This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Detail | |||
|---|---|---|---|
| Vendor | Matt Kimball And Roger Wolff | First view | 2000-03-03 |
| Product | Mtr | Last view | 2008-05-21 |
| Version | 0.41 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:matt_kimball_and_roger_wolff:mtr | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 6.8 | 2008-05-21 | CVE-2008-2357 | Stack-based buffer overflow in the split_redraw function in split.c in mtr before 0.73, when invoked with the -p (aka --split) option, allows remote attackers to execute arbitrary code via a crafted DNS PTR record. NOTE: it could be argued that this is a vulnerability in the ns_name_ntop function in resolv/ns_name.c in glibc and the proper fix should be in glibc; if so, then this should not be treated as a vulnerability in mtr. |
| 7.2 | 2000-03-03 | CVE-2000-0172 | The mtr program only uses a seteuid call when attempting to drop privileges, which could allow local users to gain root privileges. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 100% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 45350 | Mtr split.c split_redraw() Function Resolved Hostname Handling Remote Overflow |
| 5268 | mtr seteuid Call Local Privilege Escalation |
OpenVAS Exploits
| id | Description |
|---|---|
| 2009-10-13 | Name : SLES10: Security update for mtr File : nvt/sles10_mtr.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200806-01 (mtr) File : nvt/glsa_200806_01.nasl |
| 2008-05-27 | Name : Debian Security Advisory DSA 1587-1 (mtr) File : nvt/deb_1587_1.nasl |
| 0000-00-00 | Name : Slackware Advisory SSA:2008-210-06 mtr File : nvt/esoft_slk_ssa_2008_210_06.nasl |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2008-07-29 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2008-210-06.nasl - Type: ACT_GATHER_INFO |
| 2008-07-02 | Name: The remote openSUSE host is missing a security update. File: suse_mtr-5289.nasl - Type: ACT_GATHER_INFO |
| 2008-07-02 | Name: The remote SuSE 10 host is missing a security-related patch. File: suse_mtr-5291.nasl - Type: ACT_GATHER_INFO |
| 2008-06-04 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-200806-01.nasl - Type: ACT_GATHER_INFO |
| 2008-05-28 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1587.nasl - Type: ACT_GATHER_INFO |
