Libnids TCP包重组内存破坏漏洞

漏洞信息详情

Libnids TCP包重组内存破坏漏洞

• CNNVD编号：CNNVD-200311-052
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2003-0850
  
• 漏洞类型：
  
  
  边界条件错误
  
• 发布时间：
  
  2003-10-15
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  dug_song
• 漏洞来源：
  Robert Watson※ rwa…

Libnids是一款NIDS功能实现库。
Libnids在处理TCP重组的时候缺少正确的缓冲区边界检查，远程攻击者可以利用这个漏洞进行缓冲区溢出攻击。
Libnids提供IP分片，TCP流重组和端口扫描检测等功能，Libnids在处理过大的TCP包时存在问题，可导致发送恶意TCP包使使用Libnids TCP包重组功能的应用程序崩溃，精心提供恶意数据可能以应用程序进程在系统上执行任意指令。

厂商补丁：
Conectiva
———
Conectiva已经为此发布了一个安全公告(CLA-2003:773)以及相应补丁:

CLA-2003:773：libnids

链接：http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000773” target=”_blank”>
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000773

补丁下载：

Conectiva Upgrade libnids-1.18-1U70_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/7.0/RPMS/libnids-1.18-1U70_1cl.i386.rpm

Conectiva Upgrade libnids-devel-1.18-1U70_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/7.0/RPMS/libnids-devel-1.18-1U70_1cl.i386.rpm

Conectiva Upgrade libnids-devel-static-1.18-1U70_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/7.0/RPMS/libnids-devel-static-1.18-1U70_1cl.i386.rpm

Conectiva Upgrade libnids-1.18-1U80_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/8/RPMS/libnids-1.18-1U80_1cl.i386.rpm

Conectiva Upgrade libnids-devel-1.18-1U80_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/8/RPMS/libnids-devel-1.18-1U80_1cl.i386.rpm

Conectiva Upgrade libnids-devel-static-1.18-1U80_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/8/RPMS/libnids-devel-static-1.18-1U80_1cl.i386.rpm

Conectiva Upgrade libnids-1.18-8448U90_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/9/RPMS/libnids-1.18-8448U90_1cl.i386.rpm

Conectiva Upgrade libnids-devel-1.18-8448U90_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/9/RPMS/libnids-devel-1.18-8448U90_1cl.i386.rpm

Conectiva Upgrade libnids-devel-static-1.18-8448U90_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/9/RPMS/libnids-devel-static-1.18-8448U90_1cl.i386.rpm

Dug Song dsniff 2.3:

Conectiva Upgrade dsniff-2.3-4U70_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/7.0/RPMS/dsniff-2.3-4U70_1cl.i386.rpm

Conectiva Upgrade dsniff-2.3-7U80_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/8/RPMS/dsniff-2.3-7U80_1cl.i386.rpm

Conectiva Upgrade dsniff-webspy-2.3-7U80_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/8/RPMS/dsniff-webspy-2.3-7U80_1cl.i386.rpm

Conectiva Upgrade dsniff-2.3-24591U90_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/9/RPMS/dsniff-2.3-24591U90_1cl.i386.rpm

Conectiva Upgrade dsniff-webspy-2.3-24591U90_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/9/RPMS/dsniff-webspy-2.3-24591U90_1cl.i386.rpm
Rafal Wojtczuk
————–
目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：

Rafal Wojtczuk Upgrade Libnids 1.18

https://sourceforge.net/project/showfiles.php?group_id=92215” target=”_blank”>https://sourceforge.net/project/showfiles.php?group_id=92215

来源: DEBIAN
名称: DSA-410
链接:http://www.debian.org/security/2004/dsa-410

来源: BUGTRAQ
名称: 20031027 Libnids <= 1.17 buffer overflow
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=106728224210446&w=2

来源: sourceforge.net
链接:http://sourceforge.net/project/shownotes.php?release_id=191323

来源: SECUNIA
名称: 10543
链接:http://secunia.com/advisories/10543

来源: CONECTIVA
名称: CLA-2003:773
链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000773