Libnids: remote code execution vulnerability — GLSA 200311-08

Libnids contains a bug which could allow remote code execution.

Affected packages

Package 	net-libs/libnids on all architectures
Affected versions 	<= 1.17
Unaffected versions 	>= 1.18

Background

Libnids is a component of a network intrusion detection system.

Description

There is a bug in the part of libnids code responsible for TCP reassembly. The flaw probably allows remote code execution.

Impact

A remote attacker could possibly execute arbitrary code.

Workaround

There is no known workaround at this time.

Resolution

It is recommended that all Gentoo Linux users who are running net-libs/libnids update their systems as follows:

 # emerge sync
 # emerge -pv '>=net-libs/libnids-1.18'
 # emerge '>=net-libs/libnids-1.18'
 # emerge clean

References

    CAN-2003-0850