Vulnerabilities > CVE-2015-8012 - Reachable Assertion vulnerability in Lldpd Project Lldpd
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
lldpd before 0.8.0 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via a malformed packet.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family | FreeBSD Local Security Checks |
NASL id | FREEBSD_PKG_2A4A112A7C1B11E5BD770800275369E2.NASL |
description | The lldpd developer Vincent Bernat reports : A buffer overflow may allow arbitrary code execution only if hardening was disabled. Malformed packets should not make lldpd crash. Ensure we can handle them by not using assert() in this part. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 86620 |
published | 2015-10-28 |
reporter | This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/86620 |
title | FreeBSD : lldpd -- Buffer overflow/Denial of service (2a4a112a-7c1b-11e5-bd77-0800275369e2) |
code |
|
References
- http://www.openwall.com/lists/oss-security/2015/10/18/2
- http://www.openwall.com/lists/oss-security/2015/10/18/2
- http://www.openwall.com/lists/oss-security/2015/10/30/2
- http://www.openwall.com/lists/oss-security/2015/10/30/2
- https://github.com/vincentbernat/lldpd/commit/793526f8884455f43daecd0a2c46772388417a00
- https://github.com/vincentbernat/lldpd/commit/793526f8884455f43daecd0a2c46772388417a00
- https://github.com/vincentbernat/lldpd/commit/9221b5c249f9e4843f77c7f888d5705348d179c0
- https://github.com/vincentbernat/lldpd/commit/9221b5c249f9e4843f77c7f888d5705348d179c0