Red Hat Bugzilla – Bug 61411
CVE-2002-0059 /usr/sbin/pppdump is linked to a vulnerable zlib
Last modified: 2007-04-18 12:41:00 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.8) Gecko/20020206
Description of problem:
/usr/sbin/pppdump is statically linked to a vulnerable zlib
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. get the zlib scanner from Florian Weimer
2. /tmp/scanner.pl /usr/sbin/pppdump
Actual Results: /usr/sbin/pppdump: zlib cplens table, little endian
/usr/sbin/pppdump: zlib cplext table (version 0.93 to 1.0.4)
Expected Results: ppp should not be linked to a (stone age) zlib which is
vulnerable to the overflow bug
Name : ppp Relocations: (not relocateable)
Version : 2.3.11 Vendor: Red Hat, Inc.
Release : 4 Build Date: Tue Mar 7 16:25:02 2000
Install date: Wed Nov 1 19:26:18 2000 Build Host: porky.devel.redhat.com
Group : System Environment/Daemons Source RPM: ppp-2.3.11-4.src.rpm
Size : 340494 License: distributable
Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Summary : The PPP (Point-to-Point Protocol) daemon.
The ppp package contains the PPP (Point-to-Point Protocol) daemon and
documentation for PPP support. The PPP protocol provides a method for
transmitting datagrams over serial point-to-point links. PPP is
usually used to dial in to an ISP (Internet Service Provider) or other
organization over a modem and phone line.
Either this should be moved to a newer (supported) product or closed as fixed I
think? The ppp errata from RHL 7.2 does not have this problem if I'm not mistaken.
Issue affects Red Hat Linux 7.1