Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

ArchLinux: 201905-5 High Severity: Tcpreplay Multiple Issues

Archlinux Large Esm H446
The package tcpreplay before version 4.3.2-1 is vulnerable to multiple issues including arbitrary code execution and denial of service.
Arch Linux Security Advisory ASA-201905-5
========================================
Severity: High
Date    : 2019-05-06
CVE-ID  : CVE-2019-8376 CVE-2019-8377 CVE-2019-8381
Package : tcpreplay
Type    : multiple issues
Remote  : Yes
Link    : https://security.archlinux.org/AVG-902

Summary
======
The package tcpreplay before version 4.3.2-1 is vulnerable to multiple
issues including arbitrary code execution and denial of service.

Resolution
=========
Upgrade to 4.3.2-1.

# pacman -Syu "tcpreplay>=4.3.2-1"

The problems have been fixed upstream in version 4.3.2.

Workaround
=========
None.

Description
==========
- CVE-2019-8376 (denial of service)

An issue was discovered in tcpreplay 4.3.1. A NULL pointer dereference
occurred in the function get_layer4_v6() located at get.c. This can be
triggered by sending a crafted pcap file to the tcpreplay-edit binary.
It allows an attacker to cause a Denial of Service (Segmentation fault)
or possibly have unspecified other impact.

- CVE-2019-8377 (denial of service)

An issue was discovered in tcpreplay 4.3.1. A NULL pointer dereference
occurred in the function get_ipv6_l4proto() located at get.c. This can
be triggered by sending a crafted pcap file to the tcpreplay-edit
binary. It allows an attacker to cause a Denial of Service
(Segmentation fault) or possibly have unspecified other impact.

- CVE-2019-8381 (arbitrary code execution)

An issue was discovered in tcpreplay 4.3.1. An invalid memory access
occurs in do_checksum in checksum.c. It can be triggered by sending a
crafted pcap file to the tcpreplay-edit binary. It allows an attacker
to cause a Denial of Service (Segmentation fault) or possibly have
unspecified other impact.

Impact
=====
A remote attacker is able to cause a denial of service, or execute
arbitrary code, with a specially crafted pcap file.

References
=========
https://github.com/appneta/tcpreplay/issues/537
https://www.loginsoft.com/zero-day-discovery/cve-2019-8376-null-pointer-dereference-vulnerability-in-function-get-layer4-v6-tcpreplay-4-3-1
https://github.com/appneta/tcpreplay/issues/536
https://www.loginsoft.com/zero-day-discovery/cve-2019-8377-null-pointer-dereference-vulnerability-in-function-get-ipv6-l4proto-tcpreplay-4-3-1
https://www.loginsoft.com/zero-day-discovery/cve-2019-8381-invalid-memory-access-vulnerability-in-function-do-checksum-tcpreplay-4-3-1
https://github.com/appneta/tcpreplay/issues/538
https://github.com/appneta/tcpreplay/pull/548/commits/dae97cbafc5c06ebbc6b34e76ba614104f1b73e1
https://security.archlinux.org/CVE-2019-8376
https://security.archlinux.org/CVE-2019-8377
https://security.archlinux.org/CVE-2019-8381
Your message here