Bug 48816 (CVE-2003-0850)

Summary: VUL-0: CVE-2003-0850: buffer overflow in libnids
Product: [Novell Products] SUSE Security Incidents Reporter: Petr Ostadal <postadal>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED INVALID QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium    
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: CVE-2003-0850: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Petr Ostadal 2004-01-06 22:33:14 UTC 
A vulnerability was discovered in libnids, a library used to analyze IP network
traffic, whereby a carefully crafted TCP datagram could cause memory corruption
and potentially execute arbitrary code with the privileges of the user executing
a program which uses libnids (such as dsniff).

Can I make security fix for this package?
Comment 1 Petr Ostadal 2004-01-06 22:33:14 UTC 
<!-- SBZ_reproduce  -->
see Debian Security Advisory - http://www.debian.org/security/2004/dsa-410

In Mitre's CVE dictionary: CAN-2003-0850
(http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0850)
Comment 2 Petr Ostadal 2004-01-06 23:06:18 UTC 
My mistake, I have fixed it 2 month ago ;)
Comment 3 Thomas Biege 2009-10-13 19:43:44 UTC 
CVE-2003-0850: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)