[32927] in bugtraq
Re: Remote crash in tcpdump from OpenBSD
daemon@ATHENA.MIT.EDU (Henning Brauer)
Sat Dec 20 15:53:50 2003
Date: Sat, 20 Dec 2003 20:52:18 +0100
From: Henning Brauer <hb-bugtraq@bsws.de>
To: bugtraq@securityfocus.com
Message-ID: <20031220195218.GJ19209@skywalker.bsws.de>
Mail-Followup-To: bugtraq@securityfocus.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3FE477F2.6050008@freebsd.lublin.pl>
On Sat, Dec 20, 2003 at 05:25:22PM +0100, Przemyslaw Frasunek wrote:
> >Description:
> Sending a packet containg 0xff,0x02 bytes to port 1701/udp causes
> a L2TP protocol parser in tcpdump to enter an infinite loop, eating
> all available memory and then segfaulting.
>
> This bug also affects tcpdump in -CURRENT.
> >How-To-Repeat:
> tcpdump -i lo0 -n udp and dst port 1701 &
> perl -e 'print "\xff\x02"' | nc -u localhost 1701
several developers including me cannot reproduce that on -current.
--
Henning Brauer, BS Web Services, http://bsws.de
hb@bsws.de - henning@openbsd.org
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)
