Libnids 'ip_fragment.c' Null Pointer Deference Remote Denial of Service Vulnerability

Bugtraq ID:	39142
Class:	Unknown
CVE:	CVE-2010-0751
Remote:	Yes
Local:	No
Published:	Apr 01 2010 12:00AM
Updated:	Apr 13 2015 10:18PM
Credit:	Reported by the vendor.
Vulnerable:	Rafal Wojtczuk Libnids 1.18 Rafal Wojtczuk Libnids 1.17 Rafal Wojtczuk Libnids 1.16 Rafal Wojtczuk Libnids 1.14 Rafal Wojtczuk Libnids 1.13 Rafal Wojtczuk Libnids 1.12 Rafal Wojtczuk Libnids 1.11 Rafal Wojtczuk Libnids 1.23 Rafal Wojtczuk Libnids 1.22 Pardus Linux 2009 0
Not Vulnerable:	Rafal Wojtczuk Libnids 1.24

Libnids 'ip_fragment.c' Null Pointer Deference Remote Denial of Service Vulnerability

Libnids is prone to a remote denial-of-service vulnerability caused by a NULL-pointer dereference error.

An attacker may exploit this issue to crash applications using the vulnerable library, denying service to legitimate users.

Libnids versions prior to 1.24 are vulnerable.

Libnids 'ip_fragment.c' Null Pointer Deference Remote Denial of Service Vulnerability

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Libnids 'ip_fragment.c' Null Pointer Deference Remote Denial of Service Vulnerability

Solution:
Updates are available. Please see the references for more information.

Libnids 'ip_fragment.c' Null Pointer Deference Remote Denial of Service Vulnerability

References:

• Libnids Homepage (Libnids)
  
• Libnids IP Fragmentation Remote NULL Pointer Dereference (xorl)