On Jan 20, 2004, at 10:50 AM, Michael Richardson wrote:
[EMAIL PROTECTED]> code. so plan to edit current 3.8.1 by comparing with cvs source."[EMAIL PROTECTED]" == [EMAIL PROTECTED] net <[EMAIL PROTECTED]> writes:
[EMAIL PROTECTED]> Is there only following file changes? [EMAIL PROTECTED]> like in print-isakmp.c, print-radius.c
3.8.1 has the latest fixes already. What makes you think otherwise?
% cvs log print-isakmp.c
...
symbolic names:
tcpdump_3_8rel1: 1.36.2.5
tcpdump_3_8: 1.36.0.2
tcpdump_3_8_bp: 1.36...
revision 1.36.2.6 date: 2004/01/07 07:53:17; author: hannes; state: Exp; lines: +9 -1 bugfix from Jonathan Heusser <[EMAIL PROTECTED]>
The first critical piece of code is found in print-isakmp.c:332. The function rawprint() does not check its arguments thus it's easy for an attacker to pass a big 'len' or a bogus 'loc' leading to a segmentation fault in the for loop.
The second bug is located in print-radius.c:471. The for loop of print_attr_string() is written in an unsafe manner. 'length' and 'data' should be checked.
...
I.e., 3.8.1 has revision 1.36.2.5 of print-isakmp.c, which doesn't have Jonathan Heusser's fixes. As those were checked in with the print-radius.c fixes, presumably those are also not in 3.8.1.
- This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:[EMAIL PROTECTED]
