Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 176558 - net-misc/rarpd Denial of Service
Summary: net-misc/rarpd Denial of Service
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://secunia.com/advisories/25061/
Whiteboard: B3 [noglsa] p-y
Keywords:
Depends on:
Blocks:
 
Reported: 2007-04-30 12:02 UTC by Pierre-Yves Rofes (RETIRED)
Modified: 2007-05-20 11:55 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-04-30 12:02:54 UTC
A vulnerability has been reported in iputils, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an unspecified error within rarpd when handling certain packets. This can be exploited to stop the rarpd from responding by sending specially crafted replies.

Solution:
Use in trusted network environments only.

Provided and/or discovered by:
Reported in a SUSE advisory.
Comment 1 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-04-30 12:07:54 UTC
cc'ing herd and setting status (It's upstream, but it seems Suse has already fixed it:
http://lists.suse.com/archive/suse-security-announce/2007-Apr/0007.html )
Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-04-30 12:37:06 UTC
According to SUSE changelog:

- ipsec-tools remote denial of service 
 
  A bug in the IKE daemon "racoon" allowed remote attackers to shut 
  down established tunnels (CVE-2007-1841). 

Somehow Secunia missed the CVE reference.

*** This bug has been marked as a duplicate of bug 173219 ***
Comment 3 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-04-30 14:05:31 UTC
jaervosz: wrt this is not about the "ipsec-tools remote DoS" but the "rarpd minor DoS". Given that rarpd is part of iputils, this issue still stands I think.
Comment 4 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-04-30 14:14:21 UTC
Oh, it was further down in the Changelog. I mixed up iputils and ipsec-tools somehow. Thanks for pointing this out Pierre.

base-system please advise and bump as necessary.
Comment 5 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-04-30 14:23:11 UTC
Suse has already patched this.
Comment 6 SpanKY gentoo-dev 2007-05-05 05:35:38 UTC
the rarpd in iputils is fine ... the suse report is talking about net-misc/rarpd
Comment 7 SpanKY gentoo-dev 2007-05-05 05:50:02 UTC
i'm not sure we're affected ... the code in question is based on changes that suse wrote when updating from libnet-1.0 to libnet-1.1 ...

either way, rarpd-1.1-r3 in portage with all of SuSE's fixes
Comment 8 SpanKY gentoo-dev 2007-05-05 05:50:17 UTC
oops, didnt mean to close
Comment 9 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-05-05 06:34:58 UTC
Thx for the clarification Vapier.

If someone have the time I have a POC to test wether we're affected before calling arches, just poke me.
Comment 10 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2007-05-08 21:10:08 UTC
(In reply to comment #9)
> Thx for the clarification Vapier.
> 
> If someone have the time I have a POC to test wether we're affected before
> calling arches, just poke me.
> 

i fail to perform any interesting thing with this PoC and rarpd-1.1-r2. The rarpd daemon memory doesn't grow at all, and it goes on responding. (either the targetted ether address is in /etc/ethers or not).

I added an adequate entry in /etc/ethers, then i ran rarpd -v, and:

while ((1)) do; ./a.out; done

all it is doing is flooding my syslog.

x86, libnet-1.0.2a-r3, libpcap-0.9.5
Comment 11 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-05-19 22:59:48 UTC
Since we can't reproduce I call a vote and vote NO GLSA.
Comment 12 Matt Drew (RETIRED) gentoo-dev 2007-05-20 11:50:49 UTC
/vote no, can't reproduce (and rarpd is pretty rare in actual use as it is).
Comment 13 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-05-20 11:55:38 UTC
Fixing severity level.

Two NO votes -> Closing with NO GLSA. Feel free to reopen if you disagree.