Bug#226356: Buffer overflow vulnerability (CAN-2003-0850)
On Mon, Jan 05, 2004 at 06:17:07PM -0800, Matt Zimmerman wrote:
> Package: libnids
> Severity: grave
>
> "The TCP reassembly functionality in libnids before 1.18 allows remote
> attackers to cause "memory corruption" and possibly execute arbitrary code
> via "overlarge TCP packets."
>
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0850
>
> An update to version 1.18 should be sufficient to correct the problem.
>
> I am copying dsniff@packages.debian.org, since that is the only reverse
> dependency. This package is orphaned and could be removed if this bug is
> not fixed.
I maintain dsniff - and will adopt libnids and upload a more recent
version shortly.
I've retitled #188171 to reflect this, although the cotrol address
seems to be a little bit slow today.
Steve
--
Reply to: