Vulnerabilities > CVE-2002-0497 - Unspecified vulnerability in MTR 0.41
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN mtr
nessus
Summary
Buffer overflow in mtr 0.46 and earlier, when installed setuid root, allows local users to access a raw socket via a long MTR_OPTIONS environment variable.
Nessus
| NASL family | Debian Local Security Checks |
| NASL id | DEBIAN_DSA-124.NASL |
| description | The authors of mtr released a new upstream version, noting a non-exploitable buffer overflow in their ChangeLog. Przemyslaw Frasunek, however, found an easy way to exploit this bug, which allows an attacker to gain access to the raw socket, which makes IP spoofing and other malicious network activity possible. The problem has been fixed by the Debian maintainer in version 0.41-6 for the stable distribution of Debian by backporting the upstream fix and in version 0.48-1 for the testing/unstable distribution. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 14961 |
| published | 2004-09-29 |
| reporter | This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/14961 |
| title | Debian DSA-124-1 : mtr - buffer overflow |
Statements
| contributor | Mark J Cox |
| lastmodified | 2007-03-14 |
| organization | Red Hat |
| statement | Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. |
References
- http://archives.neohapsis.com/archives/bugtraq/2002-03/0048.html
- http://archives.neohapsis.com/archives/bugtraq/2002-03/0048.html
- http://www.debian.org/security/2002/dsa-124
- http://www.debian.org/security/2002/dsa-124
- http://www.iss.net/security_center/static/8367.php
- http://www.iss.net/security_center/static/8367.php
- http://www.securityfocus.com/bid/4217
- http://www.securityfocus.com/bid/4217