Summary: | <net-libs/libnids-1.24: DoS (CVE-2010-0751) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Alex Legler (RETIRED) <a3li> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | netmon |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://secunia.com/advisories/39225/ | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 312835 |
Description
Alex Legler (RETIRED)
2010-04-01 15:38:06 UTC
netmon: Please bump That's in the tree. Arch teams, please test (maybe with net-analyzer/dsniff) and mark stable: =net-libs/libnids-1.24 Target KEYWORDS="alpha amd64 ppc sparc x86" I tested net-libs/libnids-1.24 and net-analyzer/dsniff-2.4_beta1-r4 (current stable depends on an older libnids...) on x86. They both seem to be ok. x86 stable, thanks Andreas Stable on amd64 CVE-2010-0751 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0751): The ip_evictor function in ip_fragment.c in libnids 1.24, as used in dsniff and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via crafted fragmented packets. ppc done alpha/sparc stable GLSA Vote: no. Old and DoS only so GLSA Vote: no -> Closing. Feel free to reopen if you disagree. |