Bug#226356: Buffer overflow vulnerability (CAN-2003-0850)

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#226356: Buffer overflow vulnerability (CAN-2003-0850)
From: Matt Zimmerman <mdz@debian.org>
Date: Mon, 5 Jan 2004 18:17:07 -0800
Message-id: <[🔎] 20040106021707.GA27296@alcor.net>
Reply-to: Matt Zimmerman <mdz@debian.org>, 226356@bugs.debian.org

Package: libnids
Severity: grave

"The TCP reassembly functionality in libnids before 1.18 allows remote
attackers to cause "memory corruption" and possibly execute arbitrary code
via "overlarge TCP packets."

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0850

An update to version 1.18 should be sufficient to correct the problem.

I am copying dsniff@packages.debian.org, since that is the only reverse
dependency.  This package is orphaned and could be removed if this bug is
not fixed.

-- System Information:
Debian Release: unstable
Architecture: i386
Kernel: Linux mizar 2.4.22-deb5-evms2.1.1-skas3-1 #1 Mon Dec 22 14:08:31 PST 2003 i686
Locale: LANG=en_US, LC_CTYPE=en_US


-- 
 - mdz

Reply to:

Follow-Ups:
- Bug#226356: Buffer overflow vulnerability (CAN-2003-0850)
  - From: Steve Kemp <skx@debian.org>
- Bug#226356: Buffer overflow vulnerability (CAN-2003-0850)
  - From: Colin Watson <cjwatson@debian.org>
- Bug#226356: marked as done (Buffer overflow vulnerability (CAN-2003-0850))
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Processed: retitle 112616 to gtkfind for HURD
Next by Date: Processed: tag 226241 + patch
Previous by thread: Processed: retitle 112616 to gtkfind for HURD
Next by thread: Bug#226356: Buffer overflow vulnerability (CAN-2003-0850)
Index(es):
- Date
- Thread