Bug 1047873 (CVE-2017-11108)

Summary: VUL-0: CVE-2017-11108: tcpdump: Crafted input allows for remote denial of service
Product: [Novell Products] SUSE Security Incidents Reporter: Johannes Segitz <jsegitz>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/188209/
Whiteboard: CVSSv2:SUSE:CVE-2017-11108:7.1:(AV:N/AC:M/Au:N/C:N/I:N/A:C) CVSSv3:SUSE:CVE-2017-11108:7.5:(AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: Reproducer
Patch for SLE-11 and 12.

Description Johannes Segitz 2017-07-10 06:40:56 UTC
Created attachment 731699 [details]
Reproducer

rh#1468504

tcpdump 4.9.0 allows remote attackers to cause a denial of service (heap-based
buffer over-read and application crash) via crafted packet data. The crash
occurs in the EXTRACT_16BITS function, called from the stp_print function for
the Spanning Tree Protocol.

valgrind tcpdump -ntr POC2

Tested on SLE 11 and 12

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1468504
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11108
http://www.cvedetails.com/cve/CVE-2017-11108/
Comment 1 Pedro Monreal Gonzalez 2017-07-25 10:14:30 UTC
Fixed upstream in version 4.9.1. See https://github.com/the-tcpdump-group/tcpdump/issues/616
Comment 2 Pedro Monreal Gonzalez 2017-07-25 13:28:09 UTC
Created attachment 733734 [details]
Patch for SLE-11 and 12.

Patch tested in SLE-12. Packages sent:

SUSE:SLE-12:Update     4.9.0    tcpdump-4.9.0-CVE-2017-11108.patch      sr#136368
SUSE:SLE-11:Update     3.9.8    tcpdump-3.9.8-CVE-2017-11108.patch      sr#136369
SUSE:SLE-10-SP3:Update 3.9.4    Not affected

Factory                4.9.0    tcpdump-4.9.0-CVE-2017-11108.patch      sr#512513
Leap:42.2:Update       Comes from SLE-12:Update
Leap:42.1:Update       Comes from SLE-12:Update
Comment 7 Swamp Workflow Management 2017-10-10 13:11:24 UTC
SUSE-SU-2017:2690-1: An update that fixes 5 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1047873,1057247
CVE References: CVE-2017-11108,CVE-2017-11541,CVE-2017-11542,CVE-2017-11543,CVE-2017-13011
Sources used:
SUSE Linux Enterprise Server 11-SP4 (src):    tcpdump-3.9.8-1.30.5.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    tcpdump-3.9.8-1.30.5.1
Comment 8 Swamp Workflow Management 2017-10-26 13:08:40 UTC
SUSE-SU-2017:2854-1: An update that fixes 90 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1047873,1057247
CVE References: CVE-2017-11108,CVE-2017-11541,CVE-2017-11542,CVE-2017-11543,CVE-2017-12893,CVE-2017-12894,CVE-2017-12895,CVE-2017-12896,CVE-2017-12897,CVE-2017-12898,CVE-2017-12899,CVE-2017-12900,CVE-2017-12901,CVE-2017-12902,CVE-2017-12985,CVE-2017-12986,CVE-2017-12987,CVE-2017-12988,CVE-2017-12989,CVE-2017-12990,CVE-2017-12991,CVE-2017-12992,CVE-2017-12993,CVE-2017-12994,CVE-2017-12995,CVE-2017-12996,CVE-2017-12997,CVE-2017-12998,CVE-2017-12999,CVE-2017-13000,CVE-2017-13001,CVE-2017-13002,CVE-2017-13003,CVE-2017-13004,CVE-2017-13005,CVE-2017-13006,CVE-2017-13007,CVE-2017-13008,CVE-2017-13009,CVE-2017-13010,CVE-2017-13011,CVE-2017-13012,CVE-2017-13013,CVE-2017-13014,CVE-2017-13015,CVE-2017-13016,CVE-2017-13017,CVE-2017-13018,CVE-2017-13019,CVE-2017-13020,CVE-2017-13021,CVE-2017-13022,CVE-2017-13023,CVE-2017-13024,CVE-2017-13025,CVE-2017-13026,CVE-2017-13027,CVE-2017-13028,CVE-2017-13029,CVE-2017-13030,CVE-2017-13031,CVE-2017-13032,CVE-2017-13033,CVE-2017-13034,CVE-2017-13035,CVE-2017-13036,CVE-2017-13037,CVE-2017-13038,CVE-2017-13039,CVE-2017-13040,CVE-2017-13041,CVE-2017-13042,CVE-2017-13043,CVE-2017-13044,CVE-2017-13045,CVE-2017-13046,CVE-2017-13047,CVE-2017-13048,CVE-2017-13049,CVE-2017-13050,CVE-2017-13051,CVE-2017-13052,CVE-2017-13053,CVE-2017-13054,CVE-2017-13055,CVE-2017-13687,CVE-2017-13688,CVE-2017-13689,CVE-2017-13690,CVE-2017-13725
Sources used:
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    tcpdump-4.9.2-14.5.1
SUSE Linux Enterprise Server 12-SP3 (src):    tcpdump-4.9.2-14.5.1
SUSE Linux Enterprise Server 12-SP2 (src):    tcpdump-4.9.2-14.5.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    tcpdump-4.9.2-14.5.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    tcpdump-4.9.2-14.5.1
Comment 9 Swamp Workflow Management 2017-10-27 22:08:56 UTC
openSUSE-SU-2017:2875-1: An update that fixes 90 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1047873,1057247
CVE References: CVE-2017-11108,CVE-2017-11541,CVE-2017-11542,CVE-2017-11543,CVE-2017-12893,CVE-2017-12894,CVE-2017-12895,CVE-2017-12896,CVE-2017-12897,CVE-2017-12898,CVE-2017-12899,CVE-2017-12900,CVE-2017-12901,CVE-2017-12902,CVE-2017-12985,CVE-2017-12986,CVE-2017-12987,CVE-2017-12988,CVE-2017-12989,CVE-2017-12990,CVE-2017-12991,CVE-2017-12992,CVE-2017-12993,CVE-2017-12994,CVE-2017-12995,CVE-2017-12996,CVE-2017-12997,CVE-2017-12998,CVE-2017-12999,CVE-2017-13000,CVE-2017-13001,CVE-2017-13002,CVE-2017-13003,CVE-2017-13004,CVE-2017-13005,CVE-2017-13006,CVE-2017-13007,CVE-2017-13008,CVE-2017-13009,CVE-2017-13010,CVE-2017-13011,CVE-2017-13012,CVE-2017-13013,CVE-2017-13014,CVE-2017-13015,CVE-2017-13016,CVE-2017-13017,CVE-2017-13018,CVE-2017-13019,CVE-2017-13020,CVE-2017-13021,CVE-2017-13022,CVE-2017-13023,CVE-2017-13024,CVE-2017-13025,CVE-2017-13026,CVE-2017-13027,CVE-2017-13028,CVE-2017-13029,CVE-2017-13030,CVE-2017-13031,CVE-2017-13032,CVE-2017-13033,CVE-2017-13034,CVE-2017-13035,CVE-2017-13036,CVE-2017-13037,CVE-2017-13038,CVE-2017-13039,CVE-2017-13040,CVE-2017-13041,CVE-2017-13042,CVE-2017-13043,CVE-2017-13044,CVE-2017-13045,CVE-2017-13046,CVE-2017-13047,CVE-2017-13048,CVE-2017-13049,CVE-2017-13050,CVE-2017-13051,CVE-2017-13052,CVE-2017-13053,CVE-2017-13054,CVE-2017-13055,CVE-2017-13687,CVE-2017-13688,CVE-2017-13689,CVE-2017-13690,CVE-2017-13725
Sources used:
openSUSE Leap 42.3 (src):    tcpdump-4.9.2-9.1
openSUSE Leap 42.2 (src):    tcpdump-4.9.2-6.6.1
Comment 10 Marcus Meissner 2018-08-29 13:46:53 UTC
released