Gentoo Logo

Libnids: remote code execution vulnerability

Content:

1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200311-08 / Libnids
Release Date November 22, 2003
Latest Revision November 22, 2003: 01
Impact normal
Exploitable remote
Package Vulnerable versions Unaffected versions Architecture(s)
net-libs/libnids <= 1.17 >= 1.18 All supported architectures

Related bugreports: #32724

Synopsis

Libnids contains a bug which could allow remote code execution.

2.  Impact Information

Background

Libnids is a component of a network intrusion detection system.

Description

There is a bug in the part of libnids code responsible for TCP reassembly. The flaw probably allows remote code execution.

Impact

A remote attacker could possibly execute arbitrary code.

3.  Resolution Information

Workaround

There is no known workaround at this time.

Resolution

It is recommended that all Gentoo Linux users who are running net-libs/libnids update their systems as follows:

Code Listing 3.1: Resolution

# emerge sync
# emerge -pv '>=net-libs/libnids-1.18'
# emerge '>=net-libs/libnids-1.18'
# emerge clean

4.  References

Print

Page updated November 22, 2003

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.