Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 125491

Summary: net-analyzer/tcpick: denial of service (CVE-2006-0048)
Product: Gentoo Security Reporter: Tavis Ormandy (RETIRED) <taviso>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: enhancement CC: dragonheart, phreak, treecleaner
Priority: High Keywords: PMASKED
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [ebuild+ masked] PENDING REMOVAL Dec 04th 2006
Package list:
Runtime testing required: ---
Attachments:
Description Flags
pcap demo none

Description Tavis Ormandy (RETIRED) gentoo-dev 2006-03-08 08:40:42 UTC 
Andrea Barisani reports a denial of service in tcpick

 (gdb) run -a -Y -yP -n -i eth0 "not port 22"
 Starting program: ./tcpick-0.2.1/src/tcpick -a -yP -n -i eth0 "not port 22"
 Starting tcpick 0.2.1 at 2006-03-08 16:27 CET
 ...
 Program received signal SIGSEGV, Segmentation fault.
 out_p (out=0xb7f8d5e0, buf=0x808b000 <Address 0x808b000 out of bounds>, buflen=-133301) a
 t display.c:216
 216                     if( ( isascii( CHAR ) && !iscntrl( CHAR ) ) || 
 (gdb) bt
 #0  out_p (out=0xb7f8d5e0, buf=0x808b000 <Address 0x808b000 out of bounds>, buflen=-13330
 1) at display.c:216
 #1  0x0804aa26 in got_packet (useless=0x0, hdr=0xbf9a6e60, packet=0x806a722 "") at loop.c
 :119
 #2  0x0804c245 in pcap_read_linux ()
 #3  0x0804d337 in pcap_loop ()
 #4  0x0804b09f in main (argc=7, argv=0xbf9a6fe4) at tcpick.c:264
 (gdb)
Comment 1 Tavis Ormandy (RETIRED) gentoo-dev 2006-03-08 08:41:09 UTC 
Created attachment 81691 [details]
pcap demo
Comment 2 Tavis Ormandy (RETIRED) gentoo-dev 2006-03-08 09:00:45 UTC 
adding dragonheart, a recent bumper
Comment 3 Thierry Carrez (RETIRED) gentoo-dev 2006-03-09 10:16:29 UTC 
This is CVE-2006-0048
Comment 4 Thierry Carrez (RETIRED) gentoo-dev 2006-03-12 03:45:15 UTC 
Upstream email doesn't work, sending to their public ML will open this bug...
Comment 5 Andrea Barisani (RETIRED) gentoo-dev 2006-03-20 01:51:42 UTC 
This is now public (just posted to tcpick-project ml).
Comment 6 Thierry Carrez (RETIRED) gentoo-dev 2006-04-09 09:22:15 UTC 
Anyone feels like designing a patch for this or should we just mask it ?
Comment 7 Tavis Ormandy (RETIRED) gentoo-dev 2006-04-21 07:21:23 UTC 
masked, lets have a maskglsa vote
Comment 8 Thierry Carrez (RETIRED) gentoo-dev 2006-04-21 08:36:39 UTC 
No mask GLSA for a B3, that's policy.
Keeping an enhancement to remember to get rid of it sometimes.
Comment 9 Daniel Black (RETIRED) gentoo-dev 2006-07-15 20:12:25 UTC 
Treecleaners - can you add this to your list of removals please.
Comment 10 Alec Warner (RETIRED) archtester gentoo-dev Security 2006-07-16 15:28:34 UTC 
Pmasked
Comment 11 Jakub Moc (RETIRED) gentoo-dev 2006-12-16 19:53:50 UTC 
# Christian Heim <phreak@gentoo.org> (04 Nov 2006)
# masking the following packages for treecleaners and bugs
# Pending removal Dec 04th 2006:
# #117662 - media-libs/janus
# #125491 - net-analyzer/tcpick
media-libs/janus
net-analyzer/tcpick

@phreak - about time to die for this package...
Comment 12 Christian Heim (RETIRED) gentoo-dev 2007-01-06 21:18:27 UTC 
(In reply to comment #11)
> net-analyzer/tcpick

Just got punted.