First Last Prev Next    This bug is not in your last search results.
Bug 61411 - CVE-2002-0059 /usr/sbin/pppdump is linked to a vulnerable zlib
CVE-2002-0059 /usr/sbin/pppdump is linked to a vulnerable zlib
Status: CLOSED CURRENTRELEASE
Product: Red Hat Linux
Classification: Retired
Component: ppp (Show other bugs)
7.1
All Linux
medium Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
Aaron Brown
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2002-03-19 05:31 EST by Henning Schmiedehausen
Modified: 2007-04-18 12:41 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-12-12 04:19:01 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Henning Schmiedehausen 2002-03-19 05:31:45 EST 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.8) Gecko/20020206

Description of problem:
/usr/sbin/pppdump is statically linked to a vulnerable zlib 

Version-Release number of selected component (if applicable):
2.3.11-4

How reproducible:
Always

Steps to Reproduce:
1. get the zlib scanner from Florian Weimer
2. /tmp/scanner.pl /usr/sbin/pppdump
3.
	

Actual Results:  /usr/sbin/pppdump: zlib cplens table, little endian
/usr/sbin/pppdump: zlib cplext table (version 0.93 to 1.0.4)


Expected Results:  ppp should not be linked to a (stone age) zlib which is
vulnerable to the overflow bug

Additional info:

Name        : ppp                          Relocations: (not relocateable)
Version     : 2.3.11                            Vendor: Red Hat, Inc.
Release     : 4                             Build Date: Tue Mar  7 16:25:02 2000
Install date: Wed Nov  1 19:26:18 2000      Build Host: porky.devel.redhat.com
Group       : System Environment/Daemons    Source RPM: ppp-2.3.11-4.src.rpm
Size        : 340494                           License: distributable
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Summary     : The PPP (Point-to-Point Protocol) daemon.
Description :
The ppp package contains the PPP (Point-to-Point Protocol) daemon and
documentation for PPP support.  The PPP protocol provides a method for
transmitting datagrams over serial point-to-point links. PPP is
usually used to dial in to an ISP (Internet Service Provider) or other
organization over a modem and phone line.
Comment 1 Kjartan Maraas 2003-04-02 17:55:12 EST 
Either this should be moved to a newer (supported) product or closed as fixed I
think? The ppp errata from RHL 7.2 does not have this problem if I'm not mistaken.
Comment 2 Mark J. Cox 2003-04-23 08:57:32 EDT 
Issue affects Red Hat Linux 7.1
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.