Libnids: remote code execution vulnerability — GLSA 200311-08

Libnids contains a bug which could allow remote code execution.

Affected Packages

net-libs/libnids on all architectures
Affected versions <= 1.17
Unaffected versions >= 1.18

Background

Libnids is a component of a network intrusion detection system.

Description

There is a bug in the part of libnids code responsible for TCP reassembly. The flaw probably allows remote code execution.

Impact

A remote attacker could possibly execute arbitrary code.

Workaround

There is no known workaround at this time.

Resolution

It is recommended that all Gentoo Linux users who are running net-libs/libnids update their systems as follows:

 # emerge sync
 # emerge -pv '>=net-libs/libnids-1.18'
 # emerge '>=net-libs/libnids-1.18'
 # emerge clean

References

Release Date
November 22, 2003

Latest Revision
November 22, 2003: 01

Severity
normal

Exploitable
remote

Bugzilla entries