net-tools Stack-Based Buffer Overflow Vulnerability in get_name() Function

A stack-based buffer overflow vulnerability has been identified in the net-tools package for Linux, affecting all versions through 2.10. The issue arises in the 'get_name()' function within 'interface.c', where interface labels are copied from '/proc/net/dev' into a fixed 16-byte stack buffer without proper bounds checking. This flaw could lead to arbitrary code execution or a crash. The vulnerability can be exploited without special privileges, although it does not allow for privilege escalation.

Impact

Exploitation of this vulnerability can result in a stack-based buffer overflow, potentially leading to arbitrary code execution or a crash.

Reproduction

The vulnerability can be reproduced by creating a '/proc/net/dev' entry with an interface alias longer than 15 bytes, which will cause a buffer overflow when the 'ifconfig' command is run. This can be done by using the 'unshare' command to create an unprivileged user namespace, mounting a temporary filesystem as '/proc', and then copying the crafted alias into '/proc/net/dev' before executing 'ifconfig'.

Remediation

Users are advised to update to net-tools version 2.20 or later. For Debian 11 bullseye, this update is available in version 1.60+git20181103.0eebece-1+deb11u2.