2012-10-10 12:35:26 +00:00
|
|
|
--- a/Makefile.in
|
|
|
|
+++ b/Makefile.in
|
2017-02-11 15:38:59 +00:00
|
|
|
@@ -72,6 +72,80 @@ DEPENDENCY_CFLAG = @DEPENDENCY_CFLAG@
|
|
|
|
|
|
|
|
CSRC = setsignal.c tcpdump.c
|
2012-10-10 12:35:26 +00:00
|
|
|
|
|
|
|
+ifdef TCPDUMP_MINI
|
|
|
|
+
|
2017-02-11 15:38:59 +00:00
|
|
|
+LIBNETDISSECT_SRC=\
|
tcpdump: update to version 4.9.0
This fixes the following 41 security problems:
+ CVE-2016-7922: buffer overflow in print-ah.c:ah_print().
+ CVE-2016-7923: buffer overflow in print-arp.c:arp_print().
+ CVE-2016-7924: buffer overflow in print-atm.c:oam_print().
+ CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print().
+ CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print().
+ CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print().
+ CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print().
+ CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header().
+ CVE-2016-7930: buffer overflow in print-llc.c:llc_print().
+ CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print().
+ CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum().
+ CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print().
+ CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print().
+ CVE-2016-7935: buffer overflow in print-udp.c:rtp_print().
+ CVE-2016-7936: buffer overflow in print-udp.c:udp_print().
+ CVE-2016-7937: buffer overflow in print-udp.c:vat_print().
+ CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame().
+ CVE-2016-7939: buffer overflow in print-gre.c, multiple functions.
+ CVE-2016-7940: buffer overflow in print-stp.c, multiple functions.
+ CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions.
+ CVE-2016-7974: buffer overflow in print-ip.c, multiple functions.
+ CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print().
+ CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print().
+ CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print().
+ CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions.
+ CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print().
+ CVE-2016-7993: a bug in util-print.c:relts_print() could cause a
buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP,
lightweight resolver protocol, PIM).
+ CVE-2016-8574: buffer overflow in print-fr.c:frf15_print().
+ CVE-2016-8575: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print().
+ CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print().
+ CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print().
+ CVE-2017-5341: buffer overflow in print-otv.c:otv_print().
+ CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH,
OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in
print-ether.c:ether_print().
+ CVE-2017-5482: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse().
+ CVE-2017-5484: buffer overflow in print-atm.c:sig_print().
+ CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap().
+ CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print().
The size of the package is only incread very little:
new size:
306430 tcpdump_4.9.0-1_mips_24kc.ipk
130324 tcpdump-mini_4.9.0-1_mips_24kc.ipk
old size:
302782 tcpdump_4.8.1-1_mips_24kc.ipk
129033 tcpdump-mini_4.8.1-1_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-02-05 12:00:38 +00:00
|
|
|
+ netdissect.c \
|
2016-12-10 10:10:03 +00:00
|
|
|
+ addrtoname.c \
|
|
|
|
+ addrtostr.c \
|
|
|
|
+ af.c \
|
|
|
|
+ ascii_strcasecmp.c \
|
|
|
|
+ checksum.c \
|
|
|
|
+ cpack.c \
|
|
|
|
+ gmpls.c \
|
|
|
|
+ gmt2local.c \
|
|
|
|
+ in_cksum.c \
|
|
|
|
+ ipproto.c \
|
|
|
|
+ l2vpn.c \
|
|
|
|
+ machdep.c \
|
|
|
|
+ nlpid.c \
|
|
|
|
+ oui.c \
|
|
|
|
+ parsenfsfh.c \
|
|
|
|
+ print.c \
|
|
|
|
+ print-802_11.c \
|
|
|
|
+ print-aodv.c \
|
|
|
|
+ print-arp.c \
|
|
|
|
+ print-ascii.c \
|
|
|
|
+ print-bootp.c \
|
|
|
|
+ print-dhcp6.c \
|
|
|
|
+ print-domain.c \
|
|
|
|
+ print-eap.c \
|
|
|
|
+ print-ether.c \
|
|
|
|
+ print-ftp.c \
|
|
|
|
+ print-gre.c \
|
|
|
|
+ print-http.c \
|
|
|
|
+ print-icmp.c \
|
|
|
|
+ print-icmp6.c \
|
|
|
|
+ print-igmp.c \
|
|
|
|
+ print-ip.c \
|
|
|
|
+ print-ip6.c \
|
|
|
|
+ print-ip6opts.c \
|
|
|
|
+ print-ipnet.c \
|
|
|
|
+ print-l2tp.c \
|
|
|
|
+ print-llc.c \
|
|
|
|
+ print-lldp.c \
|
|
|
|
+ print-loopback.c \
|
|
|
|
+ print-nfs.c \
|
|
|
|
+ print-ntp.c \
|
|
|
|
+ print-null.c \
|
|
|
|
+ print-olsr.c \
|
|
|
|
+ print-ospf.c \
|
|
|
|
+ print-ospf6.c \
|
|
|
|
+ print-ppp.c \
|
|
|
|
+ print-pppoe.c \
|
|
|
|
+ print-pptp.c \
|
|
|
|
+ print-radius.c \
|
|
|
|
+ print-raw.c \
|
|
|
|
+ print-rsvp.c \
|
|
|
|
+ print-rt6.c \
|
|
|
|
+ print-rtsp.c \
|
|
|
|
+ print-sip.c \
|
|
|
|
+ print-sll.c \
|
|
|
|
+ print-smtp.c \
|
|
|
|
+ print-snmp.c \
|
|
|
|
+ print-stp.c \
|
|
|
|
+ print-sunrpc.c \
|
|
|
|
+ print-syslog.c \
|
|
|
|
+ print-tcp.c \
|
|
|
|
+ print-telnet.c \
|
|
|
|
+ print-tftp.c \
|
|
|
|
+ print-udp.c \
|
|
|
|
+ signature.c \
|
|
|
|
+ strtoaddr.c \
|
|
|
|
+ util-print.c
|
2012-10-10 12:35:26 +00:00
|
|
|
+
|
|
|
|
+else
|
|
|
|
+
|
2016-12-10 10:10:03 +00:00
|
|
|
LIBNETDISSECT_SRC=\
|
2017-02-11 15:38:59 +00:00
|
|
|
addrtoname.c \
|
|
|
|
addrtostr.c \
|
|
|
|
@@ -237,6 +311,8 @@ LIBNETDISSECT_SRC=\
|
2016-12-10 10:10:03 +00:00
|
|
|
strtoaddr.c \
|
|
|
|
util-print.c
|
2012-10-10 12:35:26 +00:00
|
|
|
|
|
|
|
+endif
|
|
|
|
+
|
|
|
|
LOCALSRC = @LOCALSRC@
|
|
|
|
GENSRC = version.c
|
|
|
|
LIBOBJS = @LIBOBJS@
|
|
|
|
--- a/addrtoname.c
|
|
|
|
+++ b/addrtoname.c
|
2017-09-10 19:27:26 +00:00
|
|
|
@@ -578,8 +578,10 @@ linkaddr_string(netdissect_options *ndo,
|
2012-10-10 12:35:26 +00:00
|
|
|
if (type == LINKADDR_ETHER && len == ETHER_ADDR_LEN)
|
2016-12-10 10:10:03 +00:00
|
|
|
return (etheraddr_string(ndo, ep));
|
|
|
|
|
2012-10-10 12:35:26 +00:00
|
|
|
+#ifndef TCPDUMP_MINI
|
|
|
|
if (type == LINKADDR_FRELAY)
|
2016-12-10 10:10:03 +00:00
|
|
|
return (q922_string(ndo, ep, len));
|
2012-10-10 12:35:26 +00:00
|
|
|
+#endif
|
2016-12-10 10:10:03 +00:00
|
|
|
|
|
|
|
tp = lookup_bytestring(ndo, ep, len);
|
2017-09-10 19:27:26 +00:00
|
|
|
if (tp->bs_name)
|
|
|
|
@@ -1214,6 +1216,7 @@ init_addrtoname(netdissect_options *ndo,
|
2016-12-10 10:10:03 +00:00
|
|
|
init_ipxsaparray(ndo);
|
2012-10-10 12:35:26 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
+#ifndef TCPDUMP_MINI
|
|
|
|
const char *
|
2016-12-10 10:10:03 +00:00
|
|
|
dnaddr_string(netdissect_options *ndo, u_short dnaddr)
|
2012-10-10 12:35:26 +00:00
|
|
|
{
|
2017-09-10 19:27:26 +00:00
|
|
|
@@ -1233,6 +1236,7 @@ dnaddr_string(netdissect_options *ndo, u
|
2012-10-10 12:35:26 +00:00
|
|
|
|
|
|
|
return(tp->name);
|
|
|
|
}
|
|
|
|
+#endif
|
|
|
|
|
|
|
|
/* Return a zero'ed hnamemem struct and cuts down on calloc() overhead */
|
|
|
|
struct hnamemem *
|
2016-12-10 10:10:03 +00:00
|
|
|
--- a/print.c
|
|
|
|
+++ b/print.c
|
|
|
|
@@ -48,6 +48,7 @@ static const struct printer printers[] =
|
|
|
|
#ifdef DLT_IPNET
|
|
|
|
{ ipnet_if_print, DLT_IPNET },
|
|
|
|
#endif
|
|
|
|
+#ifndef TCPDUMP_MINI
|
|
|
|
#ifdef DLT_IEEE802_15_4
|
|
|
|
{ ieee802_15_4_if_print, DLT_IEEE802_15_4 },
|
|
|
|
#endif
|
|
|
|
@@ -57,12 +58,14 @@ static const struct printer printers[] =
|
|
|
|
#ifdef DLT_PPI
|
|
|
|
{ ppi_if_print, DLT_PPI },
|
|
|
|
#endif
|
|
|
|
+#endif
|
|
|
|
#ifdef DLT_NETANALYZER
|
|
|
|
{ netanalyzer_if_print, DLT_NETANALYZER },
|
|
|
|
#endif
|
|
|
|
#ifdef DLT_NETANALYZER_TRANSPARENT
|
|
|
|
{ netanalyzer_transparent_if_print, DLT_NETANALYZER_TRANSPARENT },
|
|
|
|
#endif
|
|
|
|
+#ifndef TCPDUMP_MINI
|
|
|
|
#if defined(DLT_NFLOG) && defined(HAVE_PCAP_NFLOG_H)
|
|
|
|
{ nflog_if_print, DLT_NFLOG},
|
|
|
|
#endif
|
|
|
|
@@ -75,10 +78,12 @@ static const struct printer printers[] =
|
|
|
|
#ifdef DLT_IP_OVER_FC
|
|
|
|
{ ipfc_if_print, DLT_IP_OVER_FC },
|
|
|
|
#endif
|
|
|
|
+#endif
|
|
|
|
{ null_if_print, DLT_NULL },
|
|
|
|
#ifdef DLT_LOOP
|
|
|
|
{ null_if_print, DLT_LOOP },
|
|
|
|
#endif
|
|
|
|
+#ifndef TCPDUMP_MINI
|
|
|
|
#ifdef DLT_APPLE_IP_OVER_IEEE1394
|
|
|
|
{ ap1394_if_print, DLT_APPLE_IP_OVER_IEEE1394 },
|
|
|
|
#endif
|
|
|
|
@@ -92,7 +97,9 @@ static const struct printer printers[] =
|
|
|
|
#ifdef DLT_ARCNET_LINUX
|
|
|
|
{ arcnet_linux_if_print, DLT_ARCNET_LINUX },
|
|
|
|
#endif
|
|
|
|
+#endif
|
|
|
|
{ raw_if_print, DLT_RAW },
|
|
|
|
+#ifndef TCPDUMP_MINI
|
|
|
|
#ifdef DLT_IPV4
|
|
|
|
{ raw_if_print, DLT_IPV4 },
|
|
|
|
#endif
|
|
|
|
@@ -116,17 +123,21 @@ static const struct printer printers[] =
|
|
|
|
#ifdef DLT_HDLC
|
|
|
|
{ chdlc_if_print, DLT_HDLC },
|
|
|
|
#endif
|
|
|
|
+#endif
|
|
|
|
#ifdef DLT_PPP_ETHER
|
|
|
|
{ pppoe_if_print, DLT_PPP_ETHER },
|
|
|
|
#endif
|
|
|
|
+#ifndef TCPDUMP_MINI
|
|
|
|
#if defined(DLT_PFLOG) && defined(HAVE_NET_IF_PFLOG_H)
|
|
|
|
{ pflog_if_print, DLT_PFLOG },
|
|
|
|
#endif
|
|
|
|
{ token_if_print, DLT_IEEE802 },
|
|
|
|
{ fddi_if_print, DLT_FDDI },
|
|
|
|
+#endif
|
|
|
|
#ifdef DLT_LINUX_SLL
|
|
|
|
{ sll_if_print, DLT_LINUX_SLL },
|
|
|
|
#endif
|
|
|
|
+#ifndef TCPDUMP_MINI
|
|
|
|
#ifdef DLT_FR
|
|
|
|
{ fr_if_print, DLT_FR },
|
|
|
|
#endif
|
|
|
|
@@ -198,6 +209,7 @@ static const struct printer printers[] =
|
|
|
|
#ifdef DLT_PKTAP
|
|
|
|
{ pktap_if_print, DLT_PKTAP },
|
|
|
|
#endif
|
|
|
|
+#endif
|
|
|
|
#ifdef DLT_IEEE802_11_RADIO
|
|
|
|
{ ieee802_11_radio_if_print, DLT_IEEE802_11_RADIO },
|
|
|
|
#endif
|
|
|
|
@@ -214,12 +226,14 @@ static const struct printer printers[] =
|
|
|
|
#ifdef DLT_PPP_WITHDIRECTION
|
|
|
|
{ ppp_if_print, DLT_PPP_WITHDIRECTION },
|
|
|
|
#endif
|
|
|
|
+#ifndef TCPDUMP_MINI
|
|
|
|
#ifdef DLT_PPP_BSDOS
|
|
|
|
{ ppp_bsdos_if_print, DLT_PPP_BSDOS },
|
|
|
|
#endif
|
|
|
|
#ifdef DLT_PPP_SERIAL
|
|
|
|
{ ppp_hdlc_if_print, DLT_PPP_SERIAL },
|
|
|
|
#endif
|
|
|
|
+#endif
|
|
|
|
{ NULL, 0 },
|
|
|
|
};
|
|
|
|
|
2012-10-10 12:35:26 +00:00
|
|
|
--- a/print-ether.c
|
|
|
|
+++ b/print-ether.c
|
tcpdump: update to version 4.9.0
This fixes the following 41 security problems:
+ CVE-2016-7922: buffer overflow in print-ah.c:ah_print().
+ CVE-2016-7923: buffer overflow in print-arp.c:arp_print().
+ CVE-2016-7924: buffer overflow in print-atm.c:oam_print().
+ CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print().
+ CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print().
+ CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print().
+ CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print().
+ CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header().
+ CVE-2016-7930: buffer overflow in print-llc.c:llc_print().
+ CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print().
+ CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum().
+ CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print().
+ CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print().
+ CVE-2016-7935: buffer overflow in print-udp.c:rtp_print().
+ CVE-2016-7936: buffer overflow in print-udp.c:udp_print().
+ CVE-2016-7937: buffer overflow in print-udp.c:vat_print().
+ CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame().
+ CVE-2016-7939: buffer overflow in print-gre.c, multiple functions.
+ CVE-2016-7940: buffer overflow in print-stp.c, multiple functions.
+ CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions.
+ CVE-2016-7974: buffer overflow in print-ip.c, multiple functions.
+ CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print().
+ CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print().
+ CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print().
+ CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions.
+ CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print().
+ CVE-2016-7993: a bug in util-print.c:relts_print() could cause a
buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP,
lightweight resolver protocol, PIM).
+ CVE-2016-8574: buffer overflow in print-fr.c:frf15_print().
+ CVE-2016-8575: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print().
+ CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print().
+ CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print().
+ CVE-2017-5341: buffer overflow in print-otv.c:otv_print().
+ CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH,
OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in
print-ether.c:ether_print().
+ CVE-2017-5482: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse().
+ CVE-2017-5484: buffer overflow in print-atm.c:sig_print().
+ CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap().
+ CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print().
The size of the package is only incread very little:
new size:
306430 tcpdump_4.9.0-1_mips_24kc.ipk
130324 tcpdump-mini_4.9.0-1_mips_24kc.ipk
old size:
302782 tcpdump_4.8.1-1_mips_24kc.ipk
129033 tcpdump-mini_4.8.1-1_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-02-05 12:00:38 +00:00
|
|
|
@@ -342,6 +342,7 @@ ethertype_print(netdissect_options *ndo,
|
2016-12-10 10:10:03 +00:00
|
|
|
arp_print(ndo, p, length, caplen);
|
2012-10-10 12:35:26 +00:00
|
|
|
return (1);
|
|
|
|
|
|
|
|
+#ifndef TCPDUMP_MINI
|
|
|
|
case ETHERTYPE_DN:
|
2016-12-10 10:10:03 +00:00
|
|
|
decnet_print(ndo, p, length, caplen);
|
2012-10-10 12:35:26 +00:00
|
|
|
return (1);
|
tcpdump: update to version 4.9.0
This fixes the following 41 security problems:
+ CVE-2016-7922: buffer overflow in print-ah.c:ah_print().
+ CVE-2016-7923: buffer overflow in print-arp.c:arp_print().
+ CVE-2016-7924: buffer overflow in print-atm.c:oam_print().
+ CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print().
+ CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print().
+ CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print().
+ CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print().
+ CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header().
+ CVE-2016-7930: buffer overflow in print-llc.c:llc_print().
+ CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print().
+ CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum().
+ CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print().
+ CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print().
+ CVE-2016-7935: buffer overflow in print-udp.c:rtp_print().
+ CVE-2016-7936: buffer overflow in print-udp.c:udp_print().
+ CVE-2016-7937: buffer overflow in print-udp.c:vat_print().
+ CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame().
+ CVE-2016-7939: buffer overflow in print-gre.c, multiple functions.
+ CVE-2016-7940: buffer overflow in print-stp.c, multiple functions.
+ CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions.
+ CVE-2016-7974: buffer overflow in print-ip.c, multiple functions.
+ CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print().
+ CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print().
+ CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print().
+ CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions.
+ CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print().
+ CVE-2016-7993: a bug in util-print.c:relts_print() could cause a
buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP,
lightweight resolver protocol, PIM).
+ CVE-2016-8574: buffer overflow in print-fr.c:frf15_print().
+ CVE-2016-8575: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print().
+ CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print().
+ CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print().
+ CVE-2017-5341: buffer overflow in print-otv.c:otv_print().
+ CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH,
OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in
print-ether.c:ether_print().
+ CVE-2017-5482: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse().
+ CVE-2017-5484: buffer overflow in print-atm.c:sig_print().
+ CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap().
+ CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print().
The size of the package is only incread very little:
new size:
306430 tcpdump_4.9.0-1_mips_24kc.ipk
130324 tcpdump-mini_4.9.0-1_mips_24kc.ipk
old size:
302782 tcpdump_4.8.1-1_mips_24kc.ipk
129033 tcpdump-mini_4.8.1-1_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-02-05 12:00:38 +00:00
|
|
|
@@ -368,6 +369,7 @@ ethertype_print(netdissect_options *ndo,
|
|
|
|
}
|
2017-09-10 19:27:26 +00:00
|
|
|
isoclns_print(ndo, p + 1, length - 1);
|
2016-12-10 10:10:03 +00:00
|
|
|
return(1);
|
2012-10-10 12:35:26 +00:00
|
|
|
+#endif
|
|
|
|
|
|
|
|
case ETHERTYPE_PPPOED:
|
|
|
|
case ETHERTYPE_PPPOES:
|
tcpdump: update to version 4.9.0
This fixes the following 41 security problems:
+ CVE-2016-7922: buffer overflow in print-ah.c:ah_print().
+ CVE-2016-7923: buffer overflow in print-arp.c:arp_print().
+ CVE-2016-7924: buffer overflow in print-atm.c:oam_print().
+ CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print().
+ CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print().
+ CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print().
+ CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print().
+ CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header().
+ CVE-2016-7930: buffer overflow in print-llc.c:llc_print().
+ CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print().
+ CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum().
+ CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print().
+ CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print().
+ CVE-2016-7935: buffer overflow in print-udp.c:rtp_print().
+ CVE-2016-7936: buffer overflow in print-udp.c:udp_print().
+ CVE-2016-7937: buffer overflow in print-udp.c:vat_print().
+ CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame().
+ CVE-2016-7939: buffer overflow in print-gre.c, multiple functions.
+ CVE-2016-7940: buffer overflow in print-stp.c, multiple functions.
+ CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions.
+ CVE-2016-7974: buffer overflow in print-ip.c, multiple functions.
+ CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print().
+ CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print().
+ CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print().
+ CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions.
+ CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print().
+ CVE-2016-7993: a bug in util-print.c:relts_print() could cause a
buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP,
lightweight resolver protocol, PIM).
+ CVE-2016-8574: buffer overflow in print-fr.c:frf15_print().
+ CVE-2016-8575: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print().
+ CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print().
+ CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print().
+ CVE-2017-5341: buffer overflow in print-otv.c:otv_print().
+ CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH,
OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in
print-ether.c:ether_print().
+ CVE-2017-5482: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse().
+ CVE-2017-5484: buffer overflow in print-atm.c:sig_print().
+ CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap().
+ CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print().
The size of the package is only incread very little:
new size:
306430 tcpdump_4.9.0-1_mips_24kc.ipk
130324 tcpdump-mini_4.9.0-1_mips_24kc.ipk
old size:
302782 tcpdump_4.8.1-1_mips_24kc.ipk
129033 tcpdump-mini_4.8.1-1_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-02-05 12:00:38 +00:00
|
|
|
@@ -380,9 +382,11 @@ ethertype_print(netdissect_options *ndo,
|
2012-10-10 12:35:26 +00:00
|
|
|
eap_print(ndo, p, length);
|
|
|
|
return (1);
|
|
|
|
|
|
|
|
+#ifndef TCPDUMP_MINI
|
|
|
|
case ETHERTYPE_RRCP:
|
tcpdump: update to version 4.9.0
This fixes the following 41 security problems:
+ CVE-2016-7922: buffer overflow in print-ah.c:ah_print().
+ CVE-2016-7923: buffer overflow in print-arp.c:arp_print().
+ CVE-2016-7924: buffer overflow in print-atm.c:oam_print().
+ CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print().
+ CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print().
+ CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print().
+ CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print().
+ CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header().
+ CVE-2016-7930: buffer overflow in print-llc.c:llc_print().
+ CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print().
+ CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum().
+ CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print().
+ CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print().
+ CVE-2016-7935: buffer overflow in print-udp.c:rtp_print().
+ CVE-2016-7936: buffer overflow in print-udp.c:udp_print().
+ CVE-2016-7937: buffer overflow in print-udp.c:vat_print().
+ CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame().
+ CVE-2016-7939: buffer overflow in print-gre.c, multiple functions.
+ CVE-2016-7940: buffer overflow in print-stp.c, multiple functions.
+ CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions.
+ CVE-2016-7974: buffer overflow in print-ip.c, multiple functions.
+ CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print().
+ CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print().
+ CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print().
+ CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions.
+ CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print().
+ CVE-2016-7993: a bug in util-print.c:relts_print() could cause a
buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP,
lightweight resolver protocol, PIM).
+ CVE-2016-8574: buffer overflow in print-fr.c:frf15_print().
+ CVE-2016-8575: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print().
+ CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print().
+ CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print().
+ CVE-2017-5341: buffer overflow in print-otv.c:otv_print().
+ CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH,
OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in
print-ether.c:ether_print().
+ CVE-2017-5482: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse().
+ CVE-2017-5484: buffer overflow in print-atm.c:sig_print().
+ CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap().
+ CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print().
The size of the package is only incread very little:
new size:
306430 tcpdump_4.9.0-1_mips_24kc.ipk
130324 tcpdump-mini_4.9.0-1_mips_24kc.ipk
old size:
302782 tcpdump_4.8.1-1_mips_24kc.ipk
129033 tcpdump-mini_4.8.1-1_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-02-05 12:00:38 +00:00
|
|
|
rrcp_print(ndo, p, length, src, dst);
|
2012-10-10 12:35:26 +00:00
|
|
|
return (1);
|
|
|
|
+#endif
|
|
|
|
|
|
|
|
case ETHERTYPE_PPP:
|
|
|
|
if (length) {
|
tcpdump: update to version 4.9.0
This fixes the following 41 security problems:
+ CVE-2016-7922: buffer overflow in print-ah.c:ah_print().
+ CVE-2016-7923: buffer overflow in print-arp.c:arp_print().
+ CVE-2016-7924: buffer overflow in print-atm.c:oam_print().
+ CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print().
+ CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print().
+ CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print().
+ CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print().
+ CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header().
+ CVE-2016-7930: buffer overflow in print-llc.c:llc_print().
+ CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print().
+ CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum().
+ CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print().
+ CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print().
+ CVE-2016-7935: buffer overflow in print-udp.c:rtp_print().
+ CVE-2016-7936: buffer overflow in print-udp.c:udp_print().
+ CVE-2016-7937: buffer overflow in print-udp.c:vat_print().
+ CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame().
+ CVE-2016-7939: buffer overflow in print-gre.c, multiple functions.
+ CVE-2016-7940: buffer overflow in print-stp.c, multiple functions.
+ CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions.
+ CVE-2016-7974: buffer overflow in print-ip.c, multiple functions.
+ CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print().
+ CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print().
+ CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print().
+ CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions.
+ CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print().
+ CVE-2016-7993: a bug in util-print.c:relts_print() could cause a
buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP,
lightweight resolver protocol, PIM).
+ CVE-2016-8574: buffer overflow in print-fr.c:frf15_print().
+ CVE-2016-8575: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print().
+ CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print().
+ CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print().
+ CVE-2017-5341: buffer overflow in print-otv.c:otv_print().
+ CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH,
OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in
print-ether.c:ether_print().
+ CVE-2017-5482: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse().
+ CVE-2017-5484: buffer overflow in print-atm.c:sig_print().
+ CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap().
+ CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print().
The size of the package is only incread very little:
new size:
306430 tcpdump_4.9.0-1_mips_24kc.ipk
130324 tcpdump-mini_4.9.0-1_mips_24kc.ipk
old size:
302782 tcpdump_4.8.1-1_mips_24kc.ipk
129033 tcpdump-mini_4.8.1-1_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-02-05 12:00:38 +00:00
|
|
|
@@ -391,6 +395,7 @@ ethertype_print(netdissect_options *ndo,
|
2012-10-10 12:35:26 +00:00
|
|
|
}
|
|
|
|
return (1);
|
|
|
|
|
|
|
|
+#ifndef TCPDUMP_MINI
|
|
|
|
case ETHERTYPE_MPCP:
|
2016-12-10 10:10:03 +00:00
|
|
|
mpcp_print(ndo, p, length);
|
2012-10-10 12:35:26 +00:00
|
|
|
return (1);
|
tcpdump: update to version 4.9.0
This fixes the following 41 security problems:
+ CVE-2016-7922: buffer overflow in print-ah.c:ah_print().
+ CVE-2016-7923: buffer overflow in print-arp.c:arp_print().
+ CVE-2016-7924: buffer overflow in print-atm.c:oam_print().
+ CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print().
+ CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print().
+ CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print().
+ CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print().
+ CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header().
+ CVE-2016-7930: buffer overflow in print-llc.c:llc_print().
+ CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print().
+ CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum().
+ CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print().
+ CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print().
+ CVE-2016-7935: buffer overflow in print-udp.c:rtp_print().
+ CVE-2016-7936: buffer overflow in print-udp.c:udp_print().
+ CVE-2016-7937: buffer overflow in print-udp.c:vat_print().
+ CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame().
+ CVE-2016-7939: buffer overflow in print-gre.c, multiple functions.
+ CVE-2016-7940: buffer overflow in print-stp.c, multiple functions.
+ CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions.
+ CVE-2016-7974: buffer overflow in print-ip.c, multiple functions.
+ CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print().
+ CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print().
+ CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print().
+ CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions.
+ CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print().
+ CVE-2016-7993: a bug in util-print.c:relts_print() could cause a
buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP,
lightweight resolver protocol, PIM).
+ CVE-2016-8574: buffer overflow in print-fr.c:frf15_print().
+ CVE-2016-8575: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print().
+ CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print().
+ CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print().
+ CVE-2017-5341: buffer overflow in print-otv.c:otv_print().
+ CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH,
OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in
print-ether.c:ether_print().
+ CVE-2017-5482: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse().
+ CVE-2017-5484: buffer overflow in print-atm.c:sig_print().
+ CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap().
+ CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print().
The size of the package is only incread very little:
new size:
306430 tcpdump_4.9.0-1_mips_24kc.ipk
130324 tcpdump-mini_4.9.0-1_mips_24kc.ipk
old size:
302782 tcpdump_4.8.1-1_mips_24kc.ipk
129033 tcpdump-mini_4.8.1-1_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-02-05 12:00:38 +00:00
|
|
|
@@ -403,6 +408,7 @@ ethertype_print(netdissect_options *ndo,
|
2012-10-10 12:35:26 +00:00
|
|
|
case ETHERTYPE_CFM_OLD:
|
2016-12-10 10:10:03 +00:00
|
|
|
cfm_print(ndo, p, length);
|
2012-10-10 12:35:26 +00:00
|
|
|
return (1);
|
|
|
|
+#endif
|
2016-12-10 10:10:03 +00:00
|
|
|
|
2012-10-10 12:35:26 +00:00
|
|
|
case ETHERTYPE_LLDP:
|
2016-12-10 10:10:03 +00:00
|
|
|
lldp_print(ndo, p, length);
|
tcpdump: update to version 4.9.0
This fixes the following 41 security problems:
+ CVE-2016-7922: buffer overflow in print-ah.c:ah_print().
+ CVE-2016-7923: buffer overflow in print-arp.c:arp_print().
+ CVE-2016-7924: buffer overflow in print-atm.c:oam_print().
+ CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print().
+ CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print().
+ CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print().
+ CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print().
+ CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header().
+ CVE-2016-7930: buffer overflow in print-llc.c:llc_print().
+ CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print().
+ CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum().
+ CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print().
+ CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print().
+ CVE-2016-7935: buffer overflow in print-udp.c:rtp_print().
+ CVE-2016-7936: buffer overflow in print-udp.c:udp_print().
+ CVE-2016-7937: buffer overflow in print-udp.c:vat_print().
+ CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame().
+ CVE-2016-7939: buffer overflow in print-gre.c, multiple functions.
+ CVE-2016-7940: buffer overflow in print-stp.c, multiple functions.
+ CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions.
+ CVE-2016-7974: buffer overflow in print-ip.c, multiple functions.
+ CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print().
+ CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print().
+ CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print().
+ CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions.
+ CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print().
+ CVE-2016-7993: a bug in util-print.c:relts_print() could cause a
buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP,
lightweight resolver protocol, PIM).
+ CVE-2016-8574: buffer overflow in print-fr.c:frf15_print().
+ CVE-2016-8575: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print().
+ CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print().
+ CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print().
+ CVE-2017-5341: buffer overflow in print-otv.c:otv_print().
+ CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH,
OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in
print-ether.c:ether_print().
+ CVE-2017-5482: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse().
+ CVE-2017-5484: buffer overflow in print-atm.c:sig_print().
+ CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap().
+ CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print().
The size of the package is only incread very little:
new size:
306430 tcpdump_4.9.0-1_mips_24kc.ipk
130324 tcpdump-mini_4.9.0-1_mips_24kc.ipk
old size:
302782 tcpdump_4.8.1-1_mips_24kc.ipk
129033 tcpdump-mini_4.8.1-1_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-02-05 12:00:38 +00:00
|
|
|
@@ -412,6 +418,7 @@ ethertype_print(netdissect_options *ndo,
|
2016-12-10 10:10:03 +00:00
|
|
|
loopback_print(ndo, p, length);
|
2012-10-10 12:35:26 +00:00
|
|
|
return (1);
|
|
|
|
|
|
|
|
+#ifndef TCPDUMP_MINI
|
|
|
|
case ETHERTYPE_MPLS:
|
|
|
|
case ETHERTYPE_MPLS_MULTI:
|
2016-12-10 10:10:03 +00:00
|
|
|
mpls_print(ndo, p, length);
|
tcpdump: update to version 4.9.0
This fixes the following 41 security problems:
+ CVE-2016-7922: buffer overflow in print-ah.c:ah_print().
+ CVE-2016-7923: buffer overflow in print-arp.c:arp_print().
+ CVE-2016-7924: buffer overflow in print-atm.c:oam_print().
+ CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print().
+ CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print().
+ CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print().
+ CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print().
+ CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header().
+ CVE-2016-7930: buffer overflow in print-llc.c:llc_print().
+ CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print().
+ CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum().
+ CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print().
+ CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print().
+ CVE-2016-7935: buffer overflow in print-udp.c:rtp_print().
+ CVE-2016-7936: buffer overflow in print-udp.c:udp_print().
+ CVE-2016-7937: buffer overflow in print-udp.c:vat_print().
+ CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame().
+ CVE-2016-7939: buffer overflow in print-gre.c, multiple functions.
+ CVE-2016-7940: buffer overflow in print-stp.c, multiple functions.
+ CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions.
+ CVE-2016-7974: buffer overflow in print-ip.c, multiple functions.
+ CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print().
+ CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print().
+ CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print().
+ CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions.
+ CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print().
+ CVE-2016-7993: a bug in util-print.c:relts_print() could cause a
buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP,
lightweight resolver protocol, PIM).
+ CVE-2016-8574: buffer overflow in print-fr.c:frf15_print().
+ CVE-2016-8575: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print().
+ CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print().
+ CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print().
+ CVE-2017-5341: buffer overflow in print-otv.c:otv_print().
+ CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH,
OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in
print-ether.c:ether_print().
+ CVE-2017-5482: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse().
+ CVE-2017-5484: buffer overflow in print-atm.c:sig_print().
+ CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap().
+ CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print().
The size of the package is only incread very little:
new size:
306430 tcpdump_4.9.0-1_mips_24kc.ipk
130324 tcpdump-mini_4.9.0-1_mips_24kc.ipk
old size:
302782 tcpdump_4.8.1-1_mips_24kc.ipk
129033 tcpdump-mini_4.8.1-1_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-02-05 12:00:38 +00:00
|
|
|
@@ -441,6 +448,7 @@ ethertype_print(netdissect_options *ndo,
|
2016-12-10 10:10:03 +00:00
|
|
|
case ETHERTYPE_MEDSA:
|
tcpdump: update to version 4.9.0
This fixes the following 41 security problems:
+ CVE-2016-7922: buffer overflow in print-ah.c:ah_print().
+ CVE-2016-7923: buffer overflow in print-arp.c:arp_print().
+ CVE-2016-7924: buffer overflow in print-atm.c:oam_print().
+ CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print().
+ CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print().
+ CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print().
+ CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print().
+ CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header().
+ CVE-2016-7930: buffer overflow in print-llc.c:llc_print().
+ CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print().
+ CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum().
+ CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print().
+ CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print().
+ CVE-2016-7935: buffer overflow in print-udp.c:rtp_print().
+ CVE-2016-7936: buffer overflow in print-udp.c:udp_print().
+ CVE-2016-7937: buffer overflow in print-udp.c:vat_print().
+ CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame().
+ CVE-2016-7939: buffer overflow in print-gre.c, multiple functions.
+ CVE-2016-7940: buffer overflow in print-stp.c, multiple functions.
+ CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions.
+ CVE-2016-7974: buffer overflow in print-ip.c, multiple functions.
+ CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print().
+ CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print().
+ CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print().
+ CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions.
+ CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print().
+ CVE-2016-7993: a bug in util-print.c:relts_print() could cause a
buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP,
lightweight resolver protocol, PIM).
+ CVE-2016-8574: buffer overflow in print-fr.c:frf15_print().
+ CVE-2016-8575: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print().
+ CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print().
+ CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print().
+ CVE-2017-5341: buffer overflow in print-otv.c:otv_print().
+ CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH,
OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in
print-ether.c:ether_print().
+ CVE-2017-5482: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse().
+ CVE-2017-5484: buffer overflow in print-atm.c:sig_print().
+ CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap().
+ CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print().
The size of the package is only incread very little:
new size:
306430 tcpdump_4.9.0-1_mips_24kc.ipk
130324 tcpdump-mini_4.9.0-1_mips_24kc.ipk
old size:
302782 tcpdump_4.8.1-1_mips_24kc.ipk
129033 tcpdump-mini_4.8.1-1_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-02-05 12:00:38 +00:00
|
|
|
medsa_print(ndo, p, length, caplen, src, dst);
|
2016-12-10 10:10:03 +00:00
|
|
|
return (1);
|
2012-10-10 12:35:26 +00:00
|
|
|
+#endif
|
|
|
|
|
|
|
|
case ETHERTYPE_LAT:
|
|
|
|
case ETHERTYPE_SCA:
|
|
|
|
--- a/print-gre.c
|
|
|
|
+++ b/print-gre.c
|
tcpdump: update to version 4.9.0
This fixes the following 41 security problems:
+ CVE-2016-7922: buffer overflow in print-ah.c:ah_print().
+ CVE-2016-7923: buffer overflow in print-arp.c:arp_print().
+ CVE-2016-7924: buffer overflow in print-atm.c:oam_print().
+ CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print().
+ CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print().
+ CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print().
+ CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print().
+ CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header().
+ CVE-2016-7930: buffer overflow in print-llc.c:llc_print().
+ CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print().
+ CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum().
+ CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print().
+ CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print().
+ CVE-2016-7935: buffer overflow in print-udp.c:rtp_print().
+ CVE-2016-7936: buffer overflow in print-udp.c:udp_print().
+ CVE-2016-7937: buffer overflow in print-udp.c:vat_print().
+ CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame().
+ CVE-2016-7939: buffer overflow in print-gre.c, multiple functions.
+ CVE-2016-7940: buffer overflow in print-stp.c, multiple functions.
+ CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions.
+ CVE-2016-7974: buffer overflow in print-ip.c, multiple functions.
+ CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print().
+ CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print().
+ CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print().
+ CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions.
+ CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print().
+ CVE-2016-7993: a bug in util-print.c:relts_print() could cause a
buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP,
lightweight resolver protocol, PIM).
+ CVE-2016-8574: buffer overflow in print-fr.c:frf15_print().
+ CVE-2016-8575: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print().
+ CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print().
+ CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print().
+ CVE-2017-5341: buffer overflow in print-otv.c:otv_print().
+ CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH,
OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in
print-ether.c:ether_print().
+ CVE-2017-5482: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse().
+ CVE-2017-5484: buffer overflow in print-atm.c:sig_print().
+ CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap().
+ CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print().
The size of the package is only incread very little:
new size:
306430 tcpdump_4.9.0-1_mips_24kc.ipk
130324 tcpdump-mini_4.9.0-1_mips_24kc.ipk
old size:
302782 tcpdump_4.8.1-1_mips_24kc.ipk
129033 tcpdump-mini_4.8.1-1_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-02-05 12:00:38 +00:00
|
|
|
@@ -216,6 +216,7 @@ gre_print_0(netdissect_options *ndo, con
|
2016-12-10 10:10:03 +00:00
|
|
|
case ETHERTYPE_IPV6:
|
|
|
|
ip6_print(ndo, bp, len);
|
2012-10-10 12:35:26 +00:00
|
|
|
break;
|
|
|
|
+#ifndef TCPDUMP_MINI
|
|
|
|
case ETHERTYPE_MPLS:
|
2016-12-10 10:10:03 +00:00
|
|
|
mpls_print(ndo, bp, len);
|
2012-10-10 12:35:26 +00:00
|
|
|
break;
|
tcpdump: update to version 4.9.0
This fixes the following 41 security problems:
+ CVE-2016-7922: buffer overflow in print-ah.c:ah_print().
+ CVE-2016-7923: buffer overflow in print-arp.c:arp_print().
+ CVE-2016-7924: buffer overflow in print-atm.c:oam_print().
+ CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print().
+ CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print().
+ CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print().
+ CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print().
+ CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header().
+ CVE-2016-7930: buffer overflow in print-llc.c:llc_print().
+ CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print().
+ CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum().
+ CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print().
+ CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print().
+ CVE-2016-7935: buffer overflow in print-udp.c:rtp_print().
+ CVE-2016-7936: buffer overflow in print-udp.c:udp_print().
+ CVE-2016-7937: buffer overflow in print-udp.c:vat_print().
+ CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame().
+ CVE-2016-7939: buffer overflow in print-gre.c, multiple functions.
+ CVE-2016-7940: buffer overflow in print-stp.c, multiple functions.
+ CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions.
+ CVE-2016-7974: buffer overflow in print-ip.c, multiple functions.
+ CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print().
+ CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print().
+ CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print().
+ CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions.
+ CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print().
+ CVE-2016-7993: a bug in util-print.c:relts_print() could cause a
buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP,
lightweight resolver protocol, PIM).
+ CVE-2016-8574: buffer overflow in print-fr.c:frf15_print().
+ CVE-2016-8575: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print().
+ CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print().
+ CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print().
+ CVE-2017-5341: buffer overflow in print-otv.c:otv_print().
+ CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH,
OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in
print-ether.c:ether_print().
+ CVE-2017-5482: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse().
+ CVE-2017-5484: buffer overflow in print-atm.c:sig_print().
+ CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap().
+ CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print().
The size of the package is only incread very little:
new size:
306430 tcpdump_4.9.0-1_mips_24kc.ipk
130324 tcpdump-mini_4.9.0-1_mips_24kc.ipk
old size:
302782 tcpdump_4.8.1-1_mips_24kc.ipk
129033 tcpdump-mini_4.8.1-1_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-02-05 12:00:38 +00:00
|
|
|
@@ -231,6 +232,7 @@ gre_print_0(netdissect_options *ndo, con
|
2012-10-10 12:35:26 +00:00
|
|
|
case ETHERTYPE_TEB:
|
tcpdump: update to version 4.9.0
This fixes the following 41 security problems:
+ CVE-2016-7922: buffer overflow in print-ah.c:ah_print().
+ CVE-2016-7923: buffer overflow in print-arp.c:arp_print().
+ CVE-2016-7924: buffer overflow in print-atm.c:oam_print().
+ CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print().
+ CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print().
+ CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print().
+ CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print().
+ CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header().
+ CVE-2016-7930: buffer overflow in print-llc.c:llc_print().
+ CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print().
+ CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum().
+ CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print().
+ CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print().
+ CVE-2016-7935: buffer overflow in print-udp.c:rtp_print().
+ CVE-2016-7936: buffer overflow in print-udp.c:udp_print().
+ CVE-2016-7937: buffer overflow in print-udp.c:vat_print().
+ CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame().
+ CVE-2016-7939: buffer overflow in print-gre.c, multiple functions.
+ CVE-2016-7940: buffer overflow in print-stp.c, multiple functions.
+ CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions.
+ CVE-2016-7974: buffer overflow in print-ip.c, multiple functions.
+ CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print().
+ CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print().
+ CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print().
+ CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions.
+ CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print().
+ CVE-2016-7993: a bug in util-print.c:relts_print() could cause a
buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP,
lightweight resolver protocol, PIM).
+ CVE-2016-8574: buffer overflow in print-fr.c:frf15_print().
+ CVE-2016-8575: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print().
+ CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print().
+ CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print().
+ CVE-2017-5341: buffer overflow in print-otv.c:otv_print().
+ CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH,
OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in
print-ether.c:ether_print().
+ CVE-2017-5482: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse().
+ CVE-2017-5484: buffer overflow in print-atm.c:sig_print().
+ CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap().
+ CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print().
The size of the package is only incread very little:
new size:
306430 tcpdump_4.9.0-1_mips_24kc.ipk
130324 tcpdump-mini_4.9.0-1_mips_24kc.ipk
old size:
302782 tcpdump_4.8.1-1_mips_24kc.ipk
129033 tcpdump-mini_4.8.1-1_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-02-05 12:00:38 +00:00
|
|
|
ether_print(ndo, bp, len, ndo->ndo_snapend - bp, NULL, NULL);
|
2012-10-10 12:35:26 +00:00
|
|
|
break;
|
|
|
|
+#endif
|
|
|
|
default:
|
2016-12-10 10:10:03 +00:00
|
|
|
ND_PRINT((ndo, "gre-proto-0x%x", prot));
|
2012-10-10 12:35:26 +00:00
|
|
|
}
|
|
|
|
--- a/print-igmp.c
|
|
|
|
+++ b/print-igmp.c
|
tcpdump: update to version 4.9.0
This fixes the following 41 security problems:
+ CVE-2016-7922: buffer overflow in print-ah.c:ah_print().
+ CVE-2016-7923: buffer overflow in print-arp.c:arp_print().
+ CVE-2016-7924: buffer overflow in print-atm.c:oam_print().
+ CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print().
+ CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print().
+ CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print().
+ CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print().
+ CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header().
+ CVE-2016-7930: buffer overflow in print-llc.c:llc_print().
+ CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print().
+ CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum().
+ CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print().
+ CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print().
+ CVE-2016-7935: buffer overflow in print-udp.c:rtp_print().
+ CVE-2016-7936: buffer overflow in print-udp.c:udp_print().
+ CVE-2016-7937: buffer overflow in print-udp.c:vat_print().
+ CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame().
+ CVE-2016-7939: buffer overflow in print-gre.c, multiple functions.
+ CVE-2016-7940: buffer overflow in print-stp.c, multiple functions.
+ CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions.
+ CVE-2016-7974: buffer overflow in print-ip.c, multiple functions.
+ CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print().
+ CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print().
+ CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print().
+ CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions.
+ CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print().
+ CVE-2016-7993: a bug in util-print.c:relts_print() could cause a
buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP,
lightweight resolver protocol, PIM).
+ CVE-2016-8574: buffer overflow in print-fr.c:frf15_print().
+ CVE-2016-8575: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print().
+ CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print().
+ CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print().
+ CVE-2017-5341: buffer overflow in print-otv.c:otv_print().
+ CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH,
OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in
print-ether.c:ether_print().
+ CVE-2017-5482: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse().
+ CVE-2017-5484: buffer overflow in print-atm.c:sig_print().
+ CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap().
+ CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print().
The size of the package is only incread very little:
new size:
306430 tcpdump_4.9.0-1_mips_24kc.ipk
130324 tcpdump-mini_4.9.0-1_mips_24kc.ipk
old size:
302782 tcpdump_4.8.1-1_mips_24kc.ipk
129033 tcpdump-mini_4.8.1-1_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-02-05 12:00:38 +00:00
|
|
|
@@ -306,6 +306,7 @@ igmp_print(netdissect_options *ndo,
|
2016-12-10 10:10:03 +00:00
|
|
|
ND_TCHECK2(bp[4], 4);
|
|
|
|
ND_PRINT((ndo, "igmp leave %s", ipaddr_string(ndo, &bp[4])));
|
2012-10-10 12:35:26 +00:00
|
|
|
break;
|
|
|
|
+#ifndef TCPDUMP_MINI
|
|
|
|
case 0x13:
|
2016-12-10 10:10:03 +00:00
|
|
|
ND_PRINT((ndo, "igmp dvmrp"));
|
2012-10-10 12:35:26 +00:00
|
|
|
if (len < 8)
|
tcpdump: update to version 4.9.0
This fixes the following 41 security problems:
+ CVE-2016-7922: buffer overflow in print-ah.c:ah_print().
+ CVE-2016-7923: buffer overflow in print-arp.c:arp_print().
+ CVE-2016-7924: buffer overflow in print-atm.c:oam_print().
+ CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print().
+ CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print().
+ CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print().
+ CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print().
+ CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header().
+ CVE-2016-7930: buffer overflow in print-llc.c:llc_print().
+ CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print().
+ CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum().
+ CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print().
+ CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print().
+ CVE-2016-7935: buffer overflow in print-udp.c:rtp_print().
+ CVE-2016-7936: buffer overflow in print-udp.c:udp_print().
+ CVE-2016-7937: buffer overflow in print-udp.c:vat_print().
+ CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame().
+ CVE-2016-7939: buffer overflow in print-gre.c, multiple functions.
+ CVE-2016-7940: buffer overflow in print-stp.c, multiple functions.
+ CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions.
+ CVE-2016-7974: buffer overflow in print-ip.c, multiple functions.
+ CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print().
+ CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print().
+ CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print().
+ CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions.
+ CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print().
+ CVE-2016-7993: a bug in util-print.c:relts_print() could cause a
buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP,
lightweight resolver protocol, PIM).
+ CVE-2016-8574: buffer overflow in print-fr.c:frf15_print().
+ CVE-2016-8575: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print().
+ CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print().
+ CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print().
+ CVE-2017-5341: buffer overflow in print-otv.c:otv_print().
+ CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH,
OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in
print-ether.c:ether_print().
+ CVE-2017-5482: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse().
+ CVE-2017-5484: buffer overflow in print-atm.c:sig_print().
+ CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap().
+ CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print().
The size of the package is only incread very little:
new size:
306430 tcpdump_4.9.0-1_mips_24kc.ipk
130324 tcpdump-mini_4.9.0-1_mips_24kc.ipk
old size:
302782 tcpdump_4.8.1-1_mips_24kc.ipk
129033 tcpdump-mini_4.8.1-1_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-02-05 12:00:38 +00:00
|
|
|
@@ -317,6 +318,7 @@ igmp_print(netdissect_options *ndo,
|
2016-12-10 10:10:03 +00:00
|
|
|
ND_PRINT((ndo, "igmp pimv1"));
|
|
|
|
pimv1_print(ndo, bp, len);
|
2012-10-10 12:35:26 +00:00
|
|
|
break;
|
|
|
|
+#endif
|
|
|
|
case 0x1e:
|
2016-12-10 10:10:03 +00:00
|
|
|
print_mresp(ndo, bp, len);
|
2012-10-10 12:35:26 +00:00
|
|
|
break;
|
2016-12-10 10:10:03 +00:00
|
|
|
--- a/print-ip6.c
|
|
|
|
+++ b/print-ip6.c
|
2017-09-10 19:27:26 +00:00
|
|
|
@@ -305,6 +305,7 @@ ip6_print(netdissect_options *ndo, const
|
tcpdump: update to version 4.9.0
This fixes the following 41 security problems:
+ CVE-2016-7922: buffer overflow in print-ah.c:ah_print().
+ CVE-2016-7923: buffer overflow in print-arp.c:arp_print().
+ CVE-2016-7924: buffer overflow in print-atm.c:oam_print().
+ CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print().
+ CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print().
+ CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print().
+ CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print().
+ CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header().
+ CVE-2016-7930: buffer overflow in print-llc.c:llc_print().
+ CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print().
+ CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum().
+ CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print().
+ CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print().
+ CVE-2016-7935: buffer overflow in print-udp.c:rtp_print().
+ CVE-2016-7936: buffer overflow in print-udp.c:udp_print().
+ CVE-2016-7937: buffer overflow in print-udp.c:vat_print().
+ CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame().
+ CVE-2016-7939: buffer overflow in print-gre.c, multiple functions.
+ CVE-2016-7940: buffer overflow in print-stp.c, multiple functions.
+ CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions.
+ CVE-2016-7974: buffer overflow in print-ip.c, multiple functions.
+ CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print().
+ CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print().
+ CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print().
+ CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions.
+ CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print().
+ CVE-2016-7993: a bug in util-print.c:relts_print() could cause a
buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP,
lightweight resolver protocol, PIM).
+ CVE-2016-8574: buffer overflow in print-fr.c:frf15_print().
+ CVE-2016-8575: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print().
+ CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print().
+ CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print().
+ CVE-2017-5341: buffer overflow in print-otv.c:otv_print().
+ CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH,
OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in
print-ether.c:ether_print().
+ CVE-2017-5482: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse().
+ CVE-2017-5484: buffer overflow in print-atm.c:sig_print().
+ CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap().
+ CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print().
The size of the package is only incread very little:
new size:
306430 tcpdump_4.9.0-1_mips_24kc.ipk
130324 tcpdump-mini_4.9.0-1_mips_24kc.ipk
old size:
302782 tcpdump_4.8.1-1_mips_24kc.ipk
129033 tcpdump-mini_4.8.1-1_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-02-05 12:00:38 +00:00
|
|
|
return;
|
2016-12-10 10:10:03 +00:00
|
|
|
nh = *cp;
|
|
|
|
break;
|
|
|
|
+#ifndef TCPDUMP_MINI
|
|
|
|
case IPPROTO_FRAGMENT:
|
|
|
|
advance = frag6_print(ndo, cp, (const u_char *)ip6);
|
tcpdump: update to version 4.9.0
This fixes the following 41 security problems:
+ CVE-2016-7922: buffer overflow in print-ah.c:ah_print().
+ CVE-2016-7923: buffer overflow in print-arp.c:arp_print().
+ CVE-2016-7924: buffer overflow in print-atm.c:oam_print().
+ CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print().
+ CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print().
+ CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print().
+ CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print().
+ CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header().
+ CVE-2016-7930: buffer overflow in print-llc.c:llc_print().
+ CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print().
+ CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum().
+ CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print().
+ CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print().
+ CVE-2016-7935: buffer overflow in print-udp.c:rtp_print().
+ CVE-2016-7936: buffer overflow in print-udp.c:udp_print().
+ CVE-2016-7937: buffer overflow in print-udp.c:vat_print().
+ CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame().
+ CVE-2016-7939: buffer overflow in print-gre.c, multiple functions.
+ CVE-2016-7940: buffer overflow in print-stp.c, multiple functions.
+ CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions.
+ CVE-2016-7974: buffer overflow in print-ip.c, multiple functions.
+ CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print().
+ CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print().
+ CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print().
+ CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions.
+ CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print().
+ CVE-2016-7993: a bug in util-print.c:relts_print() could cause a
buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP,
lightweight resolver protocol, PIM).
+ CVE-2016-8574: buffer overflow in print-fr.c:frf15_print().
+ CVE-2016-8575: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print().
+ CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print().
+ CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print().
+ CVE-2017-5341: buffer overflow in print-otv.c:otv_print().
+ CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH,
OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in
print-ether.c:ether_print().
+ CVE-2017-5482: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse().
+ CVE-2017-5484: buffer overflow in print-atm.c:sig_print().
+ CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap().
+ CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print().
The size of the package is only incread very little:
new size:
306430 tcpdump_4.9.0-1_mips_24kc.ipk
130324 tcpdump-mini_4.9.0-1_mips_24kc.ipk
old size:
302782 tcpdump_4.8.1-1_mips_24kc.ipk
129033 tcpdump-mini_4.8.1-1_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-02-05 12:00:38 +00:00
|
|
|
if (advance < 0 || ndo->ndo_snapend <= cp + advance)
|
2017-09-10 19:27:26 +00:00
|
|
|
@@ -328,6 +329,7 @@ ip6_print(netdissect_options *ndo, const
|
|
|
|
return;
|
2016-12-10 10:10:03 +00:00
|
|
|
nh = *cp;
|
|
|
|
return;
|
|
|
|
+#endif
|
|
|
|
case IPPROTO_ROUTING:
|
2017-09-10 19:27:26 +00:00
|
|
|
ND_TCHECK(*cp);
|
2016-12-10 10:10:03 +00:00
|
|
|
advance = rt6_print(ndo, cp, (const u_char *)ip6);
|
2017-09-10 19:27:26 +00:00
|
|
|
@@ -335,12 +337,14 @@ ip6_print(netdissect_options *ndo, const
|
|
|
|
return;
|
2016-12-10 10:10:03 +00:00
|
|
|
nh = *cp;
|
2016-12-10 13:02:15 +00:00
|
|
|
break;
|
|
|
|
+#ifndef TCPDUMP_MINI
|
2016-12-10 10:10:03 +00:00
|
|
|
case IPPROTO_SCTP:
|
|
|
|
sctp_print(ndo, cp, (const u_char *)ip6, len);
|
|
|
|
return;
|
|
|
|
case IPPROTO_DCCP:
|
|
|
|
dccp_print(ndo, cp, (const u_char *)ip6, len);
|
|
|
|
return;
|
|
|
|
+#endif
|
|
|
|
case IPPROTO_TCP:
|
|
|
|
tcp_print(ndo, cp, len, (const u_char *)ip6, fragmented);
|
|
|
|
return;
|
2017-09-10 19:27:26 +00:00
|
|
|
@@ -350,6 +354,7 @@ ip6_print(netdissect_options *ndo, const
|
2016-12-10 10:10:03 +00:00
|
|
|
case IPPROTO_ICMPV6:
|
|
|
|
icmp6_print(ndo, cp, len, (const u_char *)ip6, fragmented);
|
|
|
|
return;
|
|
|
|
+#ifndef TCPDUMP_MINI
|
|
|
|
case IPPROTO_AH:
|
|
|
|
advance = ah_print(ndo, cp);
|
2017-09-10 19:27:26 +00:00
|
|
|
if (advance < 0)
|
|
|
|
@@ -382,6 +387,7 @@ ip6_print(netdissect_options *ndo, const
|
2016-12-10 10:10:03 +00:00
|
|
|
case IPPROTO_PIM:
|
|
|
|
pim_print(ndo, cp, len, (const u_char *)ip6);
|
|
|
|
return;
|
|
|
|
+#endif
|
|
|
|
|
|
|
|
case IPPROTO_OSPF:
|
|
|
|
ospf6_print(ndo, cp, len);
|
2017-09-10 19:27:26 +00:00
|
|
|
@@ -395,9 +401,11 @@ ip6_print(netdissect_options *ndo, const
|
2016-12-10 10:10:03 +00:00
|
|
|
ip_print(ndo, cp, len);
|
|
|
|
return;
|
|
|
|
|
|
|
|
+#ifndef TCPDUMP_MINI
|
|
|
|
case IPPROTO_PGM:
|
|
|
|
pgm_print(ndo, cp, len, (const u_char *)ip6);
|
|
|
|
return;
|
|
|
|
+#endif
|
|
|
|
|
|
|
|
case IPPROTO_GRE:
|
|
|
|
gre_print(ndo, cp, len);
|
2012-10-10 12:35:26 +00:00
|
|
|
--- a/print-ip.c
|
|
|
|
+++ b/print-ip.c
|
2017-09-10 19:27:26 +00:00
|
|
|
@@ -344,6 +344,7 @@ ip_print_demux(netdissect_options *ndo,
|
2012-10-10 12:35:26 +00:00
|
|
|
again:
|
|
|
|
switch (ipds->nh) {
|
|
|
|
|
|
|
|
+#ifndef TCPDUMP_MINI
|
|
|
|
case IPPROTO_AH:
|
tcpdump: update to version 4.9.0
This fixes the following 41 security problems:
+ CVE-2016-7922: buffer overflow in print-ah.c:ah_print().
+ CVE-2016-7923: buffer overflow in print-arp.c:arp_print().
+ CVE-2016-7924: buffer overflow in print-atm.c:oam_print().
+ CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print().
+ CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print().
+ CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print().
+ CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print().
+ CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header().
+ CVE-2016-7930: buffer overflow in print-llc.c:llc_print().
+ CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print().
+ CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum().
+ CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print().
+ CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print().
+ CVE-2016-7935: buffer overflow in print-udp.c:rtp_print().
+ CVE-2016-7936: buffer overflow in print-udp.c:udp_print().
+ CVE-2016-7937: buffer overflow in print-udp.c:vat_print().
+ CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame().
+ CVE-2016-7939: buffer overflow in print-gre.c, multiple functions.
+ CVE-2016-7940: buffer overflow in print-stp.c, multiple functions.
+ CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions.
+ CVE-2016-7974: buffer overflow in print-ip.c, multiple functions.
+ CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print().
+ CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print().
+ CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print().
+ CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions.
+ CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print().
+ CVE-2016-7993: a bug in util-print.c:relts_print() could cause a
buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP,
lightweight resolver protocol, PIM).
+ CVE-2016-8574: buffer overflow in print-fr.c:frf15_print().
+ CVE-2016-8575: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print().
+ CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print().
+ CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print().
+ CVE-2017-5341: buffer overflow in print-otv.c:otv_print().
+ CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH,
OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in
print-ether.c:ether_print().
+ CVE-2017-5482: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse().
+ CVE-2017-5484: buffer overflow in print-atm.c:sig_print().
+ CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap().
+ CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print().
The size of the package is only incread very little:
new size:
306430 tcpdump_4.9.0-1_mips_24kc.ipk
130324 tcpdump-mini_4.9.0-1_mips_24kc.ipk
old size:
302782 tcpdump_4.8.1-1_mips_24kc.ipk
129033 tcpdump-mini_4.8.1-1_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-02-05 12:00:38 +00:00
|
|
|
if (!ND_TTEST(*ipds->cp)) {
|
|
|
|
ND_PRINT((ndo, "[|AH]"));
|
2017-09-10 19:27:26 +00:00
|
|
|
@@ -382,7 +383,9 @@ again:
|
tcpdump: update to version 4.9.0
This fixes the following 41 security problems:
+ CVE-2016-7922: buffer overflow in print-ah.c:ah_print().
+ CVE-2016-7923: buffer overflow in print-arp.c:arp_print().
+ CVE-2016-7924: buffer overflow in print-atm.c:oam_print().
+ CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print().
+ CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print().
+ CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print().
+ CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print().
+ CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header().
+ CVE-2016-7930: buffer overflow in print-llc.c:llc_print().
+ CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print().
+ CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum().
+ CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print().
+ CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print().
+ CVE-2016-7935: buffer overflow in print-udp.c:rtp_print().
+ CVE-2016-7936: buffer overflow in print-udp.c:udp_print().
+ CVE-2016-7937: buffer overflow in print-udp.c:vat_print().
+ CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame().
+ CVE-2016-7939: buffer overflow in print-gre.c, multiple functions.
+ CVE-2016-7940: buffer overflow in print-stp.c, multiple functions.
+ CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions.
+ CVE-2016-7974: buffer overflow in print-ip.c, multiple functions.
+ CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print().
+ CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print().
+ CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print().
+ CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions.
+ CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print().
+ CVE-2016-7993: a bug in util-print.c:relts_print() could cause a
buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP,
lightweight resolver protocol, PIM).
+ CVE-2016-8574: buffer overflow in print-fr.c:frf15_print().
+ CVE-2016-8575: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print().
+ CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print().
+ CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print().
+ CVE-2017-5341: buffer overflow in print-otv.c:otv_print().
+ CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH,
OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in
print-ether.c:ether_print().
+ CVE-2017-5482: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse().
+ CVE-2017-5484: buffer overflow in print-atm.c:sig_print().
+ CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap().
+ CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print().
The size of the package is only incread very little:
new size:
306430 tcpdump_4.9.0-1_mips_24kc.ipk
130324 tcpdump-mini_4.9.0-1_mips_24kc.ipk
old size:
302782 tcpdump_4.8.1-1_mips_24kc.ipk
129033 tcpdump-mini_4.8.1-1_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-02-05 12:00:38 +00:00
|
|
|
*/
|
|
|
|
break;
|
2012-10-10 12:35:26 +00:00
|
|
|
}
|
|
|
|
+#endif
|
2016-12-10 10:10:03 +00:00
|
|
|
|
2016-12-10 13:02:15 +00:00
|
|
|
+#ifndef TCPDUMP_MINI
|
2012-10-10 12:35:26 +00:00
|
|
|
case IPPROTO_SCTP:
|
2016-12-10 10:10:03 +00:00
|
|
|
sctp_print(ndo, ipds->cp, (const u_char *)ipds->ip, ipds->len);
|
2012-10-10 12:35:26 +00:00
|
|
|
break;
|
2017-09-10 19:27:26 +00:00
|
|
|
@@ -390,6 +393,7 @@ again:
|
2012-10-10 12:35:26 +00:00
|
|
|
case IPPROTO_DCCP:
|
2016-12-10 10:10:03 +00:00
|
|
|
dccp_print(ndo, ipds->cp, (const u_char *)ipds->ip, ipds->len);
|
2012-10-10 12:35:26 +00:00
|
|
|
break;
|
|
|
|
+#endif
|
2016-12-10 10:10:03 +00:00
|
|
|
|
2012-10-10 12:35:26 +00:00
|
|
|
case IPPROTO_TCP:
|
|
|
|
/* pass on the MF bit plus the offset to detect fragments */
|
2017-09-10 19:27:26 +00:00
|
|
|
@@ -409,6 +413,7 @@ again:
|
2012-10-10 12:35:26 +00:00
|
|
|
ipds->off & (IP_MF|IP_OFFMASK));
|
|
|
|
break;
|
2016-12-10 10:10:03 +00:00
|
|
|
|
2012-10-10 12:35:26 +00:00
|
|
|
+#ifndef TCPDUMP_MINI
|
|
|
|
case IPPROTO_PIGP:
|
|
|
|
/*
|
|
|
|
* XXX - the current IANA protocol number assignments
|
2017-09-10 19:27:26 +00:00
|
|
|
@@ -429,14 +434,17 @@ again:
|
2012-10-10 12:35:26 +00:00
|
|
|
case IPPROTO_EIGRP:
|
2016-12-10 10:10:03 +00:00
|
|
|
eigrp_print(ndo, ipds->cp, ipds->len);
|
2012-10-10 12:35:26 +00:00
|
|
|
break;
|
|
|
|
+#endif
|
2016-12-10 10:10:03 +00:00
|
|
|
|
2012-10-10 12:35:26 +00:00
|
|
|
case IPPROTO_ND:
|
|
|
|
ND_PRINT((ndo, " nd %d", ipds->len));
|
|
|
|
break;
|
2016-12-10 10:10:03 +00:00
|
|
|
|
2012-10-10 12:35:26 +00:00
|
|
|
+#ifndef TCPDUMP_MINI
|
|
|
|
case IPPROTO_EGP:
|
2016-12-10 10:10:03 +00:00
|
|
|
egp_print(ndo, ipds->cp, ipds->len);
|
2012-10-10 12:35:26 +00:00
|
|
|
break;
|
|
|
|
+#endif
|
2016-12-10 10:10:03 +00:00
|
|
|
|
2012-10-10 12:35:26 +00:00
|
|
|
case IPPROTO_OSPF:
|
2016-12-10 10:10:03 +00:00
|
|
|
ospf_print(ndo, ipds->cp, ipds->len, (const u_char *)ipds->ip);
|
2017-09-10 19:27:26 +00:00
|
|
|
@@ -469,6 +477,7 @@ again:
|
2016-12-10 10:10:03 +00:00
|
|
|
gre_print(ndo, ipds->cp, ipds->len);
|
2012-10-10 12:35:26 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
+#ifndef TCPDUMP_MINI
|
|
|
|
case IPPROTO_MOBILE:
|
2016-12-10 10:10:03 +00:00
|
|
|
mobile_print(ndo, ipds->cp, ipds->len);
|
2012-10-10 12:35:26 +00:00
|
|
|
break;
|
2017-09-10 19:27:26 +00:00
|
|
|
@@ -497,6 +506,7 @@ again:
|
2012-10-10 12:35:26 +00:00
|
|
|
case IPPROTO_PGM:
|
2016-12-10 10:10:03 +00:00
|
|
|
pgm_print(ndo, ipds->cp, ipds->len, (const u_char *)ipds->ip);
|
2012-10-10 12:35:26 +00:00
|
|
|
break;
|
|
|
|
+#endif
|
2016-12-10 10:10:03 +00:00
|
|
|
|
2012-10-10 12:35:26 +00:00
|
|
|
default:
|
2017-09-10 19:27:26 +00:00
|
|
|
if (ndo->ndo_nflag==0 && (p_name = netdb_protoname(ipds->nh)) != NULL)
|
2012-10-10 12:35:26 +00:00
|
|
|
--- a/print-llc.c
|
|
|
|
+++ b/print-llc.c
|
tcpdump: update to version 4.9.0
This fixes the following 41 security problems:
+ CVE-2016-7922: buffer overflow in print-ah.c:ah_print().
+ CVE-2016-7923: buffer overflow in print-arp.c:arp_print().
+ CVE-2016-7924: buffer overflow in print-atm.c:oam_print().
+ CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print().
+ CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print().
+ CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print().
+ CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print().
+ CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header().
+ CVE-2016-7930: buffer overflow in print-llc.c:llc_print().
+ CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print().
+ CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum().
+ CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print().
+ CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print().
+ CVE-2016-7935: buffer overflow in print-udp.c:rtp_print().
+ CVE-2016-7936: buffer overflow in print-udp.c:udp_print().
+ CVE-2016-7937: buffer overflow in print-udp.c:vat_print().
+ CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame().
+ CVE-2016-7939: buffer overflow in print-gre.c, multiple functions.
+ CVE-2016-7940: buffer overflow in print-stp.c, multiple functions.
+ CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions.
+ CVE-2016-7974: buffer overflow in print-ip.c, multiple functions.
+ CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print().
+ CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print().
+ CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print().
+ CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions.
+ CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print().
+ CVE-2016-7993: a bug in util-print.c:relts_print() could cause a
buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP,
lightweight resolver protocol, PIM).
+ CVE-2016-8574: buffer overflow in print-fr.c:frf15_print().
+ CVE-2016-8575: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print().
+ CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print().
+ CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print().
+ CVE-2017-5341: buffer overflow in print-otv.c:otv_print().
+ CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH,
OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in
print-ether.c:ether_print().
+ CVE-2017-5482: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse().
+ CVE-2017-5484: buffer overflow in print-atm.c:sig_print().
+ CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap().
+ CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print().
The size of the package is only incread very little:
new size:
306430 tcpdump_4.9.0-1_mips_24kc.ipk
130324 tcpdump-mini_4.9.0-1_mips_24kc.ipk
old size:
302782 tcpdump_4.8.1-1_mips_24kc.ipk
129033 tcpdump-mini_4.8.1-1_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-02-05 12:00:38 +00:00
|
|
|
@@ -206,6 +206,7 @@ llc_print(netdissect_options *ndo, const
|
2016-12-10 10:10:03 +00:00
|
|
|
hdrlen = 4; /* DSAP, SSAP, 2-byte control field */
|
2012-10-10 12:35:26 +00:00
|
|
|
}
|
2016-12-10 10:10:03 +00:00
|
|
|
|
2012-10-10 12:35:26 +00:00
|
|
|
+#ifndef TCPDUMP_MINI
|
|
|
|
if (ssap_field == LLCSAP_GLOBAL && dsap_field == LLCSAP_GLOBAL) {
|
|
|
|
/*
|
|
|
|
* This is an Ethernet_802.3 IPX frame; it has an
|
tcpdump: update to version 4.9.0
This fixes the following 41 security problems:
+ CVE-2016-7922: buffer overflow in print-ah.c:ah_print().
+ CVE-2016-7923: buffer overflow in print-arp.c:arp_print().
+ CVE-2016-7924: buffer overflow in print-atm.c:oam_print().
+ CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print().
+ CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print().
+ CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print().
+ CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print().
+ CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header().
+ CVE-2016-7930: buffer overflow in print-llc.c:llc_print().
+ CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print().
+ CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum().
+ CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print().
+ CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print().
+ CVE-2016-7935: buffer overflow in print-udp.c:rtp_print().
+ CVE-2016-7936: buffer overflow in print-udp.c:udp_print().
+ CVE-2016-7937: buffer overflow in print-udp.c:vat_print().
+ CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame().
+ CVE-2016-7939: buffer overflow in print-gre.c, multiple functions.
+ CVE-2016-7940: buffer overflow in print-stp.c, multiple functions.
+ CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions.
+ CVE-2016-7974: buffer overflow in print-ip.c, multiple functions.
+ CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print().
+ CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print().
+ CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print().
+ CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions.
+ CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print().
+ CVE-2016-7993: a bug in util-print.c:relts_print() could cause a
buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP,
lightweight resolver protocol, PIM).
+ CVE-2016-8574: buffer overflow in print-fr.c:frf15_print().
+ CVE-2016-8575: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print().
+ CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print().
+ CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print().
+ CVE-2017-5341: buffer overflow in print-otv.c:otv_print().
+ CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH,
OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in
print-ether.c:ether_print().
+ CVE-2017-5482: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse().
+ CVE-2017-5484: buffer overflow in print-atm.c:sig_print().
+ CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap().
+ CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print().
The size of the package is only incread very little:
new size:
306430 tcpdump_4.9.0-1_mips_24kc.ipk
130324 tcpdump-mini_4.9.0-1_mips_24kc.ipk
old size:
302782 tcpdump_4.8.1-1_mips_24kc.ipk
129033 tcpdump-mini_4.8.1-1_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-02-05 12:00:38 +00:00
|
|
|
@@ -228,6 +229,7 @@ llc_print(netdissect_options *ndo, const
|
2016-12-10 10:10:03 +00:00
|
|
|
ipx_print(ndo, p, length);
|
|
|
|
return (0); /* no LLC header */
|
2012-10-10 12:35:26 +00:00
|
|
|
}
|
|
|
|
+#endif
|
|
|
|
|
|
|
|
dsap = dsap_field & ~LLC_IG;
|
|
|
|
ssap = ssap_field & ~LLC_GSAP;
|
tcpdump: update to version 4.9.0
This fixes the following 41 security problems:
+ CVE-2016-7922: buffer overflow in print-ah.c:ah_print().
+ CVE-2016-7923: buffer overflow in print-arp.c:arp_print().
+ CVE-2016-7924: buffer overflow in print-atm.c:oam_print().
+ CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print().
+ CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print().
+ CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print().
+ CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print().
+ CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header().
+ CVE-2016-7930: buffer overflow in print-llc.c:llc_print().
+ CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print().
+ CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum().
+ CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print().
+ CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print().
+ CVE-2016-7935: buffer overflow in print-udp.c:rtp_print().
+ CVE-2016-7936: buffer overflow in print-udp.c:udp_print().
+ CVE-2016-7937: buffer overflow in print-udp.c:vat_print().
+ CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame().
+ CVE-2016-7939: buffer overflow in print-gre.c, multiple functions.
+ CVE-2016-7940: buffer overflow in print-stp.c, multiple functions.
+ CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions.
+ CVE-2016-7974: buffer overflow in print-ip.c, multiple functions.
+ CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print().
+ CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print().
+ CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print().
+ CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions.
+ CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print().
+ CVE-2016-7993: a bug in util-print.c:relts_print() could cause a
buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP,
lightweight resolver protocol, PIM).
+ CVE-2016-8574: buffer overflow in print-fr.c:frf15_print().
+ CVE-2016-8575: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print().
+ CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print().
+ CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print().
+ CVE-2017-5341: buffer overflow in print-otv.c:otv_print().
+ CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH,
OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in
print-ether.c:ether_print().
+ CVE-2017-5482: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse().
+ CVE-2017-5484: buffer overflow in print-atm.c:sig_print().
+ CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap().
+ CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print().
The size of the package is only incread very little:
new size:
306430 tcpdump_4.9.0-1_mips_24kc.ipk
130324 tcpdump-mini_4.9.0-1_mips_24kc.ipk
old size:
302782 tcpdump_4.8.1-1_mips_24kc.ipk
129033 tcpdump-mini_4.8.1-1_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-02-05 12:00:38 +00:00
|
|
|
@@ -291,6 +293,7 @@ llc_print(netdissect_options *ndo, const
|
2016-12-10 10:10:03 +00:00
|
|
|
return (hdrlen);
|
2012-10-10 12:35:26 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
+#ifndef TCPDUMP_MINI
|
|
|
|
if (ssap == LLCSAP_IPX && dsap == LLCSAP_IPX &&
|
|
|
|
control == LLC_UI) {
|
|
|
|
/*
|
tcpdump: update to version 4.9.0
This fixes the following 41 security problems:
+ CVE-2016-7922: buffer overflow in print-ah.c:ah_print().
+ CVE-2016-7923: buffer overflow in print-arp.c:arp_print().
+ CVE-2016-7924: buffer overflow in print-atm.c:oam_print().
+ CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print().
+ CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print().
+ CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print().
+ CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print().
+ CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header().
+ CVE-2016-7930: buffer overflow in print-llc.c:llc_print().
+ CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print().
+ CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum().
+ CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print().
+ CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print().
+ CVE-2016-7935: buffer overflow in print-udp.c:rtp_print().
+ CVE-2016-7936: buffer overflow in print-udp.c:udp_print().
+ CVE-2016-7937: buffer overflow in print-udp.c:vat_print().
+ CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame().
+ CVE-2016-7939: buffer overflow in print-gre.c, multiple functions.
+ CVE-2016-7940: buffer overflow in print-stp.c, multiple functions.
+ CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions.
+ CVE-2016-7974: buffer overflow in print-ip.c, multiple functions.
+ CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print().
+ CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print().
+ CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print().
+ CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions.
+ CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print().
+ CVE-2016-7993: a bug in util-print.c:relts_print() could cause a
buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP,
lightweight resolver protocol, PIM).
+ CVE-2016-8574: buffer overflow in print-fr.c:frf15_print().
+ CVE-2016-8575: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print().
+ CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print().
+ CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print().
+ CVE-2017-5341: buffer overflow in print-otv.c:otv_print().
+ CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH,
OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in
print-ether.c:ether_print().
+ CVE-2017-5482: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse().
+ CVE-2017-5484: buffer overflow in print-atm.c:sig_print().
+ CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap().
+ CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print().
The size of the package is only incread very little:
new size:
306430 tcpdump_4.9.0-1_mips_24kc.ipk
130324 tcpdump-mini_4.9.0-1_mips_24kc.ipk
old size:
302782 tcpdump_4.8.1-1_mips_24kc.ipk
129033 tcpdump-mini_4.8.1-1_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-02-05 12:00:38 +00:00
|
|
|
@@ -304,6 +307,7 @@ llc_print(netdissect_options *ndo, const
|
2016-12-10 10:10:03 +00:00
|
|
|
ipx_print(ndo, p, length);
|
|
|
|
return (hdrlen);
|
2012-10-10 12:35:26 +00:00
|
|
|
}
|
|
|
|
+#endif
|
|
|
|
|
2016-12-10 10:10:03 +00:00
|
|
|
#ifdef ENABLE_SMB
|
2012-10-10 12:35:26 +00:00
|
|
|
if (ssap == LLCSAP_NETBEUI && dsap == LLCSAP_NETBEUI
|
2017-09-10 19:27:26 +00:00
|
|
|
@@ -322,12 +326,13 @@ llc_print(netdissect_options *ndo, const
|
2016-12-10 10:10:03 +00:00
|
|
|
return (hdrlen);
|
2012-10-10 12:35:26 +00:00
|
|
|
}
|
|
|
|
#endif
|
|
|
|
+#ifndef TCPDUMP_MINI
|
|
|
|
if (ssap == LLCSAP_ISONS && dsap == LLCSAP_ISONS
|
|
|
|
&& control == LLC_UI) {
|
2017-09-10 19:27:26 +00:00
|
|
|
isoclns_print(ndo, p, length);
|
2016-12-10 10:10:03 +00:00
|
|
|
return (hdrlen);
|
2012-10-10 12:35:26 +00:00
|
|
|
}
|
2017-09-10 19:27:26 +00:00
|
|
|
-
|
2012-10-10 12:35:26 +00:00
|
|
|
+#endif
|
2016-12-10 10:10:03 +00:00
|
|
|
if (!ndo->ndo_eflag) {
|
|
|
|
if (ssap == dsap) {
|
2017-09-10 19:27:26 +00:00
|
|
|
if (src == NULL || dst == NULL)
|
|
|
|
@@ -480,6 +485,7 @@ snap_print(netdissect_options *ndo, cons
|
2016-12-10 13:02:15 +00:00
|
|
|
|
|
|
|
case OUI_CISCO:
|
|
|
|
switch (et) {
|
|
|
|
+#ifndef TCPDUMP_MINI
|
2012-10-10 12:35:26 +00:00
|
|
|
case PID_CISCO_CDP:
|
2016-12-10 10:10:03 +00:00
|
|
|
cdp_print(ndo, p, length, caplen);
|
2012-10-10 12:35:26 +00:00
|
|
|
return (1);
|
2017-09-10 19:27:26 +00:00
|
|
|
@@ -492,6 +498,7 @@ snap_print(netdissect_options *ndo, cons
|
2012-10-10 12:35:26 +00:00
|
|
|
case PID_CISCO_VTP:
|
2016-12-10 10:10:03 +00:00
|
|
|
vtp_print(ndo, p, length);
|
2012-10-10 12:35:26 +00:00
|
|
|
return (1);
|
|
|
|
+#endif
|
|
|
|
case PID_CISCO_PVST:
|
2014-02-05 09:54:38 +00:00
|
|
|
case PID_CISCO_VLANBRIDGE:
|
2016-12-10 10:10:03 +00:00
|
|
|
stp_print(ndo, p, length);
|
2017-09-10 19:27:26 +00:00
|
|
|
@@ -504,6 +511,7 @@ snap_print(netdissect_options *ndo, cons
|
2016-12-10 10:10:03 +00:00
|
|
|
case OUI_RFC2684:
|
|
|
|
switch (et) {
|
2012-10-10 12:35:26 +00:00
|
|
|
|
|
|
|
+#ifndef TCPDUMP_MINI
|
2016-12-10 10:10:03 +00:00
|
|
|
case PID_RFC2684_ETH_FCS:
|
|
|
|
case PID_RFC2684_ETH_NOFCS:
|
2012-10-10 12:35:26 +00:00
|
|
|
/*
|
2017-09-10 19:27:26 +00:00
|
|
|
@@ -565,6 +573,7 @@ snap_print(netdissect_options *ndo, cons
|
2012-10-10 12:35:26 +00:00
|
|
|
*/
|
2016-12-10 10:10:03 +00:00
|
|
|
fddi_print(ndo, p, length, caplen);
|
2012-10-10 12:35:26 +00:00
|
|
|
return (1);
|
|
|
|
+#endif
|
|
|
|
|
|
|
|
case PID_RFC2684_BPDU:
|
2016-12-10 10:10:03 +00:00
|
|
|
stp_print(ndo, p, length);
|
2012-10-10 12:35:26 +00:00
|
|
|
--- a/print-null.c
|
|
|
|
+++ b/print-null.c
|
tcpdump: update to version 4.9.0
This fixes the following 41 security problems:
+ CVE-2016-7922: buffer overflow in print-ah.c:ah_print().
+ CVE-2016-7923: buffer overflow in print-arp.c:arp_print().
+ CVE-2016-7924: buffer overflow in print-atm.c:oam_print().
+ CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print().
+ CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print().
+ CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print().
+ CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print().
+ CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header().
+ CVE-2016-7930: buffer overflow in print-llc.c:llc_print().
+ CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print().
+ CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum().
+ CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print().
+ CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print().
+ CVE-2016-7935: buffer overflow in print-udp.c:rtp_print().
+ CVE-2016-7936: buffer overflow in print-udp.c:udp_print().
+ CVE-2016-7937: buffer overflow in print-udp.c:vat_print().
+ CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame().
+ CVE-2016-7939: buffer overflow in print-gre.c, multiple functions.
+ CVE-2016-7940: buffer overflow in print-stp.c, multiple functions.
+ CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions.
+ CVE-2016-7974: buffer overflow in print-ip.c, multiple functions.
+ CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print().
+ CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print().
+ CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print().
+ CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions.
+ CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print().
+ CVE-2016-7993: a bug in util-print.c:relts_print() could cause a
buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP,
lightweight resolver protocol, PIM).
+ CVE-2016-8574: buffer overflow in print-fr.c:frf15_print().
+ CVE-2016-8575: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print().
+ CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print().
+ CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print().
+ CVE-2017-5341: buffer overflow in print-otv.c:otv_print().
+ CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH,
OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in
print-ether.c:ether_print().
+ CVE-2017-5482: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse().
+ CVE-2017-5484: buffer overflow in print-atm.c:sig_print().
+ CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap().
+ CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print().
The size of the package is only incread very little:
new size:
306430 tcpdump_4.9.0-1_mips_24kc.ipk
130324 tcpdump-mini_4.9.0-1_mips_24kc.ipk
old size:
302782 tcpdump_4.8.1-1_mips_24kc.ipk
129033 tcpdump-mini_4.8.1-1_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-02-05 12:00:38 +00:00
|
|
|
@@ -116,6 +116,7 @@ null_if_print(netdissect_options *ndo, c
|
2016-12-10 10:10:03 +00:00
|
|
|
ip6_print(ndo, p, length);
|
2012-10-10 12:35:26 +00:00
|
|
|
break;
|
2016-12-10 10:10:03 +00:00
|
|
|
|
2012-10-10 12:35:26 +00:00
|
|
|
+#ifndef TCPDUMP_MINI
|
|
|
|
case BSD_AFNUM_ISO:
|
2017-09-10 19:27:26 +00:00
|
|
|
isoclns_print(ndo, p, length);
|
2012-10-10 12:35:26 +00:00
|
|
|
break;
|
tcpdump: update to version 4.9.0
This fixes the following 41 security problems:
+ CVE-2016-7922: buffer overflow in print-ah.c:ah_print().
+ CVE-2016-7923: buffer overflow in print-arp.c:arp_print().
+ CVE-2016-7924: buffer overflow in print-atm.c:oam_print().
+ CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print().
+ CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print().
+ CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print().
+ CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print().
+ CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header().
+ CVE-2016-7930: buffer overflow in print-llc.c:llc_print().
+ CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print().
+ CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum().
+ CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print().
+ CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print().
+ CVE-2016-7935: buffer overflow in print-udp.c:rtp_print().
+ CVE-2016-7936: buffer overflow in print-udp.c:udp_print().
+ CVE-2016-7937: buffer overflow in print-udp.c:vat_print().
+ CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame().
+ CVE-2016-7939: buffer overflow in print-gre.c, multiple functions.
+ CVE-2016-7940: buffer overflow in print-stp.c, multiple functions.
+ CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions.
+ CVE-2016-7974: buffer overflow in print-ip.c, multiple functions.
+ CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print().
+ CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print().
+ CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print().
+ CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions.
+ CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print().
+ CVE-2016-7993: a bug in util-print.c:relts_print() could cause a
buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP,
lightweight resolver protocol, PIM).
+ CVE-2016-8574: buffer overflow in print-fr.c:frf15_print().
+ CVE-2016-8575: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print().
+ CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print().
+ CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print().
+ CVE-2017-5341: buffer overflow in print-otv.c:otv_print().
+ CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH,
OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in
print-ether.c:ether_print().
+ CVE-2017-5482: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse().
+ CVE-2017-5484: buffer overflow in print-atm.c:sig_print().
+ CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap().
+ CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print().
The size of the package is only incread very little:
new size:
306430 tcpdump_4.9.0-1_mips_24kc.ipk
130324 tcpdump-mini_4.9.0-1_mips_24kc.ipk
old size:
302782 tcpdump_4.8.1-1_mips_24kc.ipk
129033 tcpdump-mini_4.8.1-1_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-02-05 12:00:38 +00:00
|
|
|
@@ -127,6 +128,7 @@ null_if_print(netdissect_options *ndo, c
|
2012-10-10 12:35:26 +00:00
|
|
|
case BSD_AFNUM_IPX:
|
2016-12-10 10:10:03 +00:00
|
|
|
ipx_print(ndo, p, length);
|
2012-10-10 12:35:26 +00:00
|
|
|
break;
|
|
|
|
+#endif
|
2016-12-10 10:10:03 +00:00
|
|
|
|
2012-10-10 12:35:26 +00:00
|
|
|
default:
|
|
|
|
/* unknown AF_ value */
|
|
|
|
--- a/print-ppp.c
|
|
|
|
+++ b/print-ppp.c
|
2017-09-10 19:27:26 +00:00
|
|
|
@@ -1367,6 +1367,7 @@ trunc:
|
2012-10-10 12:35:26 +00:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
+#ifndef TCPDUMP_MINI
|
|
|
|
static void
|
2016-12-10 10:10:03 +00:00
|
|
|
ppp_hdlc(netdissect_options *ndo,
|
|
|
|
const u_char *p, int length)
|
2017-09-10 19:27:26 +00:00
|
|
|
@@ -1445,6 +1446,7 @@ trunc:
|
2012-10-10 12:35:26 +00:00
|
|
|
free(b);
|
2016-12-10 10:10:03 +00:00
|
|
|
ND_PRINT((ndo, "[|ppp]"));
|
2012-10-10 12:35:26 +00:00
|
|
|
}
|
|
|
|
+#endif
|
|
|
|
|
|
|
|
|
|
|
|
/* PPP */
|
2017-09-10 19:27:26 +00:00
|
|
|
@@ -1452,10 +1454,12 @@ static void
|
2016-12-10 10:10:03 +00:00
|
|
|
handle_ppp(netdissect_options *ndo,
|
|
|
|
u_int proto, const u_char *p, int length)
|
2012-10-10 12:35:26 +00:00
|
|
|
{
|
|
|
|
+#ifndef TCPDUMP_MINI
|
2016-12-10 10:10:03 +00:00
|
|
|
if ((proto & 0xff00) == 0x7e00) { /* is this an escape code ? */
|
|
|
|
ppp_hdlc(ndo, p - 1, length);
|
|
|
|
return;
|
|
|
|
}
|
2012-10-10 12:35:26 +00:00
|
|
|
+#endif
|
2016-12-10 10:10:03 +00:00
|
|
|
|
2012-10-10 12:35:26 +00:00
|
|
|
switch (proto) {
|
|
|
|
case PPP_LCP: /* fall through */
|
2017-09-10 19:27:26 +00:00
|
|
|
@@ -1488,6 +1492,7 @@ handle_ppp(netdissect_options *ndo,
|
2016-12-10 10:10:03 +00:00
|
|
|
case PPP_IPV6:
|
|
|
|
ip6_print(ndo, p, length);
|
2012-10-10 12:35:26 +00:00
|
|
|
break;
|
|
|
|
+#ifndef TCPDUMP_MINI
|
|
|
|
case ETHERTYPE_IPX: /*XXX*/
|
|
|
|
case PPP_IPX:
|
2016-12-10 10:10:03 +00:00
|
|
|
ipx_print(ndo, p, length);
|
2017-09-10 19:27:26 +00:00
|
|
|
@@ -1499,6 +1504,7 @@ handle_ppp(netdissect_options *ndo,
|
2012-10-10 12:35:26 +00:00
|
|
|
case PPP_MPLS_MCAST:
|
2016-12-10 10:10:03 +00:00
|
|
|
mpls_print(ndo, p, length);
|
2012-10-10 12:35:26 +00:00
|
|
|
break;
|
|
|
|
+#endif
|
|
|
|
case PPP_COMP:
|
2016-12-10 10:10:03 +00:00
|
|
|
ND_PRINT((ndo, "compressed PPP data"));
|
2012-10-10 12:35:26 +00:00
|
|
|
break;
|
2017-09-10 19:27:26 +00:00
|
|
|
@@ -1639,6 +1645,7 @@ ppp_if_print(netdissect_options *ndo,
|
2012-10-10 12:35:26 +00:00
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
|
|
|
+#ifndef TCPDUMP_MINI
|
|
|
|
/*
|
|
|
|
* PPP I/F printer to use if we know that RFC 1662-style PPP in HDLC-like
|
|
|
|
* framing, or Cisco PPP with HDLC framing as per section 4.3.1 of RFC 1547,
|
2017-09-10 19:27:26 +00:00
|
|
|
@@ -1866,6 +1873,7 @@ printx:
|
2012-10-10 12:35:26 +00:00
|
|
|
#endif /* __bsdi__ */
|
|
|
|
return (hdrlength);
|
|
|
|
}
|
|
|
|
+#endif
|
|
|
|
|
2016-12-10 10:10:03 +00:00
|
|
|
|
2012-10-10 12:35:26 +00:00
|
|
|
/*
|
2016-12-10 10:10:03 +00:00
|
|
|
--- a/print-sll.c
|
|
|
|
+++ b/print-sll.c
|
tcpdump: update to version 4.9.0
This fixes the following 41 security problems:
+ CVE-2016-7922: buffer overflow in print-ah.c:ah_print().
+ CVE-2016-7923: buffer overflow in print-arp.c:arp_print().
+ CVE-2016-7924: buffer overflow in print-atm.c:oam_print().
+ CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print().
+ CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print().
+ CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print().
+ CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print().
+ CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header().
+ CVE-2016-7930: buffer overflow in print-llc.c:llc_print().
+ CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print().
+ CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum().
+ CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print().
+ CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print().
+ CVE-2016-7935: buffer overflow in print-udp.c:rtp_print().
+ CVE-2016-7936: buffer overflow in print-udp.c:udp_print().
+ CVE-2016-7937: buffer overflow in print-udp.c:vat_print().
+ CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame().
+ CVE-2016-7939: buffer overflow in print-gre.c, multiple functions.
+ CVE-2016-7940: buffer overflow in print-stp.c, multiple functions.
+ CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions.
+ CVE-2016-7974: buffer overflow in print-ip.c, multiple functions.
+ CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print().
+ CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print().
+ CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print().
+ CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions.
+ CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print().
+ CVE-2016-7993: a bug in util-print.c:relts_print() could cause a
buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP,
lightweight resolver protocol, PIM).
+ CVE-2016-8574: buffer overflow in print-fr.c:frf15_print().
+ CVE-2016-8575: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print().
+ CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print().
+ CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print().
+ CVE-2017-5341: buffer overflow in print-otv.c:otv_print().
+ CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH,
OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in
print-ether.c:ether_print().
+ CVE-2017-5482: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse().
+ CVE-2017-5484: buffer overflow in print-atm.c:sig_print().
+ CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap().
+ CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print().
The size of the package is only incread very little:
new size:
306430 tcpdump_4.9.0-1_mips_24kc.ipk
130324 tcpdump-mini_4.9.0-1_mips_24kc.ipk
old size:
302782 tcpdump_4.8.1-1_mips_24kc.ipk
129033 tcpdump-mini_4.8.1-1_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-02-05 12:00:38 +00:00
|
|
|
@@ -238,12 +238,14 @@ recurse:
|
2016-12-10 10:10:03 +00:00
|
|
|
*/
|
|
|
|
switch (ether_type) {
|
|
|
|
|
|
|
|
+#ifndef TCPDUMP_MINI
|
|
|
|
case LINUX_SLL_P_802_3:
|
|
|
|
/*
|
|
|
|
* Ethernet_802.3 IPX frame.
|
|
|
|
*/
|
|
|
|
ipx_print(ndo, p, length);
|
|
|
|
break;
|
|
|
|
+#endif
|
|
|
|
|
|
|
|
case LINUX_SLL_P_802_2:
|
|
|
|
/*
|
2012-10-10 12:35:26 +00:00
|
|
|
--- a/print-tcp.c
|
|
|
|
+++ b/print-tcp.c
|
tcpdump: update to version 4.9.0
This fixes the following 41 security problems:
+ CVE-2016-7922: buffer overflow in print-ah.c:ah_print().
+ CVE-2016-7923: buffer overflow in print-arp.c:arp_print().
+ CVE-2016-7924: buffer overflow in print-atm.c:oam_print().
+ CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print().
+ CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print().
+ CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print().
+ CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print().
+ CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header().
+ CVE-2016-7930: buffer overflow in print-llc.c:llc_print().
+ CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print().
+ CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum().
+ CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print().
+ CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print().
+ CVE-2016-7935: buffer overflow in print-udp.c:rtp_print().
+ CVE-2016-7936: buffer overflow in print-udp.c:udp_print().
+ CVE-2016-7937: buffer overflow in print-udp.c:vat_print().
+ CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame().
+ CVE-2016-7939: buffer overflow in print-gre.c, multiple functions.
+ CVE-2016-7940: buffer overflow in print-stp.c, multiple functions.
+ CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions.
+ CVE-2016-7974: buffer overflow in print-ip.c, multiple functions.
+ CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print().
+ CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print().
+ CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print().
+ CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions.
+ CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print().
+ CVE-2016-7993: a bug in util-print.c:relts_print() could cause a
buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP,
lightweight resolver protocol, PIM).
+ CVE-2016-8574: buffer overflow in print-fr.c:frf15_print().
+ CVE-2016-8575: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print().
+ CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print().
+ CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print().
+ CVE-2017-5341: buffer overflow in print-otv.c:otv_print().
+ CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH,
OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in
print-ether.c:ether_print().
+ CVE-2017-5482: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse().
+ CVE-2017-5484: buffer overflow in print-atm.c:sig_print().
+ CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap().
+ CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print().
The size of the package is only incread very little:
new size:
306430 tcpdump_4.9.0-1_mips_24kc.ipk
130324 tcpdump-mini_4.9.0-1_mips_24kc.ipk
old size:
302782 tcpdump_4.8.1-1_mips_24kc.ipk
129033 tcpdump-mini_4.8.1-1_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-02-05 12:00:38 +00:00
|
|
|
@@ -589,12 +589,14 @@ tcp_print(netdissect_options *ndo,
|
2016-12-10 10:10:03 +00:00
|
|
|
ND_PRINT((ndo, " %u", utoval));
|
2014-02-05 09:54:38 +00:00
|
|
|
break;
|
2016-12-10 10:10:03 +00:00
|
|
|
|
2014-02-05 09:54:38 +00:00
|
|
|
+#ifndef TCPDUMP_MINI
|
|
|
|
case TCPOPT_MPTCP:
|
|
|
|
datalen = len - 2;
|
|
|
|
LENCHECK(datalen);
|
2016-12-10 10:10:03 +00:00
|
|
|
if (!mptcp_print(ndo, cp-2, len, flags))
|
2014-02-05 09:54:38 +00:00
|
|
|
goto bad;
|
|
|
|
break;
|
|
|
|
+#endif
|
2016-12-10 10:10:03 +00:00
|
|
|
|
|
|
|
case TCPOPT_FASTOPEN:
|
2014-02-05 09:54:38 +00:00
|
|
|
datalen = len - 2;
|
tcpdump: update to version 4.9.0
This fixes the following 41 security problems:
+ CVE-2016-7922: buffer overflow in print-ah.c:ah_print().
+ CVE-2016-7923: buffer overflow in print-arp.c:arp_print().
+ CVE-2016-7924: buffer overflow in print-atm.c:oam_print().
+ CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print().
+ CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print().
+ CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print().
+ CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print().
+ CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header().
+ CVE-2016-7930: buffer overflow in print-llc.c:llc_print().
+ CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print().
+ CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum().
+ CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print().
+ CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print().
+ CVE-2016-7935: buffer overflow in print-udp.c:rtp_print().
+ CVE-2016-7936: buffer overflow in print-udp.c:udp_print().
+ CVE-2016-7937: buffer overflow in print-udp.c:vat_print().
+ CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame().
+ CVE-2016-7939: buffer overflow in print-gre.c, multiple functions.
+ CVE-2016-7940: buffer overflow in print-stp.c, multiple functions.
+ CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions.
+ CVE-2016-7974: buffer overflow in print-ip.c, multiple functions.
+ CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print().
+ CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print().
+ CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print().
+ CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions.
+ CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print().
+ CVE-2016-7993: a bug in util-print.c:relts_print() could cause a
buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP,
lightweight resolver protocol, PIM).
+ CVE-2016-8574: buffer overflow in print-fr.c:frf15_print().
+ CVE-2016-8575: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print().
+ CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print().
+ CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print().
+ CVE-2017-5341: buffer overflow in print-otv.c:otv_print().
+ CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH,
OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in
print-ether.c:ether_print().
+ CVE-2017-5482: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse().
+ CVE-2017-5484: buffer overflow in print-atm.c:sig_print().
+ CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap().
+ CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print().
The size of the package is only incread very little:
new size:
306430 tcpdump_4.9.0-1_mips_24kc.ipk
130324 tcpdump-mini_4.9.0-1_mips_24kc.ipk
old size:
302782 tcpdump_4.8.1-1_mips_24kc.ipk
129033 tcpdump-mini_4.8.1-1_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-02-05 12:00:38 +00:00
|
|
|
@@ -670,6 +672,7 @@ tcp_print(netdissect_options *ndo,
|
2014-02-05 09:54:38 +00:00
|
|
|
return;
|
2016-12-10 10:10:03 +00:00
|
|
|
}
|
|
|
|
|
2014-02-05 09:54:38 +00:00
|
|
|
+#ifndef TCPDUMP_MINI
|
2016-12-10 10:10:03 +00:00
|
|
|
if (ndo->ndo_packettype) {
|
|
|
|
switch (ndo->ndo_packettype) {
|
2014-02-05 09:54:38 +00:00
|
|
|
case PT_ZMTP1:
|
tcpdump: update to version 4.9.0
This fixes the following 41 security problems:
+ CVE-2016-7922: buffer overflow in print-ah.c:ah_print().
+ CVE-2016-7923: buffer overflow in print-arp.c:arp_print().
+ CVE-2016-7924: buffer overflow in print-atm.c:oam_print().
+ CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print().
+ CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print().
+ CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print().
+ CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print().
+ CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header().
+ CVE-2016-7930: buffer overflow in print-llc.c:llc_print().
+ CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print().
+ CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum().
+ CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print().
+ CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print().
+ CVE-2016-7935: buffer overflow in print-udp.c:rtp_print().
+ CVE-2016-7936: buffer overflow in print-udp.c:udp_print().
+ CVE-2016-7937: buffer overflow in print-udp.c:vat_print().
+ CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame().
+ CVE-2016-7939: buffer overflow in print-gre.c, multiple functions.
+ CVE-2016-7940: buffer overflow in print-stp.c, multiple functions.
+ CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions.
+ CVE-2016-7974: buffer overflow in print-ip.c, multiple functions.
+ CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print().
+ CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print().
+ CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print().
+ CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions.
+ CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print().
+ CVE-2016-7993: a bug in util-print.c:relts_print() could cause a
buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP,
lightweight resolver protocol, PIM).
+ CVE-2016-8574: buffer overflow in print-fr.c:frf15_print().
+ CVE-2016-8575: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print().
+ CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print().
+ CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print().
+ CVE-2017-5341: buffer overflow in print-otv.c:otv_print().
+ CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH,
OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in
print-ether.c:ether_print().
+ CVE-2017-5482: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse().
+ CVE-2017-5484: buffer overflow in print-atm.c:sig_print().
+ CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap().
+ CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print().
The size of the package is only incread very little:
new size:
306430 tcpdump_4.9.0-1_mips_24kc.ipk
130324 tcpdump-mini_4.9.0-1_mips_24kc.ipk
old size:
302782 tcpdump_4.8.1-1_mips_24kc.ipk
129033 tcpdump-mini_4.8.1-1_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-02-05 12:00:38 +00:00
|
|
|
@@ -681,28 +684,36 @@ tcp_print(netdissect_options *ndo,
|
2014-02-05 09:54:38 +00:00
|
|
|
}
|
|
|
|
return;
|
|
|
|
}
|
2016-12-10 10:10:03 +00:00
|
|
|
+#endif
|
|
|
|
|
|
|
|
if (IS_SRC_OR_DST_PORT(TELNET_PORT)) {
|
|
|
|
telnet_print(ndo, bp, length);
|
2016-12-10 13:02:15 +00:00
|
|
|
} else if (IS_SRC_OR_DST_PORT(SMTP_PORT)) {
|
|
|
|
ND_PRINT((ndo, ": "));
|
|
|
|
smtp_print(ndo, bp, length);
|
|
|
|
- } else if (IS_SRC_OR_DST_PORT(BGP_PORT))
|
|
|
|
+ }
|
|
|
|
+#ifndef TCPDUMP_MINI
|
|
|
|
+ else if (IS_SRC_OR_DST_PORT(BGP_PORT))
|
2016-12-10 10:10:03 +00:00
|
|
|
bgp_print(ndo, bp, length);
|
2016-12-10 13:02:15 +00:00
|
|
|
+#endif
|
2016-12-10 10:10:03 +00:00
|
|
|
else if (IS_SRC_OR_DST_PORT(PPTP_PORT))
|
|
|
|
pptp_print(ndo, bp);
|
|
|
|
+#ifndef TCPDUMP_MINI
|
|
|
|
else if (IS_SRC_OR_DST_PORT(REDIS_PORT))
|
|
|
|
resp_print(ndo, bp, length);
|
|
|
|
+#endif
|
|
|
|
#ifdef ENABLE_SMB
|
|
|
|
else if (IS_SRC_OR_DST_PORT(NETBIOS_SSN_PORT))
|
|
|
|
nbt_tcp_print(ndo, bp, length);
|
|
|
|
else if (IS_SRC_OR_DST_PORT(SMB_PORT))
|
|
|
|
smb_tcp_print(ndo, bp, length);
|
2012-10-10 12:35:26 +00:00
|
|
|
#endif
|
|
|
|
+#ifndef TCPDUMP_MINI
|
2016-12-10 10:10:03 +00:00
|
|
|
else if (IS_SRC_OR_DST_PORT(BEEP_PORT))
|
|
|
|
beep_print(ndo, bp, length);
|
|
|
|
else if (IS_SRC_OR_DST_PORT(OPENFLOW_PORT_OLD) || IS_SRC_OR_DST_PORT(OPENFLOW_PORT_IANA))
|
|
|
|
openflow_print(ndo, bp, length);
|
2012-10-10 12:35:26 +00:00
|
|
|
+#endif
|
2016-12-10 10:10:03 +00:00
|
|
|
else if (IS_SRC_OR_DST_PORT(FTP_PORT)) {
|
|
|
|
ND_PRINT((ndo, ": "));
|
|
|
|
ftp_print(ndo, bp, length);
|
tcpdump: update to version 4.9.0
This fixes the following 41 security problems:
+ CVE-2016-7922: buffer overflow in print-ah.c:ah_print().
+ CVE-2016-7923: buffer overflow in print-arp.c:arp_print().
+ CVE-2016-7924: buffer overflow in print-atm.c:oam_print().
+ CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print().
+ CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print().
+ CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print().
+ CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print().
+ CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header().
+ CVE-2016-7930: buffer overflow in print-llc.c:llc_print().
+ CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print().
+ CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum().
+ CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print().
+ CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print().
+ CVE-2016-7935: buffer overflow in print-udp.c:rtp_print().
+ CVE-2016-7936: buffer overflow in print-udp.c:udp_print().
+ CVE-2016-7937: buffer overflow in print-udp.c:vat_print().
+ CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame().
+ CVE-2016-7939: buffer overflow in print-gre.c, multiple functions.
+ CVE-2016-7940: buffer overflow in print-stp.c, multiple functions.
+ CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions.
+ CVE-2016-7974: buffer overflow in print-ip.c, multiple functions.
+ CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print().
+ CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print().
+ CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print().
+ CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions.
+ CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print().
+ CVE-2016-7993: a bug in util-print.c:relts_print() could cause a
buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP,
lightweight resolver protocol, PIM).
+ CVE-2016-8574: buffer overflow in print-fr.c:frf15_print().
+ CVE-2016-8575: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print().
+ CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print().
+ CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print().
+ CVE-2017-5341: buffer overflow in print-otv.c:otv_print().
+ CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH,
OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in
print-ether.c:ether_print().
+ CVE-2017-5482: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse().
+ CVE-2017-5484: buffer overflow in print-atm.c:sig_print().
+ CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap().
+ CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print().
The size of the package is only incread very little:
new size:
306430 tcpdump_4.9.0-1_mips_24kc.ipk
130324 tcpdump-mini_4.9.0-1_mips_24kc.ipk
old size:
302782 tcpdump_4.8.1-1_mips_24kc.ipk
129033 tcpdump-mini_4.8.1-1_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-02-05 12:00:38 +00:00
|
|
|
@@ -719,6 +730,7 @@ tcp_print(netdissect_options *ndo,
|
2012-10-10 12:35:26 +00:00
|
|
|
* XXX packet could be unaligned, it can go strange
|
|
|
|
*/
|
2016-12-10 10:10:03 +00:00
|
|
|
ns_print(ndo, bp + 2, length - 2, 0);
|
2012-10-10 12:35:26 +00:00
|
|
|
+#ifndef TCPDUMP_MINI
|
2016-12-10 10:10:03 +00:00
|
|
|
} else if (IS_SRC_OR_DST_PORT(MSDP_PORT)) {
|
|
|
|
msdp_print(ndo, bp, length);
|
|
|
|
} else if (IS_SRC_OR_DST_PORT(RPKI_RTR_PORT)) {
|
tcpdump: update to version 4.9.0
This fixes the following 41 security problems:
+ CVE-2016-7922: buffer overflow in print-ah.c:ah_print().
+ CVE-2016-7923: buffer overflow in print-arp.c:arp_print().
+ CVE-2016-7924: buffer overflow in print-atm.c:oam_print().
+ CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print().
+ CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print().
+ CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print().
+ CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print().
+ CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header().
+ CVE-2016-7930: buffer overflow in print-llc.c:llc_print().
+ CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print().
+ CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum().
+ CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print().
+ CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print().
+ CVE-2016-7935: buffer overflow in print-udp.c:rtp_print().
+ CVE-2016-7936: buffer overflow in print-udp.c:udp_print().
+ CVE-2016-7937: buffer overflow in print-udp.c:vat_print().
+ CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame().
+ CVE-2016-7939: buffer overflow in print-gre.c, multiple functions.
+ CVE-2016-7940: buffer overflow in print-stp.c, multiple functions.
+ CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions.
+ CVE-2016-7974: buffer overflow in print-ip.c, multiple functions.
+ CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print().
+ CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print().
+ CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print().
+ CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions.
+ CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print().
+ CVE-2016-7993: a bug in util-print.c:relts_print() could cause a
buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP,
lightweight resolver protocol, PIM).
+ CVE-2016-8574: buffer overflow in print-fr.c:frf15_print().
+ CVE-2016-8575: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print().
+ CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print().
+ CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print().
+ CVE-2017-5341: buffer overflow in print-otv.c:otv_print().
+ CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH,
OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in
print-ether.c:ether_print().
+ CVE-2017-5482: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse().
+ CVE-2017-5484: buffer overflow in print-atm.c:sig_print().
+ CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap().
+ CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print().
The size of the package is only incread very little:
new size:
306430 tcpdump_4.9.0-1_mips_24kc.ipk
130324 tcpdump-mini_4.9.0-1_mips_24kc.ipk
old size:
302782 tcpdump_4.8.1-1_mips_24kc.ipk
129033 tcpdump-mini_4.8.1-1_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-02-05 12:00:38 +00:00
|
|
|
@@ -726,6 +738,7 @@ tcp_print(netdissect_options *ndo,
|
2012-10-10 12:35:26 +00:00
|
|
|
}
|
2016-12-10 10:10:03 +00:00
|
|
|
else if (length > 0 && (IS_SRC_OR_DST_PORT(LDP_PORT))) {
|
|
|
|
ldp_print(ndo, bp, length);
|
2012-10-10 12:35:26 +00:00
|
|
|
+#endif
|
|
|
|
}
|
2016-12-10 10:10:03 +00:00
|
|
|
else if ((IS_SRC_OR_DST_PORT(NFS_PORT)) &&
|
|
|
|
length >= 4 && ND_TTEST2(*bp, 4)) {
|
2012-10-10 12:35:26 +00:00
|
|
|
--- a/print-udp.c
|
|
|
|
+++ b/print-udp.c
|
tcpdump: update to version 4.9.0
This fixes the following 41 security problems:
+ CVE-2016-7922: buffer overflow in print-ah.c:ah_print().
+ CVE-2016-7923: buffer overflow in print-arp.c:arp_print().
+ CVE-2016-7924: buffer overflow in print-atm.c:oam_print().
+ CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print().
+ CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print().
+ CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print().
+ CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print().
+ CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header().
+ CVE-2016-7930: buffer overflow in print-llc.c:llc_print().
+ CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print().
+ CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum().
+ CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print().
+ CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print().
+ CVE-2016-7935: buffer overflow in print-udp.c:rtp_print().
+ CVE-2016-7936: buffer overflow in print-udp.c:udp_print().
+ CVE-2016-7937: buffer overflow in print-udp.c:vat_print().
+ CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame().
+ CVE-2016-7939: buffer overflow in print-gre.c, multiple functions.
+ CVE-2016-7940: buffer overflow in print-stp.c, multiple functions.
+ CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions.
+ CVE-2016-7974: buffer overflow in print-ip.c, multiple functions.
+ CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print().
+ CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print().
+ CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print().
+ CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions.
+ CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print().
+ CVE-2016-7993: a bug in util-print.c:relts_print() could cause a
buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP,
lightweight resolver protocol, PIM).
+ CVE-2016-8574: buffer overflow in print-fr.c:frf15_print().
+ CVE-2016-8575: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print().
+ CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print().
+ CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print().
+ CVE-2017-5341: buffer overflow in print-otv.c:otv_print().
+ CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH,
OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in
print-ether.c:ether_print().
+ CVE-2017-5482: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse().
+ CVE-2017-5484: buffer overflow in print-atm.c:sig_print().
+ CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap().
+ CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print().
The size of the package is only incread very little:
new size:
306430 tcpdump_4.9.0-1_mips_24kc.ipk
130324 tcpdump-mini_4.9.0-1_mips_24kc.ipk
old size:
302782 tcpdump_4.8.1-1_mips_24kc.ipk
129033 tcpdump-mini_4.8.1-1_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-02-05 12:00:38 +00:00
|
|
|
@@ -430,10 +430,12 @@ udp_print(netdissect_options *ndo, regis
|
2016-12-10 10:10:03 +00:00
|
|
|
vat_print(ndo, (const void *)(up + 1), up);
|
2012-10-10 12:35:26 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
+#ifndef TCPDUMP_MINI
|
|
|
|
case PT_WB:
|
2016-12-10 10:10:03 +00:00
|
|
|
udpipaddr_print(ndo, ip, sport, dport);
|
|
|
|
wb_print(ndo, (const void *)(up + 1), length);
|
2012-10-10 12:35:26 +00:00
|
|
|
break;
|
|
|
|
+#endif
|
2016-12-10 10:10:03 +00:00
|
|
|
|
2012-10-10 12:35:26 +00:00
|
|
|
case PT_RPC:
|
2016-12-10 10:10:03 +00:00
|
|
|
rp = (const struct sunrpc_msg *)(up + 1);
|
tcpdump: update to version 4.9.0
This fixes the following 41 security problems:
+ CVE-2016-7922: buffer overflow in print-ah.c:ah_print().
+ CVE-2016-7923: buffer overflow in print-arp.c:arp_print().
+ CVE-2016-7924: buffer overflow in print-atm.c:oam_print().
+ CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print().
+ CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print().
+ CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print().
+ CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print().
+ CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header().
+ CVE-2016-7930: buffer overflow in print-llc.c:llc_print().
+ CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print().
+ CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum().
+ CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print().
+ CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print().
+ CVE-2016-7935: buffer overflow in print-udp.c:rtp_print().
+ CVE-2016-7936: buffer overflow in print-udp.c:udp_print().
+ CVE-2016-7937: buffer overflow in print-udp.c:vat_print().
+ CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame().
+ CVE-2016-7939: buffer overflow in print-gre.c, multiple functions.
+ CVE-2016-7940: buffer overflow in print-stp.c, multiple functions.
+ CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions.
+ CVE-2016-7974: buffer overflow in print-ip.c, multiple functions.
+ CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print().
+ CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print().
+ CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print().
+ CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions.
+ CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print().
+ CVE-2016-7993: a bug in util-print.c:relts_print() could cause a
buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP,
lightweight resolver protocol, PIM).
+ CVE-2016-8574: buffer overflow in print-fr.c:frf15_print().
+ CVE-2016-8575: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print().
+ CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print().
+ CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print().
+ CVE-2017-5341: buffer overflow in print-otv.c:otv_print().
+ CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH,
OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in
print-ether.c:ether_print().
+ CVE-2017-5482: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse().
+ CVE-2017-5484: buffer overflow in print-atm.c:sig_print().
+ CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap().
+ CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print().
The size of the package is only incread very little:
new size:
306430 tcpdump_4.9.0-1_mips_24kc.ipk
130324 tcpdump-mini_4.9.0-1_mips_24kc.ipk
old size:
302782 tcpdump_4.8.1-1_mips_24kc.ipk
129033 tcpdump-mini_4.8.1-1_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-02-05 12:00:38 +00:00
|
|
|
@@ -462,10 +464,12 @@ udp_print(netdissect_options *ndo, regis
|
2016-12-10 10:10:03 +00:00
|
|
|
snmp_print(ndo, (const u_char *)(up + 1), length);
|
2012-10-10 12:35:26 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
+#ifndef TCPDUMP_MINI
|
|
|
|
case PT_CNFP:
|
2016-12-10 10:10:03 +00:00
|
|
|
udpipaddr_print(ndo, ip, sport, dport);
|
|
|
|
cnfp_print(ndo, cp);
|
2012-10-10 12:35:26 +00:00
|
|
|
break;
|
|
|
|
+#endif
|
2016-12-10 10:10:03 +00:00
|
|
|
|
2012-10-10 12:35:26 +00:00
|
|
|
case PT_TFTP:
|
2016-12-10 10:10:03 +00:00
|
|
|
udpipaddr_print(ndo, ip, sport, dport);
|
tcpdump: update to version 4.9.0
This fixes the following 41 security problems:
+ CVE-2016-7922: buffer overflow in print-ah.c:ah_print().
+ CVE-2016-7923: buffer overflow in print-arp.c:arp_print().
+ CVE-2016-7924: buffer overflow in print-atm.c:oam_print().
+ CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print().
+ CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print().
+ CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print().
+ CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print().
+ CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header().
+ CVE-2016-7930: buffer overflow in print-llc.c:llc_print().
+ CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print().
+ CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum().
+ CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print().
+ CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print().
+ CVE-2016-7935: buffer overflow in print-udp.c:rtp_print().
+ CVE-2016-7936: buffer overflow in print-udp.c:udp_print().
+ CVE-2016-7937: buffer overflow in print-udp.c:vat_print().
+ CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame().
+ CVE-2016-7939: buffer overflow in print-gre.c, multiple functions.
+ CVE-2016-7940: buffer overflow in print-stp.c, multiple functions.
+ CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions.
+ CVE-2016-7974: buffer overflow in print-ip.c, multiple functions.
+ CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print().
+ CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print().
+ CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print().
+ CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions.
+ CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print().
+ CVE-2016-7993: a bug in util-print.c:relts_print() could cause a
buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP,
lightweight resolver protocol, PIM).
+ CVE-2016-8574: buffer overflow in print-fr.c:frf15_print().
+ CVE-2016-8575: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print().
+ CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print().
+ CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print().
+ CVE-2017-5341: buffer overflow in print-otv.c:otv_print().
+ CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH,
OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in
print-ether.c:ether_print().
+ CVE-2017-5482: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse().
+ CVE-2017-5484: buffer overflow in print-atm.c:sig_print().
+ CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap().
+ CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print().
The size of the package is only incread very little:
new size:
306430 tcpdump_4.9.0-1_mips_24kc.ipk
130324 tcpdump-mini_4.9.0-1_mips_24kc.ipk
old size:
302782 tcpdump_4.8.1-1_mips_24kc.ipk
129033 tcpdump-mini_4.8.1-1_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-02-05 12:00:38 +00:00
|
|
|
@@ -483,6 +487,7 @@ udp_print(netdissect_options *ndo, regis
|
2016-12-10 10:10:03 +00:00
|
|
|
radius_print(ndo, cp, length);
|
2014-02-05 09:54:38 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
+#ifndef TCPDUMP_MINI
|
|
|
|
case PT_VXLAN:
|
2016-12-10 10:10:03 +00:00
|
|
|
udpipaddr_print(ndo, ip, sport, dport);
|
|
|
|
vxlan_print(ndo, (const u_char *)(up + 1), length);
|
tcpdump: update to version 4.9.0
This fixes the following 41 security problems:
+ CVE-2016-7922: buffer overflow in print-ah.c:ah_print().
+ CVE-2016-7923: buffer overflow in print-arp.c:arp_print().
+ CVE-2016-7924: buffer overflow in print-atm.c:oam_print().
+ CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print().
+ CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print().
+ CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print().
+ CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print().
+ CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header().
+ CVE-2016-7930: buffer overflow in print-llc.c:llc_print().
+ CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print().
+ CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum().
+ CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print().
+ CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print().
+ CVE-2016-7935: buffer overflow in print-udp.c:rtp_print().
+ CVE-2016-7936: buffer overflow in print-udp.c:udp_print().
+ CVE-2016-7937: buffer overflow in print-udp.c:vat_print().
+ CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame().
+ CVE-2016-7939: buffer overflow in print-gre.c, multiple functions.
+ CVE-2016-7940: buffer overflow in print-stp.c, multiple functions.
+ CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions.
+ CVE-2016-7974: buffer overflow in print-ip.c, multiple functions.
+ CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print().
+ CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print().
+ CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print().
+ CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions.
+ CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print().
+ CVE-2016-7993: a bug in util-print.c:relts_print() could cause a
buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP,
lightweight resolver protocol, PIM).
+ CVE-2016-8574: buffer overflow in print-fr.c:frf15_print().
+ CVE-2016-8575: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print().
+ CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print().
+ CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print().
+ CVE-2017-5341: buffer overflow in print-otv.c:otv_print().
+ CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH,
OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in
print-ether.c:ether_print().
+ CVE-2017-5482: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse().
+ CVE-2017-5484: buffer overflow in print-atm.c:sig_print().
+ CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap().
+ CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print().
The size of the package is only incread very little:
new size:
306430 tcpdump_4.9.0-1_mips_24kc.ipk
130324 tcpdump-mini_4.9.0-1_mips_24kc.ipk
old size:
302782 tcpdump_4.8.1-1_mips_24kc.ipk
129033 tcpdump-mini_4.8.1-1_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-02-05 12:00:38 +00:00
|
|
|
@@ -497,6 +502,7 @@ udp_print(netdissect_options *ndo, regis
|
2016-12-10 10:10:03 +00:00
|
|
|
udpipaddr_print(ndo, ip, sport, dport);
|
|
|
|
lmp_print(ndo, cp, length);
|
2014-02-05 09:54:38 +00:00
|
|
|
break;
|
|
|
|
+#endif
|
|
|
|
}
|
|
|
|
return;
|
|
|
|
}
|
tcpdump: update to version 4.9.0
This fixes the following 41 security problems:
+ CVE-2016-7922: buffer overflow in print-ah.c:ah_print().
+ CVE-2016-7923: buffer overflow in print-arp.c:arp_print().
+ CVE-2016-7924: buffer overflow in print-atm.c:oam_print().
+ CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print().
+ CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print().
+ CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print().
+ CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print().
+ CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header().
+ CVE-2016-7930: buffer overflow in print-llc.c:llc_print().
+ CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print().
+ CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum().
+ CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print().
+ CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print().
+ CVE-2016-7935: buffer overflow in print-udp.c:rtp_print().
+ CVE-2016-7936: buffer overflow in print-udp.c:udp_print().
+ CVE-2016-7937: buffer overflow in print-udp.c:vat_print().
+ CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame().
+ CVE-2016-7939: buffer overflow in print-gre.c, multiple functions.
+ CVE-2016-7940: buffer overflow in print-stp.c, multiple functions.
+ CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions.
+ CVE-2016-7974: buffer overflow in print-ip.c, multiple functions.
+ CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print().
+ CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print().
+ CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print().
+ CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions.
+ CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print().
+ CVE-2016-7993: a bug in util-print.c:relts_print() could cause a
buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP,
lightweight resolver protocol, PIM).
+ CVE-2016-8574: buffer overflow in print-fr.c:frf15_print().
+ CVE-2016-8575: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print().
+ CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print().
+ CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print().
+ CVE-2017-5341: buffer overflow in print-otv.c:otv_print().
+ CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH,
OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in
print-ether.c:ether_print().
+ CVE-2017-5482: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse().
+ CVE-2017-5484: buffer overflow in print-atm.c:sig_print().
+ CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap().
+ CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print().
The size of the package is only incread very little:
new size:
306430 tcpdump_4.9.0-1_mips_24kc.ipk
130324 tcpdump-mini_4.9.0-1_mips_24kc.ipk
old size:
302782 tcpdump_4.8.1-1_mips_24kc.ipk
129033 tcpdump-mini_4.8.1-1_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-02-05 12:00:38 +00:00
|
|
|
@@ -574,31 +580,40 @@ udp_print(netdissect_options *ndo, regis
|
2016-12-10 10:10:03 +00:00
|
|
|
ns_print(ndo, (const u_char *)(up + 1), length, 0);
|
|
|
|
else if (IS_SRC_OR_DST_PORT(MULTICASTDNS_PORT))
|
|
|
|
ns_print(ndo, (const u_char *)(up + 1), length, 1);
|
2012-10-10 12:35:26 +00:00
|
|
|
+#ifndef TCPDUMP_MINI
|
2016-12-10 10:10:03 +00:00
|
|
|
else if (IS_SRC_OR_DST_PORT(TIMED_PORT))
|
|
|
|
timed_print(ndo, (const u_char *)(up + 1));
|
2012-10-10 12:35:26 +00:00
|
|
|
+#endif
|
2016-12-10 10:10:03 +00:00
|
|
|
else if (IS_SRC_OR_DST_PORT(TFTP_PORT))
|
|
|
|
tftp_print(ndo, (const u_char *)(up + 1), length);
|
|
|
|
else if (IS_SRC_OR_DST_PORT(BOOTPC_PORT) || IS_SRC_OR_DST_PORT(BOOTPS_PORT))
|
|
|
|
bootp_print(ndo, (const u_char *)(up + 1), length);
|
2012-10-10 12:35:26 +00:00
|
|
|
+#ifndef TCPDUMP_MINI
|
2016-12-10 10:10:03 +00:00
|
|
|
else if (IS_SRC_OR_DST_PORT(RIP_PORT))
|
|
|
|
rip_print(ndo, (const u_char *)(up + 1), length);
|
|
|
|
+#endif
|
|
|
|
else if (IS_SRC_OR_DST_PORT(AODV_PORT))
|
|
|
|
aodv_print(ndo, (const u_char *)(up + 1), length,
|
|
|
|
ip6 != NULL);
|
|
|
|
+#ifndef TCPDUMP_MINI
|
|
|
|
else if (IS_SRC_OR_DST_PORT(ISAKMP_PORT))
|
|
|
|
isakmp_print(ndo, (const u_char *)(up + 1), length, bp2);
|
|
|
|
+
|
|
|
|
else if (IS_SRC_OR_DST_PORT(ISAKMP_PORT_NATT))
|
|
|
|
isakmp_rfc3948_print(ndo, (const u_char *)(up + 1), length, bp2);
|
|
|
|
#if 1 /*???*/
|
|
|
|
else if (IS_SRC_OR_DST_PORT(ISAKMP_PORT_USER1) || IS_SRC_OR_DST_PORT(ISAKMP_PORT_USER2))
|
|
|
|
isakmp_print(ndo, (const u_char *)(up + 1), length, bp2);
|
2012-10-10 12:35:26 +00:00
|
|
|
#endif
|
|
|
|
+#endif
|
2016-12-10 10:10:03 +00:00
|
|
|
else if (IS_SRC_OR_DST_PORT(SNMP_PORT) || IS_SRC_OR_DST_PORT(SNMPTRAP_PORT))
|
|
|
|
snmp_print(ndo, (const u_char *)(up + 1), length);
|
|
|
|
else if (IS_SRC_OR_DST_PORT(NTP_PORT))
|
|
|
|
ntp_print(ndo, (const u_char *)(up + 1), length);
|
2012-10-10 12:35:26 +00:00
|
|
|
+#ifndef TCPDUMP_MINI
|
2016-12-10 10:10:03 +00:00
|
|
|
else if (IS_SRC_OR_DST_PORT(KERBEROS_PORT) || IS_SRC_OR_DST_PORT(KERBEROS_SEC_PORT))
|
|
|
|
krb_print(ndo, (const void *)(up + 1));
|
2012-10-10 12:35:26 +00:00
|
|
|
+#endif
|
2016-12-10 10:10:03 +00:00
|
|
|
else if (IS_SRC_OR_DST_PORT(L2TP_PORT))
|
|
|
|
l2tp_print(ndo, (const u_char *)(up + 1), length);
|
|
|
|
#ifdef ENABLE_SMB
|
tcpdump: update to version 4.9.0
This fixes the following 41 security problems:
+ CVE-2016-7922: buffer overflow in print-ah.c:ah_print().
+ CVE-2016-7923: buffer overflow in print-arp.c:arp_print().
+ CVE-2016-7924: buffer overflow in print-atm.c:oam_print().
+ CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print().
+ CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print().
+ CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print().
+ CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print().
+ CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header().
+ CVE-2016-7930: buffer overflow in print-llc.c:llc_print().
+ CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print().
+ CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum().
+ CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print().
+ CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print().
+ CVE-2016-7935: buffer overflow in print-udp.c:rtp_print().
+ CVE-2016-7936: buffer overflow in print-udp.c:udp_print().
+ CVE-2016-7937: buffer overflow in print-udp.c:vat_print().
+ CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame().
+ CVE-2016-7939: buffer overflow in print-gre.c, multiple functions.
+ CVE-2016-7940: buffer overflow in print-stp.c, multiple functions.
+ CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions.
+ CVE-2016-7974: buffer overflow in print-ip.c, multiple functions.
+ CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print().
+ CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print().
+ CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print().
+ CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions.
+ CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print().
+ CVE-2016-7993: a bug in util-print.c:relts_print() could cause a
buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP,
lightweight resolver protocol, PIM).
+ CVE-2016-8574: buffer overflow in print-fr.c:frf15_print().
+ CVE-2016-8575: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print().
+ CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print().
+ CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print().
+ CVE-2017-5341: buffer overflow in print-otv.c:otv_print().
+ CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH,
OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in
print-ether.c:ether_print().
+ CVE-2017-5482: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse().
+ CVE-2017-5484: buffer overflow in print-atm.c:sig_print().
+ CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap().
+ CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print().
The size of the package is only incread very little:
new size:
306430 tcpdump_4.9.0-1_mips_24kc.ipk
130324 tcpdump-mini_4.9.0-1_mips_24kc.ipk
old size:
302782 tcpdump_4.8.1-1_mips_24kc.ipk
129033 tcpdump-mini_4.8.1-1_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-02-05 12:00:38 +00:00
|
|
|
@@ -609,6 +624,7 @@ udp_print(netdissect_options *ndo, regis
|
2012-10-10 12:35:26 +00:00
|
|
|
#endif
|
2014-02-05 09:54:38 +00:00
|
|
|
else if (dport == VAT_PORT)
|
2016-12-10 10:10:03 +00:00
|
|
|
vat_print(ndo, (const void *)(up + 1), up);
|
2012-10-10 12:35:26 +00:00
|
|
|
+#ifndef TCPDUMP_MINI
|
2016-12-10 10:10:03 +00:00
|
|
|
else if (IS_SRC_OR_DST_PORT(ZEPHYR_SRV_PORT) || IS_SRC_OR_DST_PORT(ZEPHYR_CLT_PORT))
|
|
|
|
zephyr_print(ndo, (const void *)(up + 1), length);
|
2012-10-10 12:35:26 +00:00
|
|
|
/*
|
tcpdump: update to version 4.9.0
This fixes the following 41 security problems:
+ CVE-2016-7922: buffer overflow in print-ah.c:ah_print().
+ CVE-2016-7923: buffer overflow in print-arp.c:arp_print().
+ CVE-2016-7924: buffer overflow in print-atm.c:oam_print().
+ CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print().
+ CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print().
+ CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print().
+ CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print().
+ CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header().
+ CVE-2016-7930: buffer overflow in print-llc.c:llc_print().
+ CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print().
+ CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum().
+ CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print().
+ CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print().
+ CVE-2016-7935: buffer overflow in print-udp.c:rtp_print().
+ CVE-2016-7936: buffer overflow in print-udp.c:udp_print().
+ CVE-2016-7937: buffer overflow in print-udp.c:vat_print().
+ CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame().
+ CVE-2016-7939: buffer overflow in print-gre.c, multiple functions.
+ CVE-2016-7940: buffer overflow in print-stp.c, multiple functions.
+ CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions.
+ CVE-2016-7974: buffer overflow in print-ip.c, multiple functions.
+ CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print().
+ CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print().
+ CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print().
+ CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions.
+ CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print().
+ CVE-2016-7993: a bug in util-print.c:relts_print() could cause a
buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP,
lightweight resolver protocol, PIM).
+ CVE-2016-8574: buffer overflow in print-fr.c:frf15_print().
+ CVE-2016-8575: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print().
+ CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print().
+ CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print().
+ CVE-2017-5341: buffer overflow in print-otv.c:otv_print().
+ CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH,
OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in
print-ether.c:ether_print().
+ CVE-2017-5482: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse().
+ CVE-2017-5484: buffer overflow in print-atm.c:sig_print().
+ CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap().
+ CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print().
The size of the package is only incread very little:
new size:
306430 tcpdump_4.9.0-1_mips_24kc.ipk
130324 tcpdump-mini_4.9.0-1_mips_24kc.ipk
old size:
302782 tcpdump_4.8.1-1_mips_24kc.ipk
129033 tcpdump-mini_4.8.1-1_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-02-05 12:00:38 +00:00
|
|
|
@@ -621,8 +637,11 @@ udp_print(netdissect_options *ndo, regis
|
2016-12-10 10:10:03 +00:00
|
|
|
(const u_char *) ip);
|
|
|
|
else if (IS_SRC_OR_DST_PORT(RIPNG_PORT))
|
|
|
|
ripng_print(ndo, (const u_char *)(up + 1), length);
|
2012-10-10 12:35:26 +00:00
|
|
|
+#endif
|
2016-12-10 10:10:03 +00:00
|
|
|
+
|
|
|
|
else if (IS_SRC_OR_DST_PORT(DHCP6_SERV_PORT) || IS_SRC_OR_DST_PORT(DHCP6_CLI_PORT))
|
|
|
|
dhcp6_print(ndo, (const u_char *)(up + 1), length);
|
|
|
|
+#ifndef TCPDUMP_MINI
|
|
|
|
else if (IS_SRC_OR_DST_PORT(AHCP_PORT))
|
|
|
|
ahcp_print(ndo, (const u_char *)(up + 1), length);
|
|
|
|
else if (IS_SRC_OR_DST_PORT(BABEL_PORT) || IS_SRC_OR_DST_PORT(BABEL_PORT_OLD))
|
tcpdump: update to version 4.9.0
This fixes the following 41 security problems:
+ CVE-2016-7922: buffer overflow in print-ah.c:ah_print().
+ CVE-2016-7923: buffer overflow in print-arp.c:arp_print().
+ CVE-2016-7924: buffer overflow in print-atm.c:oam_print().
+ CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print().
+ CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print().
+ CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print().
+ CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print().
+ CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header().
+ CVE-2016-7930: buffer overflow in print-llc.c:llc_print().
+ CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print().
+ CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum().
+ CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print().
+ CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print().
+ CVE-2016-7935: buffer overflow in print-udp.c:rtp_print().
+ CVE-2016-7936: buffer overflow in print-udp.c:udp_print().
+ CVE-2016-7937: buffer overflow in print-udp.c:vat_print().
+ CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame().
+ CVE-2016-7939: buffer overflow in print-gre.c, multiple functions.
+ CVE-2016-7940: buffer overflow in print-stp.c, multiple functions.
+ CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions.
+ CVE-2016-7974: buffer overflow in print-ip.c, multiple functions.
+ CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print().
+ CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print().
+ CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print().
+ CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions.
+ CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print().
+ CVE-2016-7993: a bug in util-print.c:relts_print() could cause a
buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP,
lightweight resolver protocol, PIM).
+ CVE-2016-8574: buffer overflow in print-fr.c:frf15_print().
+ CVE-2016-8575: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print().
+ CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print().
+ CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print().
+ CVE-2017-5341: buffer overflow in print-otv.c:otv_print().
+ CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH,
OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in
print-ether.c:ether_print().
+ CVE-2017-5482: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse().
+ CVE-2017-5484: buffer overflow in print-atm.c:sig_print().
+ CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap().
+ CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print().
The size of the package is only incread very little:
new size:
306430 tcpdump_4.9.0-1_mips_24kc.ipk
130324 tcpdump-mini_4.9.0-1_mips_24kc.ipk
old size:
302782 tcpdump_4.8.1-1_mips_24kc.ipk
129033 tcpdump-mini_4.8.1-1_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-02-05 12:00:38 +00:00
|
|
|
@@ -636,6 +655,7 @@ udp_print(netdissect_options *ndo, regis
|
2016-12-10 10:10:03 +00:00
|
|
|
wb_print(ndo, (const void *)(up + 1), length);
|
|
|
|
else if (IS_SRC_OR_DST_PORT(CISCO_AUTORP_PORT))
|
|
|
|
cisco_autorp_print(ndo, (const void *)(up + 1), length);
|
|
|
|
+#endif
|
|
|
|
else if (IS_SRC_OR_DST_PORT(RADIUS_PORT) ||
|
|
|
|
IS_SRC_OR_DST_PORT(RADIUS_NEW_PORT) ||
|
|
|
|
IS_SRC_OR_DST_PORT(RADIUS_ACCOUNTING_PORT) ||
|
tcpdump: update to version 4.9.0
This fixes the following 41 security problems:
+ CVE-2016-7922: buffer overflow in print-ah.c:ah_print().
+ CVE-2016-7923: buffer overflow in print-arp.c:arp_print().
+ CVE-2016-7924: buffer overflow in print-atm.c:oam_print().
+ CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print().
+ CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print().
+ CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print().
+ CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print().
+ CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header().
+ CVE-2016-7930: buffer overflow in print-llc.c:llc_print().
+ CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print().
+ CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum().
+ CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print().
+ CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print().
+ CVE-2016-7935: buffer overflow in print-udp.c:rtp_print().
+ CVE-2016-7936: buffer overflow in print-udp.c:udp_print().
+ CVE-2016-7937: buffer overflow in print-udp.c:vat_print().
+ CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame().
+ CVE-2016-7939: buffer overflow in print-gre.c, multiple functions.
+ CVE-2016-7940: buffer overflow in print-stp.c, multiple functions.
+ CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions.
+ CVE-2016-7974: buffer overflow in print-ip.c, multiple functions.
+ CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print().
+ CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print().
+ CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print().
+ CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions.
+ CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print().
+ CVE-2016-7993: a bug in util-print.c:relts_print() could cause a
buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP,
lightweight resolver protocol, PIM).
+ CVE-2016-8574: buffer overflow in print-fr.c:frf15_print().
+ CVE-2016-8575: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print().
+ CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print().
+ CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print().
+ CVE-2017-5341: buffer overflow in print-otv.c:otv_print().
+ CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH,
OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in
print-ether.c:ether_print().
+ CVE-2017-5482: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse().
+ CVE-2017-5484: buffer overflow in print-atm.c:sig_print().
+ CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap().
+ CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print().
The size of the package is only incread very little:
new size:
306430 tcpdump_4.9.0-1_mips_24kc.ipk
130324 tcpdump-mini_4.9.0-1_mips_24kc.ipk
old size:
302782 tcpdump_4.8.1-1_mips_24kc.ipk
129033 tcpdump-mini_4.8.1-1_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-02-05 12:00:38 +00:00
|
|
|
@@ -643,15 +663,18 @@ udp_print(netdissect_options *ndo, regis
|
2016-12-10 10:10:03 +00:00
|
|
|
IS_SRC_OR_DST_PORT(RADIUS_CISCO_COA_PORT) ||
|
|
|
|
IS_SRC_OR_DST_PORT(RADIUS_COA_PORT) )
|
|
|
|
radius_print(ndo, (const u_char *)(up+1), length);
|
2012-10-10 12:35:26 +00:00
|
|
|
+#ifndef TCPDUMP_MINI
|
|
|
|
else if (dport == HSRP_PORT)
|
2016-12-10 10:10:03 +00:00
|
|
|
hsrp_print(ndo, (const u_char *)(up + 1), length);
|
|
|
|
else if (IS_SRC_OR_DST_PORT(LWRES_PORT))
|
|
|
|
lwres_print(ndo, (const u_char *)(up + 1), length);
|
|
|
|
else if (IS_SRC_OR_DST_PORT(LDP_PORT))
|
|
|
|
ldp_print(ndo, (const u_char *)(up + 1), length);
|
|
|
|
+#endif
|
|
|
|
else if (IS_SRC_OR_DST_PORT(OLSR_PORT))
|
|
|
|
olsr_print(ndo, (const u_char *)(up + 1), length,
|
|
|
|
(IP_V(ip) == 6) ? 1 : 0);
|
|
|
|
+#ifndef TCPDUMP_MINI
|
|
|
|
else if (IS_SRC_OR_DST_PORT(MPLS_LSP_PING_PORT))
|
|
|
|
lspping_print(ndo, (const u_char *)(up + 1), length);
|
2012-10-10 12:35:26 +00:00
|
|
|
else if (dport == BFD_CONTROL_PORT ||
|
tcpdump: update to version 4.9.0
This fixes the following 41 security problems:
+ CVE-2016-7922: buffer overflow in print-ah.c:ah_print().
+ CVE-2016-7923: buffer overflow in print-arp.c:arp_print().
+ CVE-2016-7924: buffer overflow in print-atm.c:oam_print().
+ CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print().
+ CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print().
+ CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print().
+ CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print().
+ CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header().
+ CVE-2016-7930: buffer overflow in print-llc.c:llc_print().
+ CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print().
+ CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum().
+ CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print().
+ CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print().
+ CVE-2016-7935: buffer overflow in print-udp.c:rtp_print().
+ CVE-2016-7936: buffer overflow in print-udp.c:udp_print().
+ CVE-2016-7937: buffer overflow in print-udp.c:vat_print().
+ CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame().
+ CVE-2016-7939: buffer overflow in print-gre.c, multiple functions.
+ CVE-2016-7940: buffer overflow in print-stp.c, multiple functions.
+ CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions.
+ CVE-2016-7974: buffer overflow in print-ip.c, multiple functions.
+ CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print().
+ CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print().
+ CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print().
+ CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions.
+ CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print().
+ CVE-2016-7993: a bug in util-print.c:relts_print() could cause a
buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP,
lightweight resolver protocol, PIM).
+ CVE-2016-8574: buffer overflow in print-fr.c:frf15_print().
+ CVE-2016-8575: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print().
+ CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print().
+ CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print().
+ CVE-2017-5341: buffer overflow in print-otv.c:otv_print().
+ CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH,
OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in
print-ether.c:ether_print().
+ CVE-2017-5482: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse().
+ CVE-2017-5484: buffer overflow in print-atm.c:sig_print().
+ CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap().
+ CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print().
The size of the package is only incread very little:
new size:
306430 tcpdump_4.9.0-1_mips_24kc.ipk
130324 tcpdump-mini_4.9.0-1_mips_24kc.ipk
old size:
302782 tcpdump_4.8.1-1_mips_24kc.ipk
129033 tcpdump-mini_4.8.1-1_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-02-05 12:00:38 +00:00
|
|
|
@@ -669,10 +692,12 @@ udp_print(netdissect_options *ndo, regis
|
2016-12-10 10:10:03 +00:00
|
|
|
lwapp_control_print(ndo, (const u_char *)(up + 1), length, 0);
|
|
|
|
else if (IS_SRC_OR_DST_PORT(LWAPP_DATA_PORT))
|
|
|
|
lwapp_data_print(ndo, (const u_char *)(up + 1), length);
|
|
|
|
+#endif
|
|
|
|
else if (IS_SRC_OR_DST_PORT(SIP_PORT))
|
|
|
|
sip_print(ndo, (const u_char *)(up + 1), length);
|
|
|
|
else if (IS_SRC_OR_DST_PORT(SYSLOG_PORT))
|
|
|
|
syslog_print(ndo, (const u_char *)(up + 1), length);
|
|
|
|
+#ifndef TCPDUMP_MINI
|
|
|
|
else if (IS_SRC_OR_DST_PORT(OTV_PORT))
|
|
|
|
otv_print(ndo, (const u_char *)(up + 1), length);
|
|
|
|
else if (IS_SRC_OR_DST_PORT(VXLAN_PORT))
|
tcpdump: update to version 4.9.0
This fixes the following 41 security problems:
+ CVE-2016-7922: buffer overflow in print-ah.c:ah_print().
+ CVE-2016-7923: buffer overflow in print-arp.c:arp_print().
+ CVE-2016-7924: buffer overflow in print-atm.c:oam_print().
+ CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print().
+ CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print().
+ CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print().
+ CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print().
+ CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header().
+ CVE-2016-7930: buffer overflow in print-llc.c:llc_print().
+ CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print().
+ CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum().
+ CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print().
+ CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print().
+ CVE-2016-7935: buffer overflow in print-udp.c:rtp_print().
+ CVE-2016-7936: buffer overflow in print-udp.c:udp_print().
+ CVE-2016-7937: buffer overflow in print-udp.c:vat_print().
+ CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame().
+ CVE-2016-7939: buffer overflow in print-gre.c, multiple functions.
+ CVE-2016-7940: buffer overflow in print-stp.c, multiple functions.
+ CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions.
+ CVE-2016-7974: buffer overflow in print-ip.c, multiple functions.
+ CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print().
+ CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print().
+ CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print().
+ CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions.
+ CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print().
+ CVE-2016-7993: a bug in util-print.c:relts_print() could cause a
buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP,
lightweight resolver protocol, PIM).
+ CVE-2016-8574: buffer overflow in print-fr.c:frf15_print().
+ CVE-2016-8575: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print().
+ CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print().
+ CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print().
+ CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print().
+ CVE-2017-5341: buffer overflow in print-otv.c:otv_print().
+ CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH,
OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in
print-ether.c:ether_print().
+ CVE-2017-5482: buffer overflow in print-fr.c:q933_print().
+ CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse().
+ CVE-2017-5484: buffer overflow in print-atm.c:sig_print().
+ CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap().
+ CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print().
The size of the package is only incread very little:
new size:
306430 tcpdump_4.9.0-1_mips_24kc.ipk
130324 tcpdump-mini_4.9.0-1_mips_24kc.ipk
old size:
302782 tcpdump_4.8.1-1_mips_24kc.ipk
129033 tcpdump-mini_4.8.1-1_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-02-05 12:00:38 +00:00
|
|
|
@@ -689,7 +714,9 @@ udp_print(netdissect_options *ndo, regis
|
2016-12-10 10:10:03 +00:00
|
|
|
if (ndo->ndo_vflag)
|
|
|
|
ND_PRINT((ndo, "kip "));
|
|
|
|
llap_print(ndo, cp, length);
|
|
|
|
- } else {
|
|
|
|
+ }
|
|
|
|
+#endif
|
|
|
|
+ else {
|
|
|
|
if (ulen > length)
|
|
|
|
ND_PRINT((ndo, "UDP, bad length %u > %u",
|
|
|
|
ulen, length));
|