CVE-2015-8011: Buffer Overflow
First published: Thu Oct 15 2015(Updated: )
Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via vectors involving large management addresses and TLV boundaries.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/openvswitch2.13 | <0:2.13.0-62.el7fd | 0:2.13.0-62.el7fd |
| redhat/openvswitch2.11 | <0:2.11.3-77.el7fd | 0:2.11.3-77.el7fd |
| redhat/openvswitch | <0:2.9.9-1.el7fd | 0:2.9.9-1.el7fd |
| redhat/openvswitch2.13 | <0:2.13.0-71.el8fd | 0:2.13.0-71.el8fd |
| redhat/openvswitch2.11 | <0:2.11.3-74.el8fd | 0:2.11.3-74.el8fd |
| redhat/openvswitch2.13 | <0:2.13.0-72.el8fd | 0:2.13.0-72.el8fd |
| redhat/openvswitch-selinux-extra-policy | <0:1.0-17.el7fd | 0:1.0-17.el7fd |
| redhat/ovn2.11 | <0:2.11.1-57.el7fd | 0:2.11.1-57.el7fd |
| redhat/ovn2.11 | <0:2.11.1-56.el7fd | 0:2.11.1-56.el7fd |
| redhat/redhat-virtualization-host | <0:4.3.12-20201216.0.el7_9 | 0:4.3.12-20201216.0.el7_9 |
| redhat/redhat-virtualization-host | <0:4.4.3-20201210.0.el8_3 | 0:4.4.3-20201210.0.el8_3 |
| redhat/rhvm-appliance | <0:4.4-20210310.0.el8e | 0:4.4-20210310.0.el8e |
| debian/lldpd | 1.0.3-1 1.0.3-1+deb10u2 1.0.11-1+deb11u2 1.0.16-1+deb12u1 1.0.17-1 | |
| debian/openvswitch | 2.10.7+ds1-0+deb10u1 2.10.7+ds1-0+deb10u4 2.15.0+ds1-2+deb11u4 3.1.0-2 3.2.0-2 | |
| Lldpd Project Lldpd | >=0.5.6<0.8.0 | |
| Debian Debian Linux | =9.0 | |
| Debian Debian Linux | =10.0 | |
| Fedoraproject Fedora | =33 | |
| redhat/lldpd | <0.8.0 | 0.8.0 |
| : Siemens SIMATIC HMI Unified Comfort Panels | <17 | 17 |
| : Siemens SIMATIC NET CP 1542SP-1 (6GK7542-6UX00-0XE0) | ||
| : Siemens SIMATIC NET CP 1542SP-1 IRC (incl. SIPLUS variants) (6GK7243-8RX30-0XE0) | ||
| : Siemens SIMATIC NET CP 1543-1 (incl. SIPLUS variants) | ||
| : Siemens SIMATIC NET CP 1543SP-1 (incl. SIPLUS variants) | ||
| : Siemens SIMATIC NET CP 1545-1 (6GK7545-1GX00-0XE0) | <1.1 | 1.1 |
Remedy
When the lldpd source is compiled with source fortification enabled, the flaw becomes unexploitable and will just cause a crash.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2015-8011 https://nvd.nist.gov/vuln/detail/CVE-2015-8011 http://www.openwall.com/lists/oss-security/2015/10/16/2 http://www.openwall.com/lists/oss-security/2015/10/30/2
- https://bugzilla.redhat.com/show_bug.cgi?id=1896536
- https://access.redhat.com/errata/RHBA-2020:5306
- https://access.redhat.com/errata/RHBA-2020:5307
- https://access.redhat.com/errata/RHSA-2021:2077
- https://access.redhat.com/errata/RHBA-2020:5310
- https://access.redhat.com/errata/RHBA-2020:5311
- https://access.redhat.com/errata/RHSA-2020:5615
- https://access.redhat.com/errata/RHSA-2021:2205
- https://access.redhat.com/errata/RHSA-2021:0931
- https://access.redhat.com/errata/RHSA-2021:0028
- https://access.redhat.com/errata/RHSA-2020:5611
- https://access.redhat.com/errata/RHSA-2021:0988
- https://access.redhat.com/security/cve/cve-2015-8011
- https://github.com/lldpd/lldpd/commit/dd4f16e7e816f2165fba76e3d162cd8d2978dcb2
- https://www.openwall.com/lists/oss-security/2015/10/16/2
- https://mail.openvswitch.org/pipermail/ovs-announce/2021-January/000268.html
- https://mail.openvswitch.org/pipermail/ovs-dev/2020-November/377394.html
- https://github.com/openvswitch/ovs/commit/bb5a9937fa8e04e71052fb50e23894448d19678f
- https://security-tracker.debian.org/tracker/CVE-2015-8011
- http://www.openwall.com/lists/oss-security/2015/10/16/2
- http://www.openwall.com/lists/oss-security/2015/10/30/2
- https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf
- https://github.com/vincentbernat/lldpd/commit/dd4f16e7e816f2165fba76e3d162cd8d2978dcb2
- https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJ4DXFJWMZ325ECZXPZOSK7BOEDJZHPR/
- https://us-cert.cisa.gov/ics/advisories/icsa-21-194-07
- https://www.debian.org/security/2021/dsa-4836
- https://access.redhat.com/blogs/766093/posts/3606481
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1899303
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1899304
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1899305
- https://www.cisa.gov/news-events/ics-advisories/icsa-21-194-07 (Advisory)
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UJ4DXFJWMZ325ECZXPZOSK7BOEDJZHPR/
Parent vulnerabilities
(Appears in the following advisories)
- collector/redhat-cve
- collector/security-tracker-debian
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/remedy
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2015-8011
- agent/software-canonical-lookup
- agent/event
- agent/severity
- agent/references
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- package-manager/redhat
- package-manager/debian
- vendor/lldpd project
- canonical/lldpd project lldpd
- version/lldpd project lldpd/0.5.6
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- version/debian debian linux/10.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/33
- vendor/: siemens
- canonical/: siemens simatic hmi unified comfort panels
- canonical/: siemens simatic net cp 1542sp-1 (6gk7542-6ux00-0xe0)
- canonical/: siemens simatic net cp 1542sp-1 irc (incl. siplus variants) (6gk7243-8rx30-0xe0)
- canonical/: siemens simatic net cp 1543-1 (incl. siplus variants)
- canonical/: siemens simatic net cp 1543sp-1 (incl. siplus variants)
- canonical/: siemens simatic net cp 1545-1 (6gk7545-1gx00-0xe0)