Libnids TCP Packet Reassembly Memory Corruption Vulnerability

Solution:
Libnids 1.18 has been released and addresses this issue. Users are advised to upgrade as soon as possible. It should be noted that applications that were statically linked to a vulnerable version of Libnids will not be fixed by this upgrade. The application will have to be re-linked to an invulnerable version of the library.

Gentoo has released an advisory (200311-07) to address this issue, Gentoo have advised that all Gentoo Linux users who are running 'net-libs/libnids' to update their systems using the following commands:

emerge sync
emerge '>=net-libs/libnids-1.18'
emerge clean

Conectiva has released a security advisory (CLA-2003:773) containing fixes to address this issue.

Debian has released an advisory (DSA 410-1) to address this issue. Please see the attached advisory for details on obtaining and applying fixes.


Rafal Wojtczuk Libnids 1.11

Rafal Wojtczuk Libnids 1.12

Rafal Wojtczuk Libnids 1.13

Rafal Wojtczuk Libnids 1.14

Rafal Wojtczuk Libnids 1.16

Rafal Wojtczuk Libnids 1.17

Dug Song dsniff 2.3


 

Privacy Statement
Copyright 2010, SecurityFocus