GLSA 200311-08: Libnids: remote code execution vulnerability

Severity:normal
Title:Libnids: remote code execution vulnerability
Date:11/22/2003
Bugs: #32724
ID:200311-08

Synopsis

Libnids contains a bug which could allow remote code execution.

Background

Libnids is a component of a network intrusion detection system.

Affected packages

Package Vulnerable Unaffected Architecture(s)
net-libs/libnids <= 1.17 >= 1.18 All supported architectures

Description

There is a bug in the part of libnids code responsible for TCP reassembly. The flaw probably allows remote code execution.

Impact

A remote attacker could possibly execute arbitrary code.

Workaround

There is no known workaround at this time.

Resolution

It is recommended that all Gentoo Linux users who are running net-libs/libnids update their systems as follows:

    # emerge sync
    # emerge -pv '>=net-libs/libnids-1.18'
    # emerge '>=net-libs/libnids-1.18'
    # emerge clean

References

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200311-08.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

Thank you!