Bug 48816 (CVE-2003-0850) - VUL-0: CVE-2003-0850: buffer overflow in libnids
Summary: VUL-0: CVE-2003-0850: buffer overflow in libnids
Status: RESOLVED INVALID
Alias: CVE-2003-0850
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: All Linux
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard: CVE-2003-0850: CVSS v2 Base Score: 7....
Keywords:
Depends on:
Blocks:
 
Reported: 2004-01-06 22:33 UTC by Petr Ostadal
Modified: 2021-10-04 08:27 UTC (History)
0 users

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Petr Ostadal 2004-01-06 22:33:14 UTC 
A vulnerability was discovered in libnids, a library used to analyze IP network
traffic, whereby a carefully crafted TCP datagram could cause memory corruption
and potentially execute arbitrary code with the privileges of the user executing
a program which uses libnids (such as dsniff).

Can I make security fix for this package?
Comment 1 Petr Ostadal 2004-01-06 22:33:14 UTC 
<!-- SBZ_reproduce  -->
see Debian Security Advisory - http://www.debian.org/security/2004/dsa-410

In Mitre's CVE dictionary: CAN-2003-0850
(http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0850)
Comment 2 Petr Ostadal 2004-01-06 23:06:18 UTC 
My mistake, I have fixed it 2 month ago ;)
Comment 3 Thomas Biege 2009-10-13 19:43:44 UTC 
CVE-2003-0850: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)