Bug 61411

Summary: CVE-2002-0059 /usr/sbin/pppdump is linked to a vulnerable zlib
Product: [Retired] Red Hat Linux Reporter: Henning Schmiedehausen <hps>
Component: pppAssignee: Nalin Dahyabhai <nalin>
Status: CLOSED CURRENTRELEASE QA Contact: Aaron Brown <abrown>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.1CC: kmaraas
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2003-12-12 09:19:01 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Henning Schmiedehausen 2002-03-19 10:31:45 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.8) Gecko/20020206

Description of problem:
/usr/sbin/pppdump is statically linked to a vulnerable zlib 

Version-Release number of selected component (if applicable):
2.3.11-4

How reproducible:
Always

Steps to Reproduce:
1. get the zlib scanner from Florian Weimer
2. /tmp/scanner.pl /usr/sbin/pppdump
3.
	

Actual Results:  /usr/sbin/pppdump: zlib cplens table, little endian
/usr/sbin/pppdump: zlib cplext table (version 0.93 to 1.0.4)


Expected Results:  ppp should not be linked to a (stone age) zlib which is
vulnerable to the overflow bug

Additional info:

Name        : ppp                          Relocations: (not relocateable)
Version     : 2.3.11                            Vendor: Red Hat, Inc.
Release     : 4                             Build Date: Tue Mar  7 16:25:02 2000
Install date: Wed Nov  1 19:26:18 2000      Build Host: porky.devel.redhat.com
Group       : System Environment/Daemons    Source RPM: ppp-2.3.11-4.src.rpm
Size        : 340494                           License: distributable
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Summary     : The PPP (Point-to-Point Protocol) daemon.
Description :
The ppp package contains the PPP (Point-to-Point Protocol) daemon and
documentation for PPP support.  The PPP protocol provides a method for
transmitting datagrams over serial point-to-point links. PPP is
usually used to dial in to an ISP (Internet Service Provider) or other
organization over a modem and phone line.
Comment 1 Kjartan Maraas 2003-04-02 22:55:12 UTC 
Either this should be moved to a newer (supported) product or closed as fixed I
think? The ppp errata from RHL 7.2 does not have this problem if I'm not mistaken.
Comment 2 Mark J. Cox 2003-04-23 12:57:32 UTC 
Issue affects Red Hat Linux 7.1