Bug 61411 - CVE-2002-0059 /usr/sbin/pppdump is linked to a vulnerable zlib
Summary: CVE-2002-0059 /usr/sbin/pppdump is linked to a vulnerable zlib
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: ppp
Version: 7.1
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact: Aaron Brown
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2002-03-19 10:31 UTC by Henning Schmiedehausen
Modified: 2007-04-18 16:41 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2003-12-12 09:19:01 UTC
Embargoed:


Attachments (Terms of Use)

Description Henning Schmiedehausen 2002-03-19 10:31:45 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.8) Gecko/20020206

Description of problem:
/usr/sbin/pppdump is statically linked to a vulnerable zlib 

Version-Release number of selected component (if applicable):
2.3.11-4

How reproducible:
Always

Steps to Reproduce:
1. get the zlib scanner from Florian Weimer
2. /tmp/scanner.pl /usr/sbin/pppdump
3.
	

Actual Results:  /usr/sbin/pppdump: zlib cplens table, little endian
/usr/sbin/pppdump: zlib cplext table (version 0.93 to 1.0.4)


Expected Results:  ppp should not be linked to a (stone age) zlib which is
vulnerable to the overflow bug

Additional info:

Name        : ppp                          Relocations: (not relocateable)
Version     : 2.3.11                            Vendor: Red Hat, Inc.
Release     : 4                             Build Date: Tue Mar  7 16:25:02 2000
Install date: Wed Nov  1 19:26:18 2000      Build Host: porky.devel.redhat.com
Group       : System Environment/Daemons    Source RPM: ppp-2.3.11-4.src.rpm
Size        : 340494                           License: distributable
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Summary     : The PPP (Point-to-Point Protocol) daemon.
Description :
The ppp package contains the PPP (Point-to-Point Protocol) daemon and
documentation for PPP support.  The PPP protocol provides a method for
transmitting datagrams over serial point-to-point links. PPP is
usually used to dial in to an ISP (Internet Service Provider) or other
organization over a modem and phone line.

Comment 1 Kjartan Maraas 2003-04-02 22:55:12 UTC
Either this should be moved to a newer (supported) product or closed as fixed I
think? The ppp errata from RHL 7.2 does not have this problem if I'm not mistaken.

Comment 2 Mark J. Cox 2003-04-23 12:57:32 UTC
Issue affects Red Hat Linux 7.1


Note You need to log in before you can comment on or make changes to this bug.