NI3
10-30-2003, 02:54 PM
Secunia Advisory: SA10103
Release Date: 2003-10-30
Critical: Moderately critical
Impact: DoS
System access
Where: From remote
OS: Conectiva Linux 7.0
Conectiva Linux 8
Conectiva Linux 9
CVE reference: CAN-2003-0850
Description:
Conectiva has issued updated packages for libnids. These fix a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
For more information:
SA10076
Solution:
Updated packages:
-- Conectiva Linux 7.0 --
ftp://atualizacoes.conectiva.com...PMS/dsniff-2.3-4U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com...S/libnids-1.18-1U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com...ids-devel-1.18-1U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com...el-static-1.18-1U70_1cl.i386.rpm
SRPMS:
ftp://atualizacoes.conectiva.com...RPMS/dsniff-2.3-4U70_1cl.src.rpm
ftp://atualizacoes.conectiva.com...MS/libnids-1.18-1U70_1cl.src.rpm
-- Conectiva Linux 8 --
ftp://atualizacoes.conectiva.com...PMS/dsniff-2.3-7U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com...iff-webspy-2.3-7U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com...S/libnids-1.18-1U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com...ids-devel-1.18-1U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com...el-static-1.18-1U80_1cl.i386.rpm
SRPMS:
ftp://atualizacoes.conectiva.com...RPMS/dsniff-2.3-7U80_1cl.src.rpm
ftp://atualizacoes.conectiva.com...MS/libnids-1.18-1U80_1cl.src.rpm
-- Conectiva Linux 9 --
ftp://atualizacoes.conectiva.com...dsniff-2.3-24591U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com...webspy-2.3-24591U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com...ibnids-1.18-8448U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com...-devel-1.18-8448U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com...static-1.18-8448U90_1cl.i386.rpm
SRPMS:
ftp://atualizacoes.conectiva.com.../dsniff-2.3-24591U90_1cl.src.rpm
ftp://atualizacoes.conectiva.com...libnids-1.18-8448U90_1cl.src.rpm
Other References:
SA10076:
[Only registered and activated users can see links]
--------------------
Name CAN-2003-0850 (under review)
Description The TCP reassembly functionality in libnids before 1.18 allows remote attackers to cause "memory corruption" and possibly execute arbitrary code via "overlarge TCP packets."
References BUGTRAQ:20031027 Libnids <= 1.17 buffer overflow
URL:[Only registered and activated users can see links]
CONFIRM:[Only registered and activated users can see links]
Phase Assigned (20031010)
Votes
Comments
Release Date: 2003-10-30
Critical: Moderately critical
Impact: DoS
System access
Where: From remote
OS: Conectiva Linux 7.0
Conectiva Linux 8
Conectiva Linux 9
CVE reference: CAN-2003-0850
Description:
Conectiva has issued updated packages for libnids. These fix a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
For more information:
SA10076
Solution:
Updated packages:
-- Conectiva Linux 7.0 --
ftp://atualizacoes.conectiva.com...PMS/dsniff-2.3-4U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com...S/libnids-1.18-1U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com...ids-devel-1.18-1U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com...el-static-1.18-1U70_1cl.i386.rpm
SRPMS:
ftp://atualizacoes.conectiva.com...RPMS/dsniff-2.3-4U70_1cl.src.rpm
ftp://atualizacoes.conectiva.com...MS/libnids-1.18-1U70_1cl.src.rpm
-- Conectiva Linux 8 --
ftp://atualizacoes.conectiva.com...PMS/dsniff-2.3-7U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com...iff-webspy-2.3-7U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com...S/libnids-1.18-1U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com...ids-devel-1.18-1U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com...el-static-1.18-1U80_1cl.i386.rpm
SRPMS:
ftp://atualizacoes.conectiva.com...RPMS/dsniff-2.3-7U80_1cl.src.rpm
ftp://atualizacoes.conectiva.com...MS/libnids-1.18-1U80_1cl.src.rpm
-- Conectiva Linux 9 --
ftp://atualizacoes.conectiva.com...dsniff-2.3-24591U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com...webspy-2.3-24591U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com...ibnids-1.18-8448U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com...-devel-1.18-8448U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com...static-1.18-8448U90_1cl.i386.rpm
SRPMS:
ftp://atualizacoes.conectiva.com.../dsniff-2.3-24591U90_1cl.src.rpm
ftp://atualizacoes.conectiva.com...libnids-1.18-8448U90_1cl.src.rpm
Other References:
SA10076:
[Only registered and activated users can see links]
--------------------
Name CAN-2003-0850 (under review)
Description The TCP reassembly functionality in libnids before 1.18 allows remote attackers to cause "memory corruption" and possibly execute arbitrary code via "overlarge TCP packets."
References BUGTRAQ:20031027 Libnids <= 1.17 buffer overflow
URL:[Only registered and activated users can see links]
CONFIRM:[Only registered and activated users can see links]
Phase Assigned (20031010)
Votes
Comments