Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 46258
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Tobias Weisserth <tobias@weisserth.de>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
condordes: ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 46258 depends on: 38206 Show dependency tree
Bug 46258 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2004-03-30 10:40 0000 
TCPDUMP v3.8.1 and earlier versions contain multiple flaws in the
   packet display functions for the ISAKMP protocol.  Upon receiving
   specially crafted ISAKMP packets, TCPDUMP will try to read beyond
   the end of the packet capture buffer and crash.

The vendor was notified and they have released an updated version
   of TCPDUMP, version 3.8.2, which fixes these defects.  Subsequently,
   the version number was bumped to 3.8.3 to match libpcap.

See the URL for more info.

Reproducible: Always
Steps to Reproduce:

------- Comment #1 From solar 2004-03-30 12:02:30 0000 ------- 
Tobias,

Feel free to start including your recommended tip for resolution on bugs you 
report. Also I know it may seem redundant but could you include the url in the 
body of the report. Reason: Any reporter/commenter can pretty much overwrite 
the  URL field here. http://www.rapid7.com/advisories/R7-0017.html
-thanks.

---------------------------
bumped portage to tcpdump-3.8.3
KEYWORDS="~x86 ~ppc ~sparc ~alpha ~mips ~hppa ~ia64 ~amd64"

current stable tcpdump for arches looks like.
tcpdump-3.7.2.ebuild:KEYWORDS="x86 ppc sparc alpha mips hppa ia64"
tcpdump-3.8.1.ebuild:KEYWORDS="~x86 ppc sparc alpha ~mips hppa ia64 amd64"

Arch maintainers please test and mark stable when ready.

------- Comment #2 From Jason Wever (RETIRED) 2004-03-30 12:21:29 0000 ------- 
Are we going to be updating libpcap as well (as recommended in the advisory) or
just tcpdump?

------- Comment #3 From solar 2004-03-30 13:06:47 0000 ------- 
libpcap-0.8.3 just added to the portage tree as 
KEYWORDS="~x86 ~ppc ~sparc ~alpha ~mips ~hppa ~amd64 ~ia64"

------- Comment #4 From solar 2004-03-30 13:20:03 0000 ------- 
The depends on the tcpdump could use some love.
First arch testing please try current pcap.

------- Comment #5 From Jason Wever (RETIRED) 2004-03-30 13:29:40 0000 ------- 
Seems to do the trick for me here with both old and new libpcap.  marked both
libpcap and tcpdump stable on sparc.

------- Comment #6 From solar 2004-03-30 13:31:31 0000 ------- 
mboman, others..

Do you know why libpcap.ebuild installs pcap to /usr/lib/libpcap.so.0.6 ?
Oversight or is this pkg supposed to have some funky magic going like 
openssl? Should it not be /usr/lib/libpcap.so.0.8 ?

------- Comment #7 From Joshua J. Berry (CondorDes) (RETIRED) 2004-03-30 23:06:19 0000 ------- 
AFAICT, this is a dup of bug 38206.

------- Comment #8 From Jason Huebel (RETIRED) 2004-03-31 11:19:40 0000 ------- 
stable on amd64

------- Comment #9 From Kurt Lieber 2004-03-31 11:56:37 0000 ------- 
sparc, ppc, x86: plztest

------- Comment #10 From Gustavo Zacarias (RETIRED) 2004-03-31 11:59:52 0000 ------- 
It's already stable on sparc...

------- Comment #11 From solar 2004-03-31 12:45:36 0000 ------- 
The QA going here has me worried.. You guys are marking stable without 
paying attention at all to comment #6 in regards to both libpcap which
is now KEYWORDS="~x86 ~ppc sparc ~alpha ~mips ~hppa amd64 ~ia64" and the
depends for tcpdump-3.8.3

------- Comment #12 From Jason Wever (RETIRED) 2004-03-31 12:49:43 0000 ------- 
Comment #6 didn't exist when I stabilized it.  If it's causing known breaks in
programs I'm willing to downgrade it.

------- Comment #13 From solar 2004-03-31 13:20:16 0000 ------- 
Also comment #4

Here is precisely what I think needs to happen for tcpdump.

-DEPEND=">=net-libs/libpcap-0.6.1
-	ssl? ( >=dev-libs/openssl-0.6.9 )"
+DEPEND=">=net-libs/libpcap-0.8.3
+	ssl? ( >=dev-libs/openssl-0.9.6m )"

------------------------------------------------------------------------
And for libpcap
-	gcc -Wl,-soname,libpcap.so.0 -shared -fPIC -o libpcap.so.0.6 *.o
+	gcc -Wl,-soname,libpcap.so.0 -shared -fPIC -o libpcap.so.${PV:0:3} *.o
 	assert "couldn't make a shared lib"
 }
 
@@ -31,9 +31,9 @@ src_install() {
 	einstall || die
 
 	insopts -m 755
-	insinto /usr/lib ; doins libpcap.so.0.6
-	dosym /usr/lib/libpcap.so.0.6 /usr/lib/libpcap.so.0
-	dosym /usr/lib/libpcap.so.0.6 /usr/lib/libpcap.so
+	insinto /usr/lib ; doins libpcap.so.${PV:0:3}
+	dosym /usr/lib/libpcap.so.${PV:0:3} /usr/lib/libpcap.so.0
+	dosym /usr/lib/libpcap.so.${PV:0:3} /usr/lib/libpcap.so

------------------------------------------------------------------------
On my local box I have made these changes then
emerge -C libpcap tcpdump
emerge tcpdump

I can merge these changes if a second developer says that these changes 
look like the ideal solution.

------- Comment #14 From Jason Wever (RETIRED) 2004-03-31 14:08:01 0000 ------- 
The changes work for me and look good.  If we want to make sure users are using
them though, we may have to -r1 each of them since they are live for all ~arch
users.

------- Comment #15 From solar 2004-03-31 22:00:45 0000 ------- 
updated both packages in portage to -r1 and added generic metadata.xml to
tcpdump

------- Comment #16 From Andy Dustman 2004-04-01 09:19:16 0000 ------- 
See bug #37184 comment #14. -finline-functions needs to be filtered from CFLAGS
for the same reasons as -O3; -O3 implies -finline-functions, and it is the real
cause of the build problems. Here's the patch I came up with for 3.8.1:

--- tcpdump-3.8.1.ebuild        2004-01-15 09:37:48.000000000 -0500
+++ tcpdump-3.8.1-r1.ebuild     2004-02-11 09:26:35.146081000 -0500
@@ -22,6 +22,7 @@

 src_compile() {
        replace-flags -O[3-9] -O2
+       filter-flags -finline-functions

        econf `use_with ssl crypto` `use_enable ipv6` || die
        make CCOPT="$CFLAGS" || die

------- Comment #17 From solar 2004-04-03 03:49:36 0000 ------- 
Added filter-flags -finline-functions and moved to stable on x86

Current status on tcpdump is as.

libpcap-0.8.3-r1:
KEYWORDS="x86 ppc ~sparc ~alpha ~mips ~hppa ~amd64 ~ia64"

tcpdump-3.8.3-r1:
KEYWORDS="x86 ppc ~sparc ~alpha ~mips ~hppa ~ia64 ~amd64"

sparc & amd64 have the prev revision of both marked stable.
This basicly covers core arches now.

------- Comment #18 From Joshua J. Berry (CondorDes) (RETIRED) 2004-04-04 12:24:30 0000 ------- 
Is this ready for a GLSA then?

I drafted one for bug 38206, which seems like it should apply to both of these.

------- Comment #19 From solar 2004-04-04 14:41:32 0000 ------- 
CondorDes,

Yeah.. It's good to go. 
unless amd64, sparc mark -r1 stable before you send it out 
we just need to be sure to Note the following versions.
>=libpcap-0.8.3
>=tcpdump-3.8.3

------- Comment #20 From Jason Wever (RETIRED) 2004-04-04 15:20:35 0000 ------- 
sparc is stable with the -r1s for tcpdump and libpcap

------- Comment #21 From Jon Portnoy (RETIRED) 2004-04-04 15:33:37 0000 ------- 
I just marked both -r1s stable on amd64.

------- Comment #22 From solar 2004-04-04 16:08:12 0000 ------- 
Thanks.

For the GLSA you can now use.
>=libpcap-0.8.3-r1
>=tcpdump-3.8.3-r1

------- Comment #23 From Aron Griffis (RETIRED) 2004-04-04 20:15:39 0000 ------- 
These are marked stable on alpha and ia64 now

------- Comment #24 From Joshua J. Berry (CondorDes) (RETIRED) 2004-04-04 23:36:45 0000 ------- 
Can two people from security@ please review
https://dev.gentoo.org/glsamaker/frame-view.php?id=aaa20be62fe13261d2cab134e4d3d52f
?

(And can someone who has access please change the unaffected versions listed in
the GLSA to the -r1s that were just added?)

Thanks.

------- Comment #25 From SpanKY 2004-04-05 00:11:14 0000 ------- 
hppa & ppc should be set now

------- Comment #26 From SpanKY 2004-04-05 00:24:13 0000 ------- 
and mips should be set now

------- Comment #27 From Andrea Barisani (RETIRED) 2004-04-05 00:55:49 0000 ------- 
The GLSA looks fine to me, there is only a typo: 'responsbile'

------- Comment #28 From Kurt Lieber 2004-04-05 01:12:20 0000 ------- 
fixed the typo andrea found, changed versions to -r1, added space between
'emerge sync' and the rest of the <code> section to be consistent with earlier
GLSAs.

Also, I upgraded the severity from normal to high since this vuln. allows for
remote execution of arbitrary code, albeit not as root.

------- Comment #29 From Joshua J. Berry (CondorDes) (RETIRED) 2004-04-05 09:16:47 0000 ------- 
klieber -- Can you add the '-r1's to the code in the resolution as well?

...and then is this ready to send?

------- Comment #30 From Kurt Lieber 2004-04-05 09:20:47 0000 ------- 
done and I moved it to 200404-02.  It can't go out until 01 goes out (or I need
to swap numbers with 01)

--kurt

------- Comment #31 From Joshua J. Berry (CondorDes) (RETIRED) 2004-04-06 00:22:51 0000 ------- 
*** Bug 38206 has been marked as a duplicate of this bug. ***

------- Comment #32 From Joshua J. Berry (CondorDes) (RETIRED) 2004-04-06 13:21:17 0000 ------- 
GLSA 200404-03.
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug