Bug 1047873 - (CVE-2017-11108) VUL-0: CVE-2017-11108: tcpdump: Crafted input allows for remote denial of service
(CVE-2017-11108)
VUL-0: CVE-2017-11108: tcpdump: Crafted input allows for remote denial of ser...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/188209/
CVSSv2:SUSE:CVE-2017-11108:7.1:(AV:N...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-07-10 06:40 UTC by Johannes Segitz
Modified: 2020-06-10 07:58 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
Reproducer (2.88 KB, application/octet-stream)
2017-07-10 06:40 UTC, Johannes Segitz
Details
Patch for SLE-11 and 12. (796 bytes, application/gzip)
2017-07-25 13:28 UTC, Pedro Monreal Gonzalez
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2017-07-10 06:40:56 UTC
Created attachment 731699 [details]
Reproducer

rh#1468504

tcpdump 4.9.0 allows remote attackers to cause a denial of service (heap-based
buffer over-read and application crash) via crafted packet data. The crash
occurs in the EXTRACT_16BITS function, called from the stp_print function for
the Spanning Tree Protocol.

valgrind tcpdump -ntr POC2

Tested on SLE 11 and 12

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1468504
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11108
http://www.cvedetails.com/cve/CVE-2017-11108/
Comment 1 Pedro Monreal Gonzalez 2017-07-25 10:14:30 UTC
Fixed upstream in version 4.9.1. See https://github.com/the-tcpdump-group/tcpdump/issues/616
Comment 2 Pedro Monreal Gonzalez 2017-07-25 13:28:09 UTC
Created attachment 733734 [details]
Patch for SLE-11 and 12.

Patch tested in SLE-12. Packages sent:

SUSE:SLE-12:Update     4.9.0    tcpdump-4.9.0-CVE-2017-11108.patch      sr#136368
SUSE:SLE-11:Update     3.9.8    tcpdump-3.9.8-CVE-2017-11108.patch      sr#136369
SUSE:SLE-10-SP3:Update 3.9.4    Not affected

Factory                4.9.0    tcpdump-4.9.0-CVE-2017-11108.patch      sr#512513
Leap:42.2:Update       Comes from SLE-12:Update
Leap:42.1:Update       Comes from SLE-12:Update
Comment 7 Swamp Workflow Management 2017-10-10 13:11:24 UTC
SUSE-SU-2017:2690-1: An update that fixes 5 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1047873,1057247
CVE References: CVE-2017-11108,CVE-2017-11541,CVE-2017-11542,CVE-2017-11543,CVE-2017-13011
Sources used:
SUSE Linux Enterprise Server 11-SP4 (src):    tcpdump-3.9.8-1.30.5.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    tcpdump-3.9.8-1.30.5.1
Comment 8 Swamp Workflow Management 2017-10-26 13:08:40 UTC
SUSE-SU-2017:2854-1: An update that fixes 90 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1047873,1057247
CVE References: CVE-2017-11108,CVE-2017-11541,CVE-2017-11542,CVE-2017-11543,CVE-2017-12893,CVE-2017-12894,CVE-2017-12895,CVE-2017-12896,CVE-2017-12897,CVE-2017-12898,CVE-2017-12899,CVE-2017-12900,CVE-2017-12901,CVE-2017-12902,CVE-2017-12985,CVE-2017-12986,CVE-2017-12987,CVE-2017-12988,CVE-2017-12989,CVE-2017-12990,CVE-2017-12991,CVE-2017-12992,CVE-2017-12993,CVE-2017-12994,CVE-2017-12995,CVE-2017-12996,CVE-2017-12997,CVE-2017-12998,CVE-2017-12999,CVE-2017-13000,CVE-2017-13001,CVE-2017-13002,CVE-2017-13003,CVE-2017-13004,CVE-2017-13005,CVE-2017-13006,CVE-2017-13007,CVE-2017-13008,CVE-2017-13009,CVE-2017-13010,CVE-2017-13011,CVE-2017-13012,CVE-2017-13013,CVE-2017-13014,CVE-2017-13015,CVE-2017-13016,CVE-2017-13017,CVE-2017-13018,CVE-2017-13019,CVE-2017-13020,CVE-2017-13021,CVE-2017-13022,CVE-2017-13023,CVE-2017-13024,CVE-2017-13025,CVE-2017-13026,CVE-2017-13027,CVE-2017-13028,CVE-2017-13029,CVE-2017-13030,CVE-2017-13031,CVE-2017-13032,CVE-2017-13033,CVE-2017-13034,CVE-2017-13035,CVE-2017-13036,CVE-2017-13037,CVE-2017-13038,CVE-2017-13039,CVE-2017-13040,CVE-2017-13041,CVE-2017-13042,CVE-2017-13043,CVE-2017-13044,CVE-2017-13045,CVE-2017-13046,CVE-2017-13047,CVE-2017-13048,CVE-2017-13049,CVE-2017-13050,CVE-2017-13051,CVE-2017-13052,CVE-2017-13053,CVE-2017-13054,CVE-2017-13055,CVE-2017-13687,CVE-2017-13688,CVE-2017-13689,CVE-2017-13690,CVE-2017-13725
Sources used:
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    tcpdump-4.9.2-14.5.1
SUSE Linux Enterprise Server 12-SP3 (src):    tcpdump-4.9.2-14.5.1
SUSE Linux Enterprise Server 12-SP2 (src):    tcpdump-4.9.2-14.5.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    tcpdump-4.9.2-14.5.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    tcpdump-4.9.2-14.5.1
Comment 9 Swamp Workflow Management 2017-10-27 22:08:56 UTC
openSUSE-SU-2017:2875-1: An update that fixes 90 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1047873,1057247
CVE References: CVE-2017-11108,CVE-2017-11541,CVE-2017-11542,CVE-2017-11543,CVE-2017-12893,CVE-2017-12894,CVE-2017-12895,CVE-2017-12896,CVE-2017-12897,CVE-2017-12898,CVE-2017-12899,CVE-2017-12900,CVE-2017-12901,CVE-2017-12902,CVE-2017-12985,CVE-2017-12986,CVE-2017-12987,CVE-2017-12988,CVE-2017-12989,CVE-2017-12990,CVE-2017-12991,CVE-2017-12992,CVE-2017-12993,CVE-2017-12994,CVE-2017-12995,CVE-2017-12996,CVE-2017-12997,CVE-2017-12998,CVE-2017-12999,CVE-2017-13000,CVE-2017-13001,CVE-2017-13002,CVE-2017-13003,CVE-2017-13004,CVE-2017-13005,CVE-2017-13006,CVE-2017-13007,CVE-2017-13008,CVE-2017-13009,CVE-2017-13010,CVE-2017-13011,CVE-2017-13012,CVE-2017-13013,CVE-2017-13014,CVE-2017-13015,CVE-2017-13016,CVE-2017-13017,CVE-2017-13018,CVE-2017-13019,CVE-2017-13020,CVE-2017-13021,CVE-2017-13022,CVE-2017-13023,CVE-2017-13024,CVE-2017-13025,CVE-2017-13026,CVE-2017-13027,CVE-2017-13028,CVE-2017-13029,CVE-2017-13030,CVE-2017-13031,CVE-2017-13032,CVE-2017-13033,CVE-2017-13034,CVE-2017-13035,CVE-2017-13036,CVE-2017-13037,CVE-2017-13038,CVE-2017-13039,CVE-2017-13040,CVE-2017-13041,CVE-2017-13042,CVE-2017-13043,CVE-2017-13044,CVE-2017-13045,CVE-2017-13046,CVE-2017-13047,CVE-2017-13048,CVE-2017-13049,CVE-2017-13050,CVE-2017-13051,CVE-2017-13052,CVE-2017-13053,CVE-2017-13054,CVE-2017-13055,CVE-2017-13687,CVE-2017-13688,CVE-2017-13689,CVE-2017-13690,CVE-2017-13725
Sources used:
openSUSE Leap 42.3 (src):    tcpdump-4.9.2-9.1
openSUSE Leap 42.2 (src):    tcpdump-4.9.2-6.6.1
Comment 10 Marcus Meissner 2018-08-29 13:46:53 UTC
released