I tested this in a precise container. precise-proposed didn't seem to
behave any differently from precise. I think verification has failed.
In particular, with precise-proposed version, my tcpdump still showed:
tcpdump: listening on vdetesttap, link-type EN10MB (Ethernet), capture size
65535 bytes
18:50:45.256019 01:23:45:67:89:ab > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800),
length 1022: IP0 bad-hlen 0
18:50:45.256037 01:23:45:67:89:ab > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800),
length 1021: IP0 bad-hlen 0
18:50:45.256041 23:45:67:89:ab:08 > ff:ff:ff:ff:ff:01, 802.3, length 256: LLC,
dsap Null (0x00) Individual, ssap Null (0x00) Command, ctrl 0x0000:
Information, send seq 0, rcv seq 0, Flags [Command], length 242
18:50:45.256045 41:41:41:41:41:41 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806),
length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 10.255.254.2 tell
10.255.254.1, length 28
18:50:46.258158 01:23:45:67:89:ab > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800),
length 1022: IP0 bad-hlen 0
18:50:46.258167 01:23:45:67:89:ab > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800),
length 1021: IP0 bad-hlen 0
18:50:46.258171 23:45:67:89:ab:08 > ff:ff:ff:ff:ff:01, 802.3, length 256: LLC,
dsap Null (0x00) Individual, ssap Null (0x00) Command, ctrl 0x0000:
Information, send seq 0, rcv seq 0, Flags [Command], length 242
18:50:46.258176 41:41:41:41:41:41 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806),
length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 10.255.254.2 tell
10.255.254.1, length 28
18:50:46.887438 56:c0:aa:55:b0:cf > 33:33:00:00:00:02, ethertype IPv6 (0x86dd),
length 70: (hlim 255, next-header ICMPv6 (58) payload length: 16)
fe80::54c0:aaff:fe55:b0cf > ff02::2: [icmp6 sum ok] ICMP6, router solicitation,
length 16
source link-address option (1), length 8 (1): 56:c0:aa:55:b0:cf
0x0000: 56c0 aa55 b0cf
18:50:47.260185 01:23:45:67:89:ab > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800),
length 1022: IP0 bad-hlen 0
18:50:47.260202 01:23:45:67:89:ab > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800),
length 1021: IP0 bad-hlen 0
18:50:47.260205 23:45:67:89:ab:08 > ff:ff:ff:ff:ff:01, 802.3, length 256: LLC,
dsap Null (0x00) Individual, ssap Null (0x00) Command, ctrl 0x0000:
Information, send seq 0, rcv seq 0, Flags [Command], length 242
18:50:47.260209 41:41:41:41:41:41 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806),
length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 10.255.254.2 tell
10.255.254.1, length 28
18:50:48.262737 01:23:45:67:89:ab > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800),
length 1022: IP0 bad-hlen 0
18:50:48.262766 01:23:45:67:89:ab > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800),
length 1021: IP0 bad-hlen 0
18:50:48.262770 23:45:67:89:ab:08 > ff:ff:ff:ff:ff:01, 802.3, length 256: LLC,
dsap Null (0x00) Individual, ssap Null (0x00) Command, ctrl 0x0000:
Information, send seq 0, rcv seq 0, Flags [Command], length 242
18:50:48.262774 41:41:41:41:41:41 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806),
length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 10.255.254.2 tell
10.255.254.1, length 28
18:50:49.265264 01:23:45:67:89:ab > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800),
length 1022: IP0 bad-hlen 0
18:50:49.265279 01:23:45:67:89:ab > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800),
length 1021: IP0 bad-hlen 0
18:50:49.265282 23:45:67:89:ab:08 > ff:ff:ff:ff:ff:01, 802.3, length 256: LLC,
dsap Null (0x00) Individual, ssap Null (0x00) Command, ctrl 0x0000:
Information, send seq 0, rcv seq 0, Flags [Command], length 242
18:50:49.265286 41:41:41:41:41:41 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806),
length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 10.255.254.2 tell
10.255.254.1, length 28
This looks the same as the error case reported at
http://www.halfdog.net/Security/VdeNetBufferBug/
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/629439
Title:
Bug vde_plug input handling can cause either frame loss/corruption or
buffer overread by 1
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vde2/+bug/629439/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
