Vulnerabilities > CVE-2000-0949

047910
CVSS 7.2 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
low complexity
lbl
sun
nessus
exploit available
NVD
Published: 2000-12-19
Updated: 2018-10-30

Summary

Heap overflow in savestr function in LBNL traceroute 1.4a5 and earlier allows a local user to execute arbitrary commands via the -g option.

Vulnerable Configurations

Part Description Count
Application
Lbl
1
OS
Sun
1

Exploit-Db

  • descriptiontraceroute Local Root Exploit. CVE-2000-0949. Local exploit for linux platform
    idEDB-ID:178
    last seen2016-01-31
    modified2000-11-15
    published2000-11-15
    reporterMichel Kaempf
    sourcehttps://www.exploit-db.com/download/178/
    titletraceroute Local Root Exploit
  • descriptionLBL traceroute 1.4 a5 Heap Corruption Vulnerability (1). CVE-2000-0949. Local exploit for linux platform
    idEDB-ID:20250
    last seen2016-02-02
    modified2000-09-28
    published2000-09-28
    reporterDvorak
    sourcehttps://www.exploit-db.com/download/20250/
    titleLBL traceroute 1.4 a5 Heap Corruption Vulnerability 1
  • descriptionLBL traceroute 1.4 a5 Heap Corruption Vulnerability (3). CVE-2000-0949. Local exploit for linux platform
    idEDB-ID:20252
    last seen2016-02-02
    modified2000-09-28
    published2000-09-28
    reporterMichel Kaempf
    sourcehttps://www.exploit-db.com/download/20252/
    titleLBL traceroute 1.4 a5 Heap Corruption Vulnerability 3
  • descriptionLBL traceroute 1.4 a5 Heap Corruption Vulnerability (2). CVE-2000-0949. Local exploit for linux platform
    idEDB-ID:20251
    last seen2016-02-02
    modified2000-09-28
    published2000-09-28
    reporterPerry Harrington
    sourcehttps://www.exploit-db.com/download/20251/
    titleLBL traceroute 1.4 a5 Heap Corruption Vulnerability 2

Nessus

NASL familyMandriva Local Security Checks
NASL idMANDRAKE_MDKSA-2000-053.NASL
descriptionThere is a bug in the traceroute program which causes segfaults and which could potentially be exploited to provide root privilege because the traceroute command is suid root. There are no known exploits currently, but users are encouraged to upgrade.
last seen2020-06-01
modified2020-06-02
plugin id61843
published2012-09-06
reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/61843
titleMandrake Linux Security Advisory : traceroute (MDKSA-2000:053)
code
#%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandrake Linux Security Advisory MDKSA-2000:053. 
# The text itself is copyright (C) Mandriva S.A.
#

include("compat.inc");

if (description)
{
  script_id(61843);
  script_version("1.5");
  script_cvs_date("Date: 2019/08/02 13:32:46");

  script_cve_id("CVE-2000-0949");
  script_xref(name:"MDKSA", value:"2000:053");

  script_name(english:"Mandrake Linux Security Advisory : traceroute (MDKSA-2000:053)");
  script_summary(english:"Checks rpm output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Mandrake Linux host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"There is a bug in the traceroute program which causes segfaults and
which could potentially be exploited to provide root privilege because
the traceroute command is suid root. There are no known exploits
currently, but users are encouraged to upgrade."
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected traceroute package."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:traceroute");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:6.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:6.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2000/10/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/06");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2019 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK6.0", cpu:"i386", reference:"traceroute-1.4a5-12mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK6.1", cpu:"i386", reference:"traceroute-1.4a5-12mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK7.0", cpu:"i386", reference:"traceroute-1.4a5-12mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK7.1", cpu:"i386", reference:"traceroute-1.4a5-12mdk", yank:"mdk")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

Redhat

advisories
rhsa
idRHSA-2000:078

References