Bug 61411 - CVE-2002-0059 /usr/sbin/pppdump is linked to a vulnerable zlib
CVE-2002-0059 /usr/sbin/pppdump is linked to a vulnerable zlib
Status: CLOSED CURRENTRELEASE
Product: Red Hat Linux
Classification: Retired
Component: ppp (Show other bugs)
7.1
All Linux
medium Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
Aaron Brown
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2002-03-19 05:31 EST by Henning Schmiedehausen
Modified: 2007-04-18 12:41 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-12-12 04:19:01 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Henning Schmiedehausen 2002-03-19 05:31:45 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.8) Gecko/20020206

Description of problem:
/usr/sbin/pppdump is statically linked to a vulnerable zlib 

Version-Release number of selected component (if applicable):
2.3.11-4

How reproducible:
Always

Steps to Reproduce:
1. get the zlib scanner from Florian Weimer
2. /tmp/scanner.pl /usr/sbin/pppdump
3.
	

Actual Results:  /usr/sbin/pppdump: zlib cplens table, little endian
/usr/sbin/pppdump: zlib cplext table (version 0.93 to 1.0.4)


Expected Results:  ppp should not be linked to a (stone age) zlib which is
vulnerable to the overflow bug

Additional info:

Name        : ppp                          Relocations: (not relocateable)
Version     : 2.3.11                            Vendor: Red Hat, Inc.
Release     : 4                             Build Date: Tue Mar  7 16:25:02 2000
Install date: Wed Nov  1 19:26:18 2000      Build Host: porky.devel.redhat.com
Group       : System Environment/Daemons    Source RPM: ppp-2.3.11-4.src.rpm
Size        : 340494                           License: distributable
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Summary     : The PPP (Point-to-Point Protocol) daemon.
Description :
The ppp package contains the PPP (Point-to-Point Protocol) daemon and
documentation for PPP support.  The PPP protocol provides a method for
transmitting datagrams over serial point-to-point links. PPP is
usually used to dial in to an ISP (Internet Service Provider) or other
organization over a modem and phone line.
Comment 1 Kjartan Maraas 2003-04-02 17:55:12 EST
Either this should be moved to a newer (supported) product or closed as fixed I
think? The ppp errata from RHL 7.2 does not have this problem if I'm not mistaken.
Comment 2 Mark J. Cox (Product Security) 2003-04-23 08:57:32 EDT
Issue affects Red Hat Linux 7.1

Note You need to log in before you can comment on or make changes to this bug.