6.8 - GLSA-200806-01

Executive Summary

Summary
Title	mtr: Stack-based buffer overflow

Informations
Name	GLSA-200806-01	First vendor Publication	2008-06-03
Vendor	Gentoo	Last vendor Modification	2008-06-03
Severity (Vendor)	High	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score	6.8	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

A stack-based buffer overflow was found in mtr, possibly resulting in the execution of arbitrary code.

Background

mtr combines the functionality of the 'traceroute' and 'ping' programs in a single network diagnostic tool.

Description

Adam Zabrocki reported a boundary error within the split_redraw()
function in the file split.c, possibly leading to a stack-based buffer overflow.

Impact

A remote attacker could use a specially crafted resolved hostname to execute arbitrary code with root privileges. However, it is required that the attacker controls the DNS server used by the victim, and that the "-p" (or "--split") command line option is used.

Workaround

There is no known workaround at this time.

Resolution

All mtr users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-analyzer/mtr-0.73-r1"

References

[ 1 ] CVE-2008-2357 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2357

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200806-01.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-200806-01.xml

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:20385

Oval ID:	oval:org.mitre.oval:def:20385
Title:	DSA-1587-1 mtr - execution of arbitrary code
Description:	Adam Zabrocki discovered that under certain circumstances mtr, a full screen ncurses and X11 traceroute tool, could be tricked into executing arbitrary code via overly long reverse DNS records.
Family:	unix	Class:	patch
Reference(s):	DSA-1587-1 CVE-2008-2357	Version:	5
Platform(s):	Debian GNU/Linux 4.0	Product(s):	mtr
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. AND mtr DPKG is earlier than 0:0.71-2etch1

Definition Id: oval:org.mitre.oval:def:7244

Oval ID:	oval:org.mitre.oval:def:7244
Title:	DSA-1587 mtr -- buffer overflow
Description:	Adam Zabrocki discovered that under certain circumstances mtr, a full screen ncurses and X11 traceroute tool, could be tricked into executing arbitrary code via overly long reverse DNS records.
Family:	unix	Class:	patch
Reference(s):	DSA-1587 CVE-2008-2357	Version:	3
Platform(s):	Debian GNU/Linux 4.0	Product(s):	mtr
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. Packages section mtr is earlier than 0.71-2etch1 AND mtr-tiny is earlier than 0.71-2etch1

CPE : Common Platform Enumeration

Type	Description	Count
Application	Matt Kimball And Roger Wolff Mtr cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.71:::::::* cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.70:::::::* cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.69:::::::* cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.68:::::::* cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.67:::::::* cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.66:::::::* cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.65:::::::* cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.64:::::::* cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.63:::::::* cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.62:::::::* cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.61:::::::* cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.60:::::::* cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.59:::::::* cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.58:::::::* cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.57:::::::* cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.56:::::::* cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.55:::::::* cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.54:::::::* cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.53:::::::* cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.52:::::::* cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.51:::::::* cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.50:::::::* cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.49:::::::* cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.48:::::::* cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.47:::::::* cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.46:::::::* cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.45:::::::* cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.44:::::::* cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.43:::::::* cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.42:::::::* cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.41:::::::* cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.40:::::::* cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.39:::::::* cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.38:::::::* cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.37:::::::* cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.36:::::::* cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.35:::::::* cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.34:::::::* cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.33:::::::* cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.32:::::::* cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.31:::::::* cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.30:::::::* cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.29:::::::* cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.28:::::::* cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.27:::::::* cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.26:::::::* cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.25:::::::* cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.24:::::::* cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.23:::::::* cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.22:::::::* cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.21:::::::*	51

OpenVAS Exploits

Date	Description
2009-10-13	Name : SLES10: Security update for mtr File : nvt/sles10_mtr.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200806-01 (mtr) File : nvt/glsa_200806_01.nasl
2008-05-27	Name : Debian Security Advisory DSA 1587-1 (mtr) File : nvt/deb_1587_1.nasl
0000-00-00	Name : Slackware Advisory SSA:2008-210-06 mtr File : nvt/esoft_slk_ssa_2008_210_06.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
45350	Mtr split.c split_redraw() Function Resolved Hostname Handling Remote Overflow

Nessus® Vulnerability Scanner

Date	Description
2008-07-29	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-210-06.nasl - Type : ACT_GATHER_INFO
2008-07-02	Name : The remote openSUSE host is missing a security update. File : suse_mtr-5289.nasl - Type : ACT_GATHER_INFO
2008-07-02	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mtr-5291.nasl - Type : ACT_GATHER_INFO
2008-06-04	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200806-01.nasl - Type : ACT_GATHER_INFO
2008-05-28	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1587.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:35:54	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	2
CPE ID(s)	51
osvdb(s)	1
Openvas Exploit(s)	4
Nessus® Exploit(s)	5

	Related
6.8	CVE-2008-2357
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)

6.8 - GLSA-200806-01

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU