From Secunia ($URL): Description A vulnerability has been reported in Libnids, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a NULL pointer dereference error in src/ip_fragment.c, which can be exploited to crash an application using the library by sending specially crafted network traffic. The vulnerability is reported in versions prior to 1.24.
netmon: Please bump
That's in the tree. Arch teams, please test (maybe with net-analyzer/dsniff) and mark stable: =net-libs/libnids-1.24 Target KEYWORDS="alpha amd64 ppc sparc x86"
I tested net-libs/libnids-1.24 and net-analyzer/dsniff-2.4_beta1-r4 (current stable depends on an older libnids...) on x86. They both seem to be ok.
x86 stable, thanks Andreas
Stable on amd64
CVE-2010-0751 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0751): The ip_evictor function in ip_fragment.c in libnids 1.24, as used in dsniff and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via crafted fragmented packets.
ppc done
alpha/sparc stable
GLSA Vote: no.
Old and DoS only so GLSA Vote: no -> Closing. Feel free to reopen if you disagree.