Libpcap has a buffer overflow. Libpcap uses strcpy to copy a device (interface-name) to ifreq.ifr_name (16-byte buffer). The buffer can be overflowed if the program using libpcap passes userdefined 'device' to pcap_open_live. Test: tcpdump -i `perl -e "print 'A'x1000"` This is not big problem unless someone has made a setuid libpcap program. I'm attaching a patch that seems to fix this. (Also it looks like might pcap-dlpi.c suffers from similar problem).
Created attachment 5731 [details] Patch to fix libpcap strcpy(ifr.ifr_name, device) overflow