Executive Summary
Summary | |
---|---|
Title | pWhois Layer Four Traceroute 3.x vulnerability |
Informations | |||
---|---|---|---|
Name | VU#946652 | First vendor Publication | 2011-04-04 |
Vendor | VU-CERT | Last vendor Modification | 2011-04-04 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.2 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#946652pWhois Layer Four Traceroute 3.x vulnerabilityOverviewGiven a specific set of command line arguments, Layer Four Traceroute (lft) will produce a segmentation fault leading to a possible privilege escalation vulnerability.I. DescriptionpWhois Layer Four Traceroute 3.x contains a vulnerability when parsing command line arguments. Earlier versions of Layer Four Traceroute may also be vulnerable. Some distributions that package Layer Four Traceroute are not vulnerable because they do not install the 'lft' binary SETUID root.II. ImpactIf Layer Four Traceroute is installed SETUID root, a local attacker may be able to exploit the vulnerability for privilege escalation.III. SolutionApply an UpdateUpgrade to Layer Four Traceroute 3.3 or later.
ReferencesThanks to Markus Gothe for reporting this vulnerability. This document was written by Jared Allar.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/946652 |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 |
OpenVAS Exploits
Date | Description |
---|---|
2011-04-13 | Name : pWhois Layer Four Traceroute (LFT) Unspecified Vulnerability File : nvt/gb_pwhois_lft_unspecified_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
72537 | Layer Four Traceroute (LFT) Crafted Command Line Unspecified Privilege Escala... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-12-15 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-10.nasl - Type : ACT_GATHER_INFO |