Vulnerabilities > CVE-2003-0453 - Unspecified vulnerability in Ehud Gavron Traceroute-Nanog 6.1.1

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
ehud-gavron
nessus

Summary

traceroute-nanog 6.1.1 allows local users to overwrite unauthorized memory and possibly execute arbitrary code via certain "nprobes" and "max_ttl" arguments that cause an integer overflow that is used when allocating memory, which leads to a buffer overflow.

Vulnerable Configurations

Part Description Count
Application
Ehud_Gavron
1

Nessus

NASL familyDebian Local Security Checks
NASL idDEBIAN_DSA-348.NASL
descriptiontraceroute-nanog, an enhanced version of the common traceroute program, contains an integer overflow bug which could be exploited to execute arbitrary code. traceroute-nanog is setuid root, but drops root privileges immediately after obtaining raw ICMP and raw IP sockets. Thus, exploitation of this bug provides only access to these sockets, and not root privileges.
last seen2020-06-01
modified2020-06-02
plugin id15185
published2004-09-29
reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/15185
titleDebian DSA-348-1 : traceroute-nanog - integer overflow, buffer overflow
code
#%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-348. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(15185);
  script_version("1.19");
  script_cvs_date("Date: 2019/08/02 13:32:17");

  script_cve_id("CVE-2003-0453");
  script_bugtraq_id(7994);
  script_xref(name:"DSA", value:"348");

  script_name(english:"Debian DSA-348-1 : traceroute-nanog - integer overflow, buffer overflow");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"traceroute-nanog, an enhanced version of the common traceroute
program, contains an integer overflow bug which could be exploited to
execute arbitrary code. traceroute-nanog is setuid root, but drops
root privileges immediately after obtaining raw ICMP and raw IP
sockets. Thus, exploitation of this bug provides only access to these
sockets, and not root privileges."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugs.debian.org/200875"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.debian.org/security/2003/dsa-348"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"For the stable distribution (woody) this problem has been fixed in
version 6.1.1-1.3.

We recommend that you update your traceroute-nanog package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:traceroute-nanog");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2003/07/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"3.0", prefix:"traceroute-nanog", reference:"6.1.1-1.3")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");