]>
Commit | Line | Data |
---|---|---|
aa58fbfe VB |
1 | --- |
2 | title: Security | |
3 | --- | |
4 | ||
5 | `lldpd` contains several security features to mitigate vulnerabilities | |
6 | (privilege separation, chrooted process, …). If you wish to report a | |
7 | security issue, either open an [issue on GitHub][] or [mail me][] | |
8 | directly. | |
9 | ||
10 | # Past vulnerabilities | |
11 | ||
d436b636 | 12 | * [CVE-2020-27827][]: memory exhaustion attack through crafted LLDPU |
fcf94eb0 VB |
13 | with duplicate TLVs. A remote device can send LLDPU with a |
14 | duplicate port description, system name, or system description TLV | |
15 | and trigger a memory leak. The vulnerability does not allow | |
16 | arbitrary code execution. This bug is present since the initial | |
50ee6724 VB |
17 | release. It has been fixed in commits [a8d3c90f][] (1.0.8), and |
18 | [7d60bf30][] (1.0.9) | |
d436b636 | 19 | |
aa58fbfe VB |
20 | * [CVE-2015-8011][]: buffer overflow when handling management address |
21 | TLV for LLDP. When a remote device was advertising a too large | |
22 | management address while still respecting TLV boundaries, lldpd | |
23 | would crash due to a buffer overflow. This vulnerability affects | |
24 | the parser which is run in an unprivileged and chrooted | |
25 | process. It does not allow arbitrary code execution | |
26 | unless hardening has been specifically disabled. This bug has been | |
27 | introduced in version 0.6.0. It has been fixed in commit | |
28 | [dd4f16e7][] and in version 0.7.19. | |
29 | ||
30 | * [CVE-2015-8012][]: crash on malformed management address. When a | |
31 | remote device was advertising a malformed management address, lldpd | |
32 | would crash with an assertion error. This vulnerability affects the | |
33 | parser which is run in an unprivileged and chrooted process. It | |
34 | does not allow arbitrary code execution. This bug has been | |
35 | introduced in version 0.6.0. It has been fixed in commit | |
36 | [793526f8][] and in version 0.7.19. | |
37 | ||
aaa57e6d | 38 | [issue on GitHub]: https://github.com/lldpd/lldpd/issues/new |
4d5fba58 | 39 | [mail me]: mailto:vincent@bernat.ch |
aa58fbfe VB |
40 | [CVE-2015-8011]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8011 |
41 | [CVE-2015-8012]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8012 | |
d436b636 | 42 | [CVE-2020-27827]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27827 |
aaa57e6d VB |
43 | [dd4f16e7]: https://github.com/lldpd/lldpd/commit/dd4f16e7e816f2165fba76e3d162cd8d2978dcb2 |
44 | [793526f8]: https://github.com/lldpd/lldpd/commit/793526f8884455f43daecd0a2c46772388417a00 | |
d436b636 | 45 | [a8d3c90f]: https://github.com/lldpd/lldpd/commit/a8d3c90feca548fc0656d95b5d278713db86ff61 |
50ee6724 | 46 | [7d60bf30]: https://github.com/lldpd/lldpd/commit/7d60bf30effc4c88f17f3d58ecaa72479f16d4be |
aa58fbfe VB |
47 | |
48 | {# Local Variables: #} | |
49 | {# mode: markdown #} | |
50 | {# indent-tabs-mode: nil #} | |
51 | {# End: #} |