Ubuntu 12.04
wget https://github.com/mudongliang/source-packages/raw/master/CVE-2014-8768/tcpdump-4.6.1.tar.gz tar -xvf tcpdump-4.6.1.tar.gz cd tcpdump-4.6.1 ./configure make Server:
sudo python exploit.py Client:
sudo tcpdump -i lo -s 0 -n -v tcpdump 'geonet_print()' Function Denial of Service Vulnerability
tcpdump 4.6.2 - Geonet Decoder Denial of Service
The application decoder for the geonet protocol fails to perform external input validation and performs insufficient checking on length computations leading to an unsafe decrement and underflow in the function
geonet_print(netdissect_options *ndo, const u_char *eth, const u_char *bp, u_int length) The affected variable is length which is later on used to print a memory chunk which eventually leads to a segfault. The function contains several unsafe computations updating the length variable.
--- tcpdump-tcpdump_4.5/print-geonet.c 2014-02-17 05:58:41.000000000 +0700 +++ print-geonet.c 2014-11-21 10:06:58.590217933 +0700 @@ -237,6 +237,12 @@ printf("Malformed (small) "); } + /* Checking length before print */ + u_int caplength; + caplength = (ndo->ndo_snapend >= bp) ? ndo->ndo_snapend - bp : 0; + if (length > caplength) + length = caplength; + /* Print user data part */ if (ndo->ndo_vflag) default_print(bp, length); CVE-2014-8768 tcpdump denial of service in verbose mode using malformed Geonet payload