Conectiva Local Security Checks : Conectiva Security Advisory CLA-2003:773

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.51476

Kategorie: Conectiva Local Security Checks

Titel: Conectiva Security Advisory CLA-2003:773

Zusammenfassung: NOSUMMARY

Beschreibung: Description:

The remote host is missing updates announced in
advisory CLA-2003:773.

Libnids[1] is an implementation of an E-component of Network
Intrusion Detection Systems. It emulates the IP stack of the Linux
kernel 2.0.x.

Robert Watson found a buffer overflow vulnerability in the code
responsible for TCP reassembly of libnids. A remote attacker may
potentially exploit this vulnerability to execute arbitrary code in
the context of the application using this functionality of libnids.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2003-0850[2] to this issue.

The problem has been fixed in libnids 1.18[3], which is included with
this update. Also included with this update are new packages of
dsniff, the only project which uses libnids in Conectiva Linux.

Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://libnids.sourceforge.net
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0850
http://sourceforge.net/project/shownotes.php?release_id=191323
http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:773
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003

Risk factor : High

CVSS Score:
7.5

Querverweis: BugTraq ID: 8905
Common Vulnerability Exposure (CVE) ID: CVE-2003-0850
Bugtraq: 20031027 Libnids <= 1.17 buffer overflow (Google Search)
http://marc.info/?l=bugtraq&m=106728224210446&w=2
Conectiva Linux advisory: CLA-2003:773
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000773
Debian Security Information: DSA-410 (Google Search)
http://www.debian.org/security/2004/dsa-410
http://secunia.com/advisories/10543

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.51476
Kategorie:	Conectiva Local Security Checks
Titel:	Conectiva Security Advisory CLA-2003:773
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory CLA-2003:773. Libnids[1] is an implementation of an E-component of Network Intrusion Detection Systems. It emulates the IP stack of the Linux kernel 2.0.x. Robert Watson found a buffer overflow vulnerability in the code responsible for TCP reassembly of libnids. A remote attacker may potentially exploit this vulnerability to execute arbitrary code in the context of the application using this functionality of libnids. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0850[2] to this issue. The problem has been fixed in libnids 1.18[3], which is included with this update. Also included with this update are new packages of dsniff, the only project which uses libnids in Conectiva Linux. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://libnids.sourceforge.net http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0850 http://sourceforge.net/project/shownotes.php?release_id=191323 http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:773 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003 Risk factor : High CVSS Score: 7.5
Querverweis:	BugTraq ID: 8905 Common Vulnerability Exposure (CVE) ID: CVE-2003-0850 Bugtraq: 20031027 Libnids <= 1.17 buffer overflow (Google Search) http://marc.info/?l=bugtraq&m=106728224210446&w=2 Conectiva Linux advisory: CLA-2003:773 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000773 Debian Security Information: DSA-410 (Google Search) http://www.debian.org/security/2004/dsa-410 http://secunia.com/advisories/10543
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com