Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 753146 (CVE-2020-8036, CVE-2020-8037) - <net-analyzer/tcpdump-4.9.3-r4: Denial of service via PPP dissector (CVE-2020-8037)
Summary: <net-analyzer/tcpdump-4.9.3-r4: Denial of service via PPP dissector (CVE-2020...
Status: RESOLVED FIXED
Alias: CVE-2020-8036, CVE-2020-8037
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor
Assignee: Gentoo Security
URL:
Whiteboard: B3 [noglsa]
Keywords: CC-ARCHES
Depends on:
Blocks:
 
Reported: 2020-11-04 20:03 UTC by Sam James
Modified: 2020-11-08 13:23 UTC (History)
2 users (show)

See Also:
Package list:
net-analyzer/tcpdump-4.9.3-r4
Runtime testing required: ---
nattka: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-11-04 20:03:33 UTC 
* CVE-2020-8036

Description:
"The tok2strbuf() function in tcpdump 4.10.0-PRE-GIT was used by the SOME/IP dissector in an unsafe way."

https://github.com/the-tcpdump-group/tcpdump/commit/e2256b4f2506102be2c6f7976f84f0d607c53d43

* CVE-2020-8037

Description:
"The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory."

https://github.com/the-tcpdump-group/tcpdump/commit/32027e199368dad9508965aae8cd8de5b6ab5231
Comment 1 Larry the Git Cow gentoo-dev 2020-11-07 01:44:59 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5ffa42e571f5f14a5a3400a8993a4b7745a852ef

commit 5ffa42e571f5f14a5a3400a8993a4b7745a852ef
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2020-11-07 01:44:47 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2020-11-07 01:44:47 +0000

    net-analyzer/tcpdump: patch CVE-2020-8037
    
    Note that CVE-2020-8036 is already fixed in the version
    of 4.10.x packaged in Gentoo and 4.9.x is unaffected
    (the relevant functionality simply did not exist).
    
    Bug: https://bugs.gentoo.org/753146
    Package-Manager: Portage-3.0.8, Repoman-3.0.2
    Signed-off-by: Sam James <sam@gentoo.org>

 .../files/tcpdump-4.9.3-CVE-2020-8037.patch        | 63 ++++++++++++++++
 net-analyzer/tcpdump/tcpdump-4.10.0_rc1-r1.ebuild  | 22 ++----
 net-analyzer/tcpdump/tcpdump-4.9.3-r4.ebuild       | 86 ++++++++++++++++++++++
 3 files changed, 157 insertions(+), 14 deletions(-)
Comment 2 Sergei Trofimovich (RETIRED) gentoo-dev 2020-11-07 20:43:42 UTC 
hppa/sparc stable
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-11-08 00:25:06 UTC 
arm64 done
Comment 4 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-11-08 00:27:14 UTC 
arm done
Comment 5 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-11-08 00:28:30 UTC 
amd64 done
Comment 6 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2020-11-08 13:23:13 UTC 
No glsa this time.