02:21:46 CEST
Validating.

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 6 Mageia Robot 2024-09-16 19:45:47 CEST
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2024-0305.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.