Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 753146 (CVE-2020-8036, CVE-2020-8037)

Summary: <net-analyzer/tcpdump-4.9.3-r4: Denial of service via PPP dissector (CVE-2020-8037)
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: sam, zlogene
Priority: Normal Keywords: CC-ARCHES
Version: unspecifiedFlags: nattka: sanity-check+
Hardware: All   
OS: Linux   
Whiteboard: B3 [noglsa]
Package list:
net-analyzer/tcpdump-4.9.3-r4
Runtime testing required: ---

Description Sam James archtester gentoo-dev Security 2020-11-04 20:03:33 UTC
* CVE-2020-8036

Description:
"The tok2strbuf() function in tcpdump 4.10.0-PRE-GIT was used by the SOME/IP dissector in an unsafe way."

https://github.com/the-tcpdump-group/tcpdump/commit/e2256b4f2506102be2c6f7976f84f0d607c53d43

* CVE-2020-8037

Description:
"The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory."

https://github.com/the-tcpdump-group/tcpdump/commit/32027e199368dad9508965aae8cd8de5b6ab5231
Comment 1 Larry the Git Cow gentoo-dev 2020-11-07 01:44:59 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5ffa42e571f5f14a5a3400a8993a4b7745a852ef

commit 5ffa42e571f5f14a5a3400a8993a4b7745a852ef
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2020-11-07 01:44:47 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2020-11-07 01:44:47 +0000

    net-analyzer/tcpdump: patch CVE-2020-8037
    
    Note that CVE-2020-8036 is already fixed in the version
    of 4.10.x packaged in Gentoo and 4.9.x is unaffected
    (the relevant functionality simply did not exist).
    
    Bug: https://bugs.gentoo.org/753146
    Package-Manager: Portage-3.0.8, Repoman-3.0.2
    Signed-off-by: Sam James <sam@gentoo.org>

 .../files/tcpdump-4.9.3-CVE-2020-8037.patch        | 63 ++++++++++++++++
 net-analyzer/tcpdump/tcpdump-4.10.0_rc1-r1.ebuild  | 22 ++----
 net-analyzer/tcpdump/tcpdump-4.9.3-r4.ebuild       | 86 ++++++++++++++++++++++
 3 files changed, 157 insertions(+), 14 deletions(-)
Comment 2 Sergei Trofimovich (RETIRED) gentoo-dev 2020-11-07 20:43:42 UTC
hppa/sparc stable
Comment 3 Sam James archtester gentoo-dev Security 2020-11-08 00:25:06 UTC
arm64 done
Comment 4 Sam James archtester gentoo-dev Security 2020-11-08 00:27:14 UTC
arm done
Comment 5 Sam James archtester gentoo-dev Security 2020-11-08 00:28:30 UTC
amd64 done
Comment 6 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2020-11-08 13:23:13 UTC
No glsa this time.