Vulnerability Description
The TCP reassembly functionality in libnids before 1.18 allows remote attackers to cause "memory corruption" and possibly execute arbitrary code via "overlarge TCP packets."
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dug Song | Dsniff | 2.3 |
| Rafal Wojtczuk | Libnids | 1.11 |
References
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000773
- http://marc.info/?l=bugtraq&m=106728224210446&w=2
- http://secunia.com/advisories/10543
- http://sourceforge.net/project/shownotes.php?release_id=191323Vendor Advisory
- http://www.debian.org/security/2004/dsa-410PatchVendor Advisory
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000773
- http://marc.info/?l=bugtraq&m=106728224210446&w=2
- http://secunia.com/advisories/10543
- http://sourceforge.net/project/shownotes.php?release_id=191323Vendor Advisory
- http://www.debian.org/security/2004/dsa-410PatchVendor Advisory
FAQ
What is CVE-2003-0850?
CVE-2003-0850 is a vulnerability with a CVSS score of 7.5 (HIGH). The TCP reassembly functionality in libnids before 1.18 allows remote attackers to cause "memory corruption" and possibly execute arbitrary code via "overlarge TCP packets."
How severe is CVE-2003-0850?
CVE-2003-0850 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-0850?
Check the references section above for vendor advisories and patch information. Affected products include: Dug Song Dsniff, Rafal Wojtczuk Libnids.