ID OSVDB:2716 Type osvdb Reporter Robert Watson(rwatson@FreeBSD.org) Modified 2003-10-28T06:04:25
Description
Vulnerability Description
Libnids contains a flaw that may allow a remote attacker to execute arbitrary code. The issue is due to an unchecked buffer in the TCP reassembly module. If an attacker sends a specially crafted packet, they may be able to overflow the buffer and execute arbitrary privileges as root.
Solution Description
Upgrade to version 1.18 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
Short Description
Libnids contains a flaw that may allow a remote attacker to execute arbitrary code. The issue is due to an unchecked buffer in the TCP reassembly module. If an attacker sends a specially crafted packet, they may be able to overflow the buffer and execute arbitrary privileges as root.
{"title": "Libnids TCP Reassembly Module Overflow ", "published": "2003-10-28T06:04:25", "references": [], "type": "osvdb", "enchantments": {"score": {"value": 7.9, "vector": "NONE", "modified": "2017-04-28T13:19:57", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2003-0850"]}, {"type": "gentoo", "idList": ["GLSA-200311-08"]}, {"type": "openvas", "idList": ["OPENVAS:53110", "OPENVAS:54507"]}, {"type": "debian", "idList": ["DEBIAN:DSA-410-1:822F2"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-410.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:5307"]}, {"type": "suse", "idList": ["SUSE-SA:2003:044"]}], "modified": "2017-04-28T13:19:57", "rev": 2}, "vulnersScore": 7.9}, "cvelist": ["CVE-2003-0850"], "viewCount": 2, "affectedSoftware": [{"version": "1.1", "name": "Libnids", "operator": "eq"}, {"version": "1.14", "name": "Libnids", "operator": "eq"}, {"version": "1.16", "name": "Libnids", "operator": "eq"}, {"version": "1.12", "name": "Libnids", "operator": "eq"}, {"version": "1.13", "name": "Libnids", "operator": "eq"}, {"version": "1.17", "name": "Libnids", "operator": "eq"}, {"version": "1.11", "name": "Libnids", "operator": "eq"}], "id": "OSVDB:2716", "modified": "2003-10-28T06:04:25", "href": "https://vulners.com/osvdb/OSVDB:2716", "edition": 1, "description": "## Vulnerability Description\nLibnids contains a flaw that may allow a remote attacker to execute arbitrary code. The issue is due to an unchecked buffer in the TCP reassembly module. If an attacker sends a specially crafted packet, they may be able to overflow the buffer and execute arbitrary privileges as root.\n## Solution Description\nUpgrade to version 1.18 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nLibnids contains a flaw that may allow a remote attacker to execute arbitrary code. The issue is due to an unchecked buffer in the TCP reassembly module. If an attacker sends a specially crafted packet, they may be able to overflow the buffer and execute arbitrary privileges as root.\n## References:\nVendor URL: http://libnids.sourceforge.net\n[Vendor Specific Advisory URL](http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000773)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2004/dsa-410)\n[Vendor Specific Advisory URL](http://sourceforge.net/project/shownotes.php?release_id=191323)\n[Secunia Advisory ID:10076](https://secuniaresearch.flexerasoftware.com/advisories/10076/)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-10/0257.html\nISS X-Force ID: 13525\n[CVE-2003-0850](https://vulners.com/cve/CVE-2003-0850)\nBugtraq ID: 8905\n", "bulletinFamily": "software", "reporter": "Robert Watson(rwatson@FreeBSD.org)", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "lastseen": "2017-04-28T13:19:57"}
{"cve": [{"lastseen": "2021-02-02T05:22:09", "description": "The TCP reassembly functionality in libnids before 1.18 allows remote attackers to cause \"memory corruption\" and possibly execute arbitrary code via \"overlarge TCP packets.\"", "edition": 4, "cvss3": {}, "published": "2003-11-17T05:00:00", "title": "CVE-2003-0850", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0850"], "modified": "2016-10-18T02:38:00", "cpe": ["cpe:/a:rafal_wojtczuk:libnids:1.17", "cpe:/a:rafal_wojtczuk:libnids:1.13", "cpe:/a:rafal_wojtczuk:libnids:1.12", "cpe:/a:rafal_wojtczuk:libnids:1.14", "cpe:/a:rafal_wojtczuk:libnids:1.11", "cpe:/a:rafal_wojtczuk:libnids:1.16", "cpe:/a:dug_song:dsniff:2.3"], "id": "CVE-2003-0850", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0850", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:rafal_wojtczuk:libnids:1.16:*:*:*:*:*:*:*", "cpe:2.3:a:rafal_wojtczuk:libnids:1.13:*:*:*:*:*:*:*", "cpe:2.3:a:rafal_wojtczuk:libnids:1.17:*:*:*:*:*:*:*", "cpe:2.3:a:rafal_wojtczuk:libnids:1.12:*:*:*:*:*:*:*", "cpe:2.3:a:rafal_wojtczuk:libnids:1.11:*:*:*:*:*:*:*", "cpe:2.3:a:dug_song:dsniff:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:rafal_wojtczuk:libnids:1.14:*:*:*:*:*:*:*"]}], "gentoo": [{"lastseen": "2016-09-06T19:46:55", "bulletinFamily": "unix", "cvelist": ["CVE-2003-0850"], "description": "### Background\n\nLibnids is a component of a network intrusion detection system. \n\n### Description\n\nThere is a bug in the part of libnids code responsible for TCP reassembly. The flaw probably allows remote code execution. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nIt is recommended that all Gentoo Linux users who are running net-libs/libnids update their systems as follows: \n \n \n # emerge sync\n # emerge -pv '>=net-libs/libnids-1.18'\n # emerge '>=net-libs/libnids-1.18'\n # emerge clean", "edition": 1, "modified": "2003-11-22T00:00:00", "published": "2003-11-22T00:00:00", "id": "GLSA-200311-08", "href": "https://security.gentoo.org/glsa/200311-08", "type": "gentoo", "title": "Libnids: remote code execution vulnerability", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-24T12:50:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0850"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200311-08.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:54507", "href": "http://plugins.openvas.org/nasl.php?oid=54507", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200311-08 (Libnids)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Libnids contains a bug which could allow remote code execution.\";\ntag_solution = \"It is recommended that all Gentoo Linux users who are running\nnet-libs/libnids update their systems as follows:\n\n # emerge sync\n # emerge -pv '>=net-libs/libnids-1.18'\n # emerge '>=net-libs/libnids-1.18'\n # emerge clean\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200311-08\nhttp://bugs.gentoo.org/show_bug.cgi?id=32724\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200311-08.\";\n\n \n\nif(description)\n{\n script_id(54507);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_bugtraq_id(8905);\n script_cve_id(\"CVE-2003-0850\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200311-08 (Libnids)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-libs/libnids\", unaffected: make_list(\"ge 1.18\"), vulnerable: make_list(\"le 1.17\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0850"], "description": "The remote host is missing an update to libnids\nannounced via advisory DSA 410-1.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:53110", "href": "http://plugins.openvas.org/nasl.php?oid=53110", "type": "openvas", "title": "Debian Security Advisory DSA 410-1 (libnids)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_410_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 410-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability was discovered in libnids, a library used to analyze\nIP network traffic, whereby a carefully crafted TCP datagram could\ncause memory corruption and potentially execute arbitrary code with\nthe privileges of the user executing a program which uses libnids\n(such as dsniff).\n\nFor the current stable distribution (woody) this problem has been\nfixed in version 1.16-3woody1.\n\nFor the unstable distribution (sid) this problem will be fixed soon.\n\nWe recommend that you update your libnids package.\";\ntag_summary = \"The remote host is missing an update to libnids\nannounced via advisory DSA 410-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20410-1\";\n\nif(description)\n{\n script_id(53110);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 22:41:51 +0100 (Thu, 17 Jan 2008)\");\n script_bugtraq_id(8905);\n script_cve_id(\"CVE-2003-0850\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 410-1 (libnids)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libnids-dev\", ver:\"1.16-3woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnids1\", ver:\"1.16-3woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:08", "bulletinFamily": "software", "cvelist": ["CVE-2003-0850"], "description": "Hello,\r\n Libnids is a library which implements the functionality of NIDS\r\nE-component. Libnids provides IP defragmentation, TCP stream reassembly and\r\nport scan detection.\r\n Robert Watson <rwatson@FreeBSD.org> has found a bug in the part of \r\nlibnids code responsible for TCP reassembly. The flaw probably allows for \r\nremote code execution. This vulnerability has been assigned a CVE name \r\nCAN-2003-0850.\r\n Applications not using libnids tcp reassembly (like scanlogd) are not \r\nvulnerable; others, like dsniff, are potentially vulnerable.\r\n All libnids versions <= 1.17 are vulnerable. Libnids 1.18, which fixes \r\nthis issue, is available at http://libnids.sourceforge.net.\r\n\r\nSave yourself,\r\nNergal", "edition": 1, "modified": "2003-10-28T00:00:00", "published": "2003-10-28T00:00:00", "id": "SECURITYVULNS:DOC:5307", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:5307", "title": "Libnids <= 1.17 buffer overflow", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2020-11-11T13:21:52", "bulletinFamily": "unix", "cvelist": ["CVE-2003-0850"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 410-1 security@debian.org\nhttp://www.debian.org/security/ Matt Zimmerman\nJanuary 5th, 2004 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : libnids\nVulnerability : buffer overflow\nProblem-Type : remote\nDebian-specific: no\nCVE Ids : CAN-2003-0850\n\nA vulnerability was discovered in libnids, a library used to analyze\nIP network traffic, whereby a carefully crafted TCP datagram could\ncause memory corruption and potentially execute arbitrary code with\nthe privileges of the user executing a program which uses libnids\n(such as dsniff).\n\nFor the current stable distribution (woody) this problem has been\nfixed in version 1.16-3woody1.\n\nFor the unstable distribution (sid) this problem will be fixed soon.\n\nWe recommend that you update your libnids package.\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/libn/libnids/libnids_1.16-3woody1.dsc\n Size/MD5 checksum: 603 c9e8989f8cb7d6706d512f8c34519443\n http://security.debian.org/pool/updates/main/libn/libnids/libnids_1.16-3woody1.diff.gz\n Size/MD5 checksum: 7053 5db55f605de05b18238c8d8f1e0d5eaa\n http://security.debian.org/pool/updates/main/libn/libnids/libnids_1.16.orig.tar.gz\n Size/MD5 checksum: 72309 95497093d0de330be12ddc658ad7decc\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/libn/libnids/libnids-dev_1.16-3woody1_alpha.deb\n Size/MD5 checksum: 53924 e26ca5f38905360771ed53e406cfd551\n http://security.debian.org/pool/updates/main/libn/libnids/libnids1_1.16-3woody1_alpha.deb\n Size/MD5 checksum: 21948 05c1ba0882f274c0e91b366158c3aba6\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/libn/libnids/libnids-dev_1.16-3woody1_arm.deb\n Size/MD5 checksum: 49500 2861aab1d3425667206a39fe1a18236e\n http://security.debian.org/pool/updates/main/libn/libnids/libnids1_1.16-3woody1_arm.deb\n Size/MD5 checksum: 18684 b56d1950c95bb179f70216b1a2d18659\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/libn/libnids/libnids-dev_1.16-3woody1_i386.deb\n Size/MD5 checksum: 47424 0a0ee5573c7f849a0c4b8a6c60c6a080\n http://security.debian.org/pool/updates/main/libn/libnids/libnids1_1.16-3woody1_i386.deb\n Size/MD5 checksum: 17074 9b0358382397ba1d8b0485dede78892f\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/libn/libnids/libnids-dev_1.16-3woody1_ia64.deb\n Size/MD5 checksum: 59322 7a024fb46ce17e1ee6f3c0e201627c42\n http://security.debian.org/pool/updates/main/libn/libnids/libnids1_1.16-3woody1_ia64.deb\n Size/MD5 checksum: 28432 8934206dbb404dc64d4c87d9255d5638\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/libn/libnids/libnids-dev_1.16-3woody1_hppa.deb\n Size/MD5 checksum: 52302 711d6f7c949a60984ee7d30fb8894160\n http://security.debian.org/pool/updates/main/libn/libnids/libnids1_1.16-3woody1_hppa.deb\n Size/MD5 checksum: 20930 62ad021f6c7767cc8a4454096ccd1d1d\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/libn/libnids/libnids-dev_1.16-3woody1_m68k.deb\n Size/MD5 checksum: 46716 feaeeac9a1f2762313d8e59f313373e1\n http://security.debian.org/pool/updates/main/libn/libnids/libnids1_1.16-3woody1_m68k.deb\n Size/MD5 checksum: 16674 4cb2fd1cdbbf5900474f4329bab3bfbc\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/libn/libnids/libnids-dev_1.16-3woody1_mips.deb\n Size/MD5 checksum: 52226 e0abaa180510965d91faed6b3cf14aae\n http://security.debian.org/pool/updates/main/libn/libnids/libnids1_1.16-3woody1_mips.deb\n Size/MD5 checksum: 18658 731f3f124e0f50dd0f2ad12edddacebc\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/libn/libnids/libnids-dev_1.16-3woody1_mipsel.deb\n Size/MD5 checksum: 52404 588dc4b4cc9526f43dbe758ac42a5fa7\n http://security.debian.org/pool/updates/main/libn/libnids/libnids1_1.16-3woody1_mipsel.deb\n Size/MD5 checksum: 18894 f138fa9a58029d8d4045214f689f433a\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/libn/libnids/libnids-dev_1.16-3woody1_powerpc.deb\n Size/MD5 checksum: 50712 8d474420d3857da2dcf1e513e8c3a05f\n http://security.debian.org/pool/updates/main/libn/libnids/libnids1_1.16-3woody1_powerpc.deb\n Size/MD5 checksum: 18544 6c2ee0a24d579e058ec3d33f6da60c7b\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/libn/libnids/libnids-dev_1.16-3woody1_s390.deb\n Size/MD5 checksum: 48488 bc1a016c012276feca11552206bad715\n http://security.debian.org/pool/updates/main/libn/libnids/libnids1_1.16-3woody1_s390.deb\n Size/MD5 checksum: 18762 b4d3b1bc6431b57a3fc9e90bde10b439\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/libn/libnids/libnids-dev_1.16-3woody1_sparc.deb\n Size/MD5 checksum: 49894 72473f1e07a0e37d5ba5acdd7c6b7d42\n http://security.debian.org/pool/updates/main/libn/libnids/libnids1_1.16-3woody1_sparc.deb\n Size/MD5 checksum: 21560 661ca1cb95c69e40cca1fc6373ae39a8\n\n These files will probably be moved into the stable distribution on\n its next revision.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 3, "modified": "2004-01-05T00:00:00", "published": "2004-01-05T00:00:00", "id": "DEBIAN:DSA-410-1:822F2", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2004/msg00003.html", "title": "[SECURITY] [DSA 410-1] New libnids packages fix buffer overflow", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-06T09:51:34", "description": "A vulnerability was discovered in libnids, a library used to analyze\nIP network traffic, whereby a carefully crafted TCP datagram could\ncause memory corruption and potentially execute arbitrary code with\nthe privileges of the user executing a program which uses libnids\n(such as dsniff).", "edition": 25, "published": "2004-09-29T00:00:00", "title": "Debian DSA-410-1 : libnids - buffer overflow", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0850"], "modified": "2004-09-29T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:3.0", "p-cpe:/a:debian:debian_linux:libnids"], "id": "DEBIAN_DSA-410.NASL", "href": "https://www.tenable.com/plugins/nessus/15247", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-410. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(15247);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2003-0850\");\n script_bugtraq_id(8905);\n script_xref(name:\"DSA\", value:\"410\");\n\n script_name(english:\"Debian DSA-410-1 : libnids - buffer overflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability was discovered in libnids, a library used to analyze\nIP network traffic, whereby a carefully crafted TCP datagram could\ncause memory corruption and potentially execute arbitrary code with\nthe privileges of the user executing a program which uses libnids\n(such as dsniff).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2004/dsa-410\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"For the current stable distribution (woody) this problem has been\nfixed in version 1.16-3woody1.\n\nWe recommend that you update your libnids package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libnids\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/01/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/09/29\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2003/10/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"libnids-dev\", reference:\"1.16-3woody1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libnids1\", reference:\"1.16-3woody1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2016-09-04T11:43:03", "bulletinFamily": "unix", "cvelist": ["CVE-2002-1562", "CVE-2003-0459", "CVE-2003-0899", "CVE-2003-0692", "CVE-2003-0850", "CVE-2003-0690"], "description": "Two vulnerabilities were found in the \"tiny\" web-server thttpd. The first bug is a buffer overflow that can be exploited remotely to overwrite the EBP register of the stack. Due to memory-alignment of the stack done by gcc 3.x this bug can not be exploited. All thttpd versions mentioned in this advisory are compiled with gcc 3.x and are therefore not exploitable. The other bug occurs in the virtual-hosting code of thttpd. A remote attacker can bypass the virtual-hosting mechanism to read arbitrary files.", "edition": 1, "modified": "2003-10-31T12:38:13", "published": "2003-10-31T12:38:13", "id": "SUSE-SA:2003:044", "href": "http://lists.opensuse.org/opensuse-security-announce/2003-10/msg00009.html", "type": "suse", "title": "remote privilege escalation/ in thttpd", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
