Libnids TCP Reassembly Module Overflow

2003-10-28T06:04:25
ID OSVDB:2716
Type osvdb
Reporter Robert Watson(rwatson@FreeBSD.org)
Modified 2003-10-28T06:04:25

Description

Vulnerability Description

Libnids contains a flaw that may allow a remote attacker to execute arbitrary code. The issue is due to an unchecked buffer in the TCP reassembly module. If an attacker sends a specially crafted packet, they may be able to overflow the buffer and execute arbitrary privileges as root.

Solution Description

Upgrade to version 1.18 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Libnids contains a flaw that may allow a remote attacker to execute arbitrary code. The issue is due to an unchecked buffer in the TCP reassembly module. If an attacker sends a specially crafted packet, they may be able to overflow the buffer and execute arbitrary privileges as root.

References:

Vendor URL: http://libnids.sourceforge.net Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Secunia Advisory ID:10076 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-10/0257.html ISS X-Force ID: 13525 CVE-2003-0850 Bugtraq ID: 8905