FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

lldpd -- Buffer overflow/Denial of service

Affected packages
0.5.6 <= lldpd < 0.7.19

Details

VuXML ID 2a4a112a-7c1b-11e5-bd77-0800275369e2
Discovery 2015-10-04
Entry 2015-10-26
Modified 2015-11-10

The lldpd developer Vincent Bernat reports:

A buffer overflow may allow arbitrary code execution only if hardening was disabled.

Malformed packets should not make lldpd crash. Ensure we can handle them by not using assert() in this part.

References

CVE Name CVE-2015-8011
CVE Name CVE-2015-8012
URL http://www.openwall.com/lists/oss-security/2015/10/30/2
URL https://github.com/vincentbernat/lldpd/raw/0.7.19/NEWS