Vigil@nce - tcpdump: memory corruption via PPP
January 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can generate a memory corruption via PPP in tcpdump,
in order to trigger a denial of service, and possibly to execute
code.
Impacted products: Debian, Fedora, MBS, Ubuntu, Unix (platform)
Severity: 2/4
Creation date: 18/12/2014
DESCRIPTION OF THE VULNERABILITY
The tcpdump program captures network frames and displays their
contents.
However, a malicious PPP packet triggers an overflow in the
ppp_hdlc() function of the print-ppp.c file.
An attacker can therefore generate a memory corruption via PPP in
tcpdump, in order to trigger a denial of service, and possibly to
execute code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/tcpdump-memory-corruption-via-PPP-15841