[thirdparty/lldpd.git] / content / security.html

---
title: Security
---

`lldpd` contains several security features to mitigate vulnerabilities
(privilege separation, chrooted process, …). If you wish to report a
security issue, either open an [issue on GitHub][] or [mail me][]
directly.

# Past vulnerabilities

 * [CVE-2020-27827][]: memory exhaustion attack through crafted LLDPU
   with some duplicate TLVs. A remote device can send LLDPU with a
   duplicate port description, system name, or system description TLV.
   The vulnerability does not allow arbitrary code execution. This bug
   is present since the initial release. It has been fixed in commit
   [a8d3c90f][] and in version 1.0.8.

 * [CVE-2015-8011][]: buffer overflow when handling management address
   TLV for LLDP. When a remote device was advertising a too large
   management address while still respecting TLV boundaries, lldpd
   would crash due to a buffer overflow. This vulnerability affects
   the parser which is run in an unprivileged and chrooted
   process. It does not allow arbitrary code execution
   unless hardening has been specifically disabled. This bug has been
   introduced in version 0.6.0. It has been fixed in commit
   [dd4f16e7][] and in version 0.7.19.

 * [CVE-2015-8012][]: crash on malformed management address. When a
   remote device was advertising a malformed management address, lldpd
   would crash with an assertion error. This vulnerability affects the
   parser which is run in an unprivileged and chrooted process. It
   does not allow arbitrary code execution. This bug has been
   introduced in version 0.6.0. It has been fixed in commit
   [793526f8][] and in version 0.7.19.

[issue on GitHub]: https://github.com/lldpd/lldpd/issues/new
[mail me]: mailto:vincent@bernat.ch
[CVE-2015-8011]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8011
[CVE-2015-8012]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8012
[CVE-2020-27827]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27827
[dd4f16e7]: https://github.com/lldpd/lldpd/commit/dd4f16e7e816f2165fba76e3d162cd8d2978dcb2
[793526f8]: https://github.com/lldpd/lldpd/commit/793526f8884455f43daecd0a2c46772388417a00
[a8d3c90f]: https://github.com/lldpd/lldpd/commit/a8d3c90feca548fc0656d95b5d278713db86ff61

{# Local Variables:      #}
{# mode: markdown        #}
{# indent-tabs-mode: nil #}
{# End:                  #}
Commit	Line	Data
aa58fbfe VB	1	---
	2	title: Security
	3	---
	4
	5	`lldpd` contains several security features to mitigate vulnerabilities
	6	(privilege separation, chrooted process, …). If you wish to report a
	7	security issue, either open an [issue on GitHub][] or [mail me][]
	8	directly.
	9
	10	# Past vulnerabilities
	11
d436b636 VB	12	* [CVE-2020-27827][]: memory exhaustion attack through crafted LLDPU
	13	with some duplicate TLVs. A remote device can send LLDPU with a
	14	duplicate port description, system name, or system description TLV.
	15	The vulnerability does not allow arbitrary code execution. This bug
	16	is present since the initial release. It has been fixed in commit
	17	[a8d3c90f][] and in version 1.0.8.
	18
aa58fbfe VB	19	* [CVE-2015-8011][]: buffer overflow when handling management address
	20	TLV for LLDP. When a remote device was advertising a too large
	21	management address while still respecting TLV boundaries, lldpd
	22	would crash due to a buffer overflow. This vulnerability affects
	23	the parser which is run in an unprivileged and chrooted
	24	process. It does not allow arbitrary code execution
	25	unless hardening has been specifically disabled. This bug has been
	26	introduced in version 0.6.0. It has been fixed in commit
	27	[dd4f16e7][] and in version 0.7.19.
	28
	29	* [CVE-2015-8012][]: crash on malformed management address. When a
	30	remote device was advertising a malformed management address, lldpd
	31	would crash with an assertion error. This vulnerability affects the
	32	parser which is run in an unprivileged and chrooted process. It
	33	does not allow arbitrary code execution. This bug has been
	34	introduced in version 0.6.0. It has been fixed in commit
	35	[793526f8][] and in version 0.7.19.
	36
aaa57e6d	37	[issue on GitHub]: https://github.com/lldpd/lldpd/issues/new
4d5fba58	38	[mail me]: mailto:vincent@bernat.ch
aa58fbfe VB	39	[CVE-2015-8011]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8011
aa58fbfe VB	40	[CVE-2015-8012]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8012
d436b636	41	[CVE-2020-27827]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27827
aaa57e6d VB	42	[dd4f16e7]: https://github.com/lldpd/lldpd/commit/dd4f16e7e816f2165fba76e3d162cd8d2978dcb2
aaa57e6d VB	43	[793526f8]: https://github.com/lldpd/lldpd/commit/793526f8884455f43daecd0a2c46772388417a00
d436b636	44	[a8d3c90f]: https://github.com/lldpd/lldpd/commit/a8d3c90feca548fc0656d95b5d278713db86ff61
aa58fbfe VB	45
	46	{# Local Variables: #}
	47	{# mode: markdown #}
	48	{# indent-tabs-mode: nil #}
	49	{# End: #}