Vulnerabilities > CVE-2000-0949
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Heap overflow in savestr function in LBNL traceroute 1.4a5 and earlier allows a local user to execute arbitrary commands via the -g option.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 | |
OS | 1 |
Exploit-Db
description traceroute Local Root Exploit. CVE-2000-0949. Local exploit for linux platform id EDB-ID:178 last seen 2016-01-31 modified 2000-11-15 published 2000-11-15 reporter Michel Kaempf source https://www.exploit-db.com/download/178/ title traceroute Local Root Exploit description LBL traceroute 1.4 a5 Heap Corruption Vulnerability (1). CVE-2000-0949. Local exploit for linux platform id EDB-ID:20250 last seen 2016-02-02 modified 2000-09-28 published 2000-09-28 reporter Dvorak source https://www.exploit-db.com/download/20250/ title LBL traceroute 1.4 a5 Heap Corruption Vulnerability 1 description LBL traceroute 1.4 a5 Heap Corruption Vulnerability (3). CVE-2000-0949. Local exploit for linux platform id EDB-ID:20252 last seen 2016-02-02 modified 2000-09-28 published 2000-09-28 reporter Michel Kaempf source https://www.exploit-db.com/download/20252/ title LBL traceroute 1.4 a5 Heap Corruption Vulnerability 3 description LBL traceroute 1.4 a5 Heap Corruption Vulnerability (2). CVE-2000-0949. Local exploit for linux platform id EDB-ID:20251 last seen 2016-02-02 modified 2000-09-28 published 2000-09-28 reporter Perry Harrington source https://www.exploit-db.com/download/20251/ title LBL traceroute 1.4 a5 Heap Corruption Vulnerability 2
Nessus
NASL family | Mandriva Local Security Checks |
NASL id | MANDRAKE_MDKSA-2000-053.NASL |
description | There is a bug in the traceroute program which causes segfaults and which could potentially be exploited to provide root privilege because the traceroute command is suid root. There are no known exploits currently, but users are encouraged to upgrade. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 61843 |
published | 2012-09-06 |
reporter | This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/61843 |
title | Mandrake Linux Security Advisory : traceroute (MDKSA-2000:053) |
code |
|
Redhat
advisories |
|
References
- http://archives.neohapsis.com/archives/bugtraq/2000-09/0344.html
- http://archives.neohapsis.com/archives/bugtraq/2000-09/0357.html
- http://www.calderasystems.com/support/security/advisories/CSSA-2000-034.0.txt
- http://www.debian.org/security/2000/20001013
- http://www.linux-mandrake.com/en/security/MDKSA-2000-053.php3?dis=7.1
- http://www.redhat.com/support/errata/RHSA-2000-078.html
- http://www.securityfocus.com/bid/1739
- http://www.turbolinux.com/pipermail/tl-security-announce/2000-October/000025.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5311