SB2018101730 - Multiple vulnerabilities in AppNeta Tcpreplay
Published: October 17, 2018 Updated: August 8, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Out-of-bounds read (CVE-ID: CVE-2018-18407)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
A heap-based buffer over-read was discovered in the tcpreplay-edit binary of Tcpreplay 4.3.0 beta1, during the incremental checksum operation. The issue gets triggered in the function csum_replace4() in incremental_checksum.h, causing a denial of service.
2) Use-after-free (CVE-ID: CVE-2018-18408)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
A use-after-free was discovered in the tcpbridge binary of Tcpreplay 4.3.0 beta1. The issue gets triggered in the function post_args() at tcpbridge.c, causing a denial of service or possibly unspecified other impact.
Remediation
Install update from vendor's website.
References
- https://github.com/appneta/tcpreplay/issues/488
- https://github.com/SegfaultMasters/covering360/blob/master/tcpreplay/README.md#user-content-heap-overflow-in-csum_replace4
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4V3SADKXUSHWTVAPU3WLXBDEQUHRA6ZO/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MLPY6W7Z7G6PF2JN4LXXHCACYLD4RBG6/
- https://github.com/appneta/tcpreplay/issues/489
- https://github.com/SegfaultMasters/covering360/blob/master/tcpreplay/README.md#use-after-free-in-post_args