0day.today - Ce-a mai mare baze de date de exploit-uri din lume.
![](/img/logo_green.jpg)
Folosim un singur domeniu DOMAIN_LINK
Dacă dorești să cumperi un exploit sau să platești pentru un serviciu, trebuie să cumperi Gold. Nu dormim să folosim site-ul pentru scopuri informatice negative (hacking), prin urmare orice tip de acțiune de hacking care poate afecta ilegal alți utilizatori sau pagini web la care nu ești proprietar va fi pedepsită cu blocarea contului permanentă incluzand distrugerea datelor tale care aparțin de cont.
Administrația acestui website folosește adresele oficiale de contact. Atenție la impostori!
![We DO NOT use Telegram or any messengers / social networks!](/img/no_telegram_big.png)
Please, beware of scammers!
- Citiți [ acordul ]
- Citiți [ trimite ] reguli
- Vizitați [ Întrebări frecvente. ] pagină
- [ Înregistrare ] profil
- Obține [ GOLD ]
- Dacă dorești să [ vinzi ]
- Dacă dorești să [ cumperi ]
- Dacă ați pierdut [ cont-ul vizitați această pagină. ]
- Orice întrebări [ [email protected] ]
- Pagină de autorizare
- Pagină de Înregistrare
- Pagină de restaurare a unui cont
- Pagina FAQ
- Pagina de contact
- Regulamentul pentru post-uri
- Pagina de acorduri
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Ne puteți contacta prin:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Tcpreplay 4.1.2 tcpcapinfo Buffer Overflow Vulnerability
Autor
Risc
![](/img/risk/critlow_3.gif)
Nivel de securitate mare
]0day-ID
Categorie
Data
CVE
Platformă
Document Title: =============== CVE-2017-6429: Buffer overflow vulnerability in Tcpreplay tcpcapinfo utility Vendor: ======= Appneta (https://www.appneta.com/) Product and Versions Affected: ============================== Tcpreplay 4.1.2 and possibly prior. Fixed Version: ============== 4.2.0 Beta 1 Product Description: ==================== Tcpreplay is a suite of GPLv3 licensed utilities for UNIX (and Win32 under Cygwin) operating systems for editing and replaying network traffic which was previously captured by tools like tcpdump and Ethereal/Wireshark. Vulnerability Type: =================== Buffer Overflow CVE Reference: ============== CVE-2017-6429 Vulnerability Details: ====================== Tcpcapinfo utility of Tcpreplay have a buffer overflow vulnerability associated with parsing a crafted pcap file. This occurs in the src/tcpcapinfo.c file when capture has a packet that is too large to handle. GDB Dump: ========= ---------Backtrace:----------- /lib/x86_64-linux-gnu/libc.so.6(+0x7338f)[0x7ffff7a8838f] /lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x5c)[0x7ffff7b1fc9c] /lib/x86_64-linux-gnu/libc.so.6(+0x109b60)[0x7ffff7b1eb60] /lib/x86_64-linux-gnu/libc.so.6(+0x109fed)[0x7ffff7b1efed] /home/raras/Desktop/Untitled Folder/tcpreplay-4.1.2/src/tcpcapinfo[0x40228c] /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5)[0x7ffff7a36ec5] /home/raras/Desktop/Untitled Folder/tcpreplay-4.1.2/src/tcpcapinfo[0x4028dc] ======= Memory map: ======== 00400000-0041b000 r-xp 00000000 08:01 453864 /home/raras/Desktop/Untitled Folder/tcpreplay-4.1.2/src/tcpcapinfo 0061a000-0061b000 r--p 0001a000 08:01 453864 /home/raras/Desktop/Untitled Folder/tcpreplay-4.1.2/src/tcpcapinfo 0061b000-0061c000 rw-p 0001b000 08:01 453864 /home/raras/Desktop/Untitled Folder/tcpreplay-4.1.2/src/tcpcapinfo 0061c000-0063e000 rw-p 00000000 00:00 0 [heap] 7ffff77fe000-7ffff7814000 r-xp 00000000 08:01 660352 /lib/x86_64-linux-gnu/libgcc_s.so.1 7ffff7814000-7ffff7a13000 ---p 00016000 08:01 660352 /lib/x86_64-linux-gnu/libgcc_s.so.1 7ffff7a13000-7ffff7a14000 r--p 00015000 08:01 660352 /lib/x86_64-linux-gnu/libgcc_s.so.1 7ffff7a14000-7ffff7a15000 rw-p 00016000 08:01 660352 /lib/x86_64-linux-gnu/libgcc_s.so.1 7ffff7a15000-7ffff7bd0000 r-xp 00000000 08:01 660238 /lib/x86_64-linux-gnu/libc-2.19.so 7ffff7bd0000-7ffff7dcf000 ---p 001bb000 08:01 660238 /lib/x86_64-linux-gnu/libc-2.19.so 7ffff7dcf000-7ffff7dd3000 r--p 001ba000 08:01 660238 /lib/x86_64-linux-gnu/libc-2.19.so 7ffff7dd3000-7ffff7dd5000 rw-p 001be000 08:01 660238 /lib/x86_64-linux-gnu/libc-2.19.so 7ffff7dd5000-7ffff7dda000 rw-p 00000000 00:00 0 7ffff7dda000-7ffff7dfd000 r-xp 00000000 08:01 660214 /lib/x86_64-linux-gnu/ld-2.19.so 7ffff7fd5000-7ffff7fd8000 rw-p 00000000 00:00 0 7ffff7ff4000-7ffff7ff8000 rw-p 00000000 00:00 0 7ffff7ff8000-7ffff7ffa000 r--p 00000000 00:00 0 [vvar] 7ffff7ffa000-7ffff7ffc000 r-xp 00000000 00:00 0 [vdso] 7ffff7ffc000-7ffff7ffd000 r--p 00022000 08:01 660214 /lib/x86_64-linux-gnu/ld-2.19.so 7ffff7ffd000-7ffff7ffe000 rw-p 00023000 08:01 660214 /lib/x86_64-linux-gnu/ld-2.19.so 7ffff7ffe000-7ffff7fff000 rw-p 00000000 00:00 0 7ffffffde000-7ffffffff000 rw-p 00000000 00:00 0 [stack] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] 1 1260 134217964 575b56ff.0 Program received signal SIGABRT, Aborted. [----------------------------------registers-----------------------------------] RAX: 0x0 RBX: 0x70 ('p') RCX: 0xffffffffffffffff RDX: 0x6 RSI: 0xcc0b RDI: 0xcc0b RBP: 0x7fffffffb500 --> 0x7ffff7b944c2 ("buffer overflow detected") RSP: 0x7fffffffb1e8 --> 0x7ffff7a4f0d8 (<__GI_abort+328>: mov rdx,QWORD PTR fs:0x10) RIP: 0x7ffff7a4bcc9 (<__GI_raise+57>: cmp rax,0xfffffffffffff000) R8 : 0x7ffff7b8bdc0 ("0123456789abcdefghijklmnopqrstuvwxyz") R9 : 0x61bd80 --> 0x7ffff7dd41c0 --> 0xfbad2086 R10: 0x8 R11: 0x246 R12: 0x7fffffffb370 --> 0x1 R13: 0x5 R14: 0x70 ('p') R15: 0x5 EFLAGS: 0x246 (carry PARITY adjust ZERO sign trap INTERRUPT direction overflow) [-------------------------------------code-------------------------------------] 0x7ffff7a4bcbf <__GI_raise+47>: movsxd rdi,ecx 0x7ffff7a4bcc2 <__GI_raise+50>: mov eax,0xea 0x7ffff7a4bcc7 <__GI_raise+55>: syscall => 0x7ffff7a4bcc9 <__GI_raise+57>: cmp rax,0xfffffffffffff000 0x7ffff7a4bccf <__GI_raise+63>: ja 0x7ffff7a4bcea <__GI_raise+90> 0x7ffff7a4bcd1 <__GI_raise+65>: repz ret 0x7ffff7a4bcd3 <__GI_raise+67>: nop DWORD PTR [rax+rax*1+0x0] 0x7ffff7a4bcd8 <__GI_raise+72>: test eax,eax [------------------------------------stack-------------------------------------] 0000| 0x7fffffffb1e8 --> 0x7ffff7a4f0d8 (<__GI_abort+328>: mov rdx,QWORD PTR fs:0x10) 0008| 0x7fffffffb1f0 --> 0x20 (' ') 0016| 0x7fffffffb1f8 --> 0x0 0024| 0x7fffffffb200 --> 0x0 0032| 0x7fffffffb208 --> 0x0 0040| 0x7fffffffb210 --> 0x0 0048| 0x7fffffffb218 --> 0x0 0056| 0x7fffffffb220 --> 0x0 [------------------------------------------------------------------------------] Legend: code, data, rodata, value Stopped reason: SIGABRT 0x00007ffff7a4bcc9 in __GI_raise (sig=sig@entry=0x6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56 56 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory. Patch: ====== src/tcpcapinfo.c @@ -281,6 +281,15 @@ main(int argc, char *argv[]) caplen = pcap_ph.caplen; } + if (caplentoobig) { + printf("\n\nCapture file appears to be damaged or corrupt.\n" + "Contains packet of size %u, bigger than snap length %u\n", + caplen, pcap_fh.snaplen); + + close(fd); + break; + } + /* check to make sure timestamps don't go backwards */ if (last_sec > 0 && last_usec > 0) { if ((pcap_ph.ts.tv_sec == last_sec) ? @@ -306,7 +315,7 @@ main(int argc, char *argv[]) } close(fd); - continue; + break; } /* print the frame checksum */ References: =========== https://github.com/appneta/tcpreplay/issues/278 https://github.com/appneta/tcpreplay/releases/tag/v4.2.0-beta1 Vulnerability Disclosure Timeline: ================================== 2017-02-08: Bug Report Submission & Coordination 2017-03-05: Public Disclosure Credit: ======= AromalUllas # 0day.today [2024-07-02] #