Executive Summary
| Summary | |
|---|---|
| Title | New traceroute-nanog packages fix integer overflow |
| Informations | |||
|---|---|---|---|
| Name | DSA-348 | First vendor Publication | 2003-07-11 |
| Vendor | Debian | Last vendor Modification | 2003-07-11 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| traceroute-nanog, an enhanced version of the common traceroute program, contains an integer overflow bug which could be exploited to execute arbitrary code. traceroute-nanog is setuid root, but drops root privileges immediately after obtaining raw ICMP and raw IP sockets. Thus, exploitation of this bug provides only access to these sockets, and not root privileges. For the stable distribution (woody) this problem has been fixed in version 6.1.1-1.3. For the unstable distribution (sid) this problem will be fixed soon. See Debian bug #200875. We recommend that you update your traceroute-nanog package. |
Original Source
| Url : http://www.debian.org/security/2003/dsa-348 |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-01-17 | Name : Debian Security Advisory DSA 348-1 (teapop) File : nvt/deb_348_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 4635 | NANOG traceroute nprobes Arbitrary Memory Overwrite |
| 4634 | NANOG traceroute max_ttl Arbitrary Memory Overwrite |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-348.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:32:46 |
|
