Ubuntu
netdiscover package

netdiscover segfaults when looking up vendors

Bug #315111 reported by Deniz Adrian
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
netdiscover (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: netdiscover

search_vendor tries to write into tmac[6], which should be tmac[7], overflows.

patch attached.

Revision history for this message
Deniz Adrian (deniz-adrianer) wrote :
Revision history for this message
Deniz Adrian (deniz-adrianer) wrote :

don't know if this may be exploitable by sending some weird MAC-addresses over the wire, so set this to "security-related"

Revision history for this message
Deniz Adrian (deniz-adrianer) wrote :

this could be the same as #275106 and/or #291005. sorry for double-posting

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

I looked at misc.c on Hardy and don't see the problem. What version of netdiscover are you using and can you give an example that triggers this condition?

Changed in netdiscover:
assignee: nobody → jdstrand
status: New → Incomplete
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Oh, I didn't look far enough. While sprintf doesn't write too much, and the for loop doesn't access beyond the end, tmac isn't null-terminated, which could cause strcmp to fail (it expects null terminated strings).

Jamie Strandboge (jdstrand)
Changed in netdiscover:
assignee: jdstrand → nobody
status: Incomplete → Confirmed
Revision history for this message
Eriberto (eriberto) wrote :

Hi,

I am the new maintainer of the netdiscover in Debian.

I am closing this bug, already fixed in a previous version/revision.

Regards,

Eriberto

Changed in netdiscover (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.