Tcpdump Protocol Four and Zero Header Length Vulnerability

Solution:
Apply this patch:

diff -r -p print-ip.orig.c print-ip.c
*** print-ip.orig.c Thu Jun 17 11:24:17 1999
--- print-ip.c Thu Jun 17 14:07:50 1999
*************** ip_print(register const u_char *bp, regi
*** 374,379 ****
--- 374,384 ----
(void)printf("truncated-ip %d", length);
return;
}
+
+ if (ip->ip_hl == 0) {
+ (void)printf("bad ip packet - header length = 0\n");
+ return;
+ }
hlen = ip->ip_hl * 4;

len = ntohs(ip->ip_len);



 

Privacy Statement
Copyright 2010, SecurityFocus