Vulnerabilites related to matt_kimball_and_roger_wolff - mtr
Vulnerability from fkie_nvd
Published
2000-03-03 05:00
Modified
2024-11-20 23:31
Severity ?
Summary
The mtr program only uses a seteuid call when attempting to drop privileges, which could allow local users to gain root privileges.
References
cve@mitre.orghttp://www.securityfocus.com/bid/1038
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/1038
Impacted products
Vendor Product Version
matt_kimball_and_roger_wolff mtr 0.28
matt_kimball_and_roger_wolff mtr 0.41
turbolinux turbolinux 3.5b2
turbolinux turbolinux 4.2
turbolinux turbolinux 4.4
turbolinux turbolinux 6.0.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "374B0A57-7231-403F-B339-1F0E8051E62E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.41:*:*:*:*:*:*:*",
              "matchCriteriaId": "CED7EB1A-43A1-40C8-BA1C-AE826986E89A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:turbolinux:turbolinux:3.5b2:*:*:*:*:*:*:*",
              "matchCriteriaId": "667CF388-298D-4B64-9BA5-89D153FFA998",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:turbolinux:turbolinux:4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D15A193-3E01-467C-AEAD-497F4600DB06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:turbolinux:turbolinux:4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7C765FF-0A3D-4BF4-B236-609658776ACA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:turbolinux:turbolinux:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6619B49-8A89-4600-A47F-A39C8BF54259",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The mtr program only uses a seteuid call when attempting to drop privileges, which could allow local users to gain root privileges."
    }
  ],
  "id": "CVE-2000-0172",
  "lastModified": "2024-11-20T23:31:52.930",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2000-03-03T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/1038"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/1038"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2008-05-21 13:24
Modified
2024-11-21 00:46
Severity ?
Summary
Stack-based buffer overflow in the split_redraw function in split.c in mtr before 0.73, when invoked with the -p (aka --split) option, allows remote attackers to execute arbitrary code via a crafted DNS PTR record. NOTE: it could be argued that this is a vulnerability in the ns_name_ntop function in resolv/ns_name.c in glibc and the proper fix should be in glibc; if so, then this should not be treated as a vulnerability in mtr.
References
cve@mitre.orgftp://ftp.bitwizard.nl/mtr/mtr-0.73.diff
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
cve@mitre.orghttp://seclists.org/fulldisclosure/2008/May/0488.htmlExploit
cve@mitre.orghttp://secunia.com/advisories/30312Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/30340
cve@mitre.orghttp://secunia.com/advisories/30359
cve@mitre.orghttp://secunia.com/advisories/30522
cve@mitre.orghttp://secunia.com/advisories/30967
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200806-01.xml
cve@mitre.orghttp://securityreason.com/securityalert/3903
cve@mitre.orghttp://wiki.rpath.com/wiki/Advisories:rPSA-2008-0175
cve@mitre.orghttp://www.debian.org/security/2008/dsa-1587
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2008:176
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2008/05/21/1
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2008/05/21/3
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2008/05/21/4
cve@mitre.orghttp://www.securityfocus.com/archive/1/492260/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/29290
cve@mitre.orghttp://www.securitytracker.com/id?1020046
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/42535
cve@mitre.orghttps://issues.rpath.com/browse/RPL-2558
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.bitwizard.nl/mtr/mtr-0.73.diff
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2008/May/0488.htmlExploit
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30312Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30340
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30359
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30522
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30967
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200806-01.xml
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/3903
af854a3a-2127-422b-91ae-364da2661108http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0175
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2008/dsa-1587
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2008:176
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2008/05/21/1
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2008/05/21/3
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2008/05/21/4
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/492260/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/29290
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1020046
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/42535
af854a3a-2127-422b-91ae-364da2661108https://issues.rpath.com/browse/RPL-2558
Impacted products
Vendor Product Version
matt_kimball_and_roger_wolff mtr *
matt_kimball_and_roger_wolff mtr 0.21
matt_kimball_and_roger_wolff mtr 0.22
matt_kimball_and_roger_wolff mtr 0.23
matt_kimball_and_roger_wolff mtr 0.24
matt_kimball_and_roger_wolff mtr 0.25
matt_kimball_and_roger_wolff mtr 0.26
matt_kimball_and_roger_wolff mtr 0.27
matt_kimball_and_roger_wolff mtr 0.28
matt_kimball_and_roger_wolff mtr 0.29
matt_kimball_and_roger_wolff mtr 0.30
matt_kimball_and_roger_wolff mtr 0.31
matt_kimball_and_roger_wolff mtr 0.32
matt_kimball_and_roger_wolff mtr 0.33
matt_kimball_and_roger_wolff mtr 0.34
matt_kimball_and_roger_wolff mtr 0.35
matt_kimball_and_roger_wolff mtr 0.36
matt_kimball_and_roger_wolff mtr 0.37
matt_kimball_and_roger_wolff mtr 0.38
matt_kimball_and_roger_wolff mtr 0.39
matt_kimball_and_roger_wolff mtr 0.40
matt_kimball_and_roger_wolff mtr 0.41
matt_kimball_and_roger_wolff mtr 0.42
matt_kimball_and_roger_wolff mtr 0.43
matt_kimball_and_roger_wolff mtr 0.44
matt_kimball_and_roger_wolff mtr 0.45
matt_kimball_and_roger_wolff mtr 0.46
matt_kimball_and_roger_wolff mtr 0.47
matt_kimball_and_roger_wolff mtr 0.48
matt_kimball_and_roger_wolff mtr 0.49
matt_kimball_and_roger_wolff mtr 0.50
matt_kimball_and_roger_wolff mtr 0.51
matt_kimball_and_roger_wolff mtr 0.52
matt_kimball_and_roger_wolff mtr 0.53
matt_kimball_and_roger_wolff mtr 0.54
matt_kimball_and_roger_wolff mtr 0.55
matt_kimball_and_roger_wolff mtr 0.56
matt_kimball_and_roger_wolff mtr 0.57
matt_kimball_and_roger_wolff mtr 0.58
matt_kimball_and_roger_wolff mtr 0.59
matt_kimball_and_roger_wolff mtr 0.60
matt_kimball_and_roger_wolff mtr 0.61
matt_kimball_and_roger_wolff mtr 0.62
matt_kimball_and_roger_wolff mtr 0.63
matt_kimball_and_roger_wolff mtr 0.64
matt_kimball_and_roger_wolff mtr 0.65
matt_kimball_and_roger_wolff mtr 0.66
matt_kimball_and_roger_wolff mtr 0.67
matt_kimball_and_roger_wolff mtr 0.68
matt_kimball_and_roger_wolff mtr 0.69
matt_kimball_and_roger_wolff mtr 0.70
matt_kimball_and_roger_wolff mtr 0.71


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "03F4DF3D-5E0D-4D68-B462-30308E5E13A1",
              "versionEndIncluding": "0.72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7853B18-8111-4D6E-9A80-AB7AAB1D66AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E9ED651-D6AC-4948-9F02-D5E20F00F0B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D1F6687-B716-4858-BE73-026BE69A0BFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1FA88B7-0254-463D-8F53-06E3D0F94019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B06FCDB-68D7-4A90-9B9D-E68C1988AE65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "71958EE1-4E50-4D48-A44A-9BBDBC51BCFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "20EA1E63-4547-4341-8823-2150F1BDA9C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "374B0A57-7231-403F-B339-1F0E8051E62E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "42F67AEF-6500-4C93-94AA-996AAB9D7A85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "8024A2B3-3F77-4090-91F7-F3D1F36C07B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "0171C37E-345A-4934-92FB-7527AAF0F737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "2645AD6F-4219-42A1-AF41-D3DF3E00EC3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECBB8635-988E-4C10-B48D-F01DD480D2EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "C505F066-86C8-433D-BCEE-FBCC420F6B45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "12E9959F-11DD-4AA2-960A-505486E313A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "102D8451-F90A-4DCF-BD67-D80EECBF6204",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.37:*:*:*:*:*:*:*",
              "matchCriteriaId": "04EE1273-A619-4101-8998-5B93B89D0E04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.38:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AF1F3A1-6078-413A-BCE1-6586AE39D0BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.39:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFE66E77-0054-44C5-93F8-F156C02F32C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "15895BE3-0E68-4BDD-9F91-E5CD0F889AAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.41:*:*:*:*:*:*:*",
              "matchCriteriaId": "CED7EB1A-43A1-40C8-BA1C-AE826986E89A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.42:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC8D031C-EF4D-4909-AFB2-B388B463234D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.43:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3CCD558-3EB8-4541-8854-CFFE1BCE4A61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.44:*:*:*:*:*:*:*",
              "matchCriteriaId": "246C99CD-B83C-4918-8283-840CE0930ED6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.45:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F65329B-2CA9-483E-BD78-EF0EFEF6FBE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.46:*:*:*:*:*:*:*",
              "matchCriteriaId": "167DDB18-E0FF-4FE0-9070-CBEEF4D00AF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.47:*:*:*:*:*:*:*",
              "matchCriteriaId": "6585D8B7-3BD9-4577-878D-5140C6EAD16D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.48:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F2B7CF7-11D0-42EC-908E-3AD686F918BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.49:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE6AFE6B-BAE2-43A0-A969-08A0D19CA3C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9E93793-1883-4562-90AC-F054FC71F7E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1624E70-8A0F-423A-8205-7C27260C9278",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E7AEC9D-210E-45D5-92E9-76502A4088F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "378C925D-E6B2-4569-825F-1F02A1C53E17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.54:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFBDD8C1-A741-479F-A521-B5E990C83C93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.55:*:*:*:*:*:*:*",
              "matchCriteriaId": "A36351D6-635F-470C-B32A-AC0D81E4F6A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.56:*:*:*:*:*:*:*",
              "matchCriteriaId": "11C682D2-8708-449C-A195-72D609B55462",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.57:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EA9A3EE-3CC8-4154-AC61-DC92B2213C6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.58:*:*:*:*:*:*:*",
              "matchCriteriaId": "44DFA818-A31A-4D1F-8583-3BF9A8DBDE5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.59:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99B8176-7A2D-4DF6-B9EF-9F6A681BCE66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.60:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE1F33CC-1F45-439A-B082-639A1E4F8EC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.61:*:*:*:*:*:*:*",
              "matchCriteriaId": "88E62548-9BC1-48B4-A6DC-CAF5E5802298",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.62:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3D7D899-02F5-4D56-875D-56252BA6228B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.63:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5322BE5-43B4-48DA-826A-C82F78F4DE07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.64:*:*:*:*:*:*:*",
              "matchCriteriaId": "34BAFF2F-A106-47A6-8C9D-A5E0AB0F9320",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.65:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AA9702E-52A5-4AC3-B30B-CACEED6456F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.66:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFADC518-86EB-45EB-A65A-5065CF2984BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.67:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD3AA825-EC60-4B24-92B8-E5CB47460E94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.68:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9FE1CCC-214B-421D-8A10-039BDDFB36CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.69:*:*:*:*:*:*:*",
              "matchCriteriaId": "D480960D-56DF-4CD9-B088-54F5AD2EC3BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.70:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5570E29-C4CE-4161-A91B-98D3CE63BA40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.71:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CBB23A6-F7D8-482E-9411-BF152F68CBFF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in the split_redraw function in split.c in mtr before 0.73, when invoked with the -p (aka --split) option, allows remote attackers to execute arbitrary code via a crafted DNS PTR record.  NOTE: it could be argued that this is a vulnerability in the ns_name_ntop function in resolv/ns_name.c in glibc and the proper fix should be in glibc; if so, then this should not be treated as a vulnerability in mtr."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de B\u00fafer basado en pila de la funci\u00f3n spot_redraw en split.c de mtr versiones anteriores a la 0.73, cuando se realiza una llamada a la funci\u00f3n con la opci\u00f3n \u2013p  (tambi\u00e9n conocida como --split), permite a atacantes remotos ejecutar c\u00f3digo arbitrariamente a trav\u00e9s de registros DNS PTR manipulados. NOTA: es discutible que esta es una vulnerabilidad de la funci\u00f3n _name_ntop en resolv/ns_name.c de glibc cuyo parche correspondiente estar\u00eda en glibc; si as\u00ed fuera, entonces esto no deber\u00eda tratarse como una vulnerabilidad de mtr."
    }
  ],
  "id": "CVE-2008-2357",
  "lastModified": "2024-11-21T00:46:41.977",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-05-21T13:24:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.bitwizard.nl/mtr/mtr-0.73.diff"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://seclists.org/fulldisclosure/2008/May/0488.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30312"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/30340"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/30359"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/30522"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/30967"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200806-01.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/3903"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0175"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2008/dsa-1587"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:176"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2008/05/21/1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2008/05/21/3"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2008/05/21/4"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/492260/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/29290"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1020046"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42535"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://issues.rpath.com/browse/RPL-2558"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.bitwizard.nl/mtr/mtr-0.73.diff"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://seclists.org/fulldisclosure/2008/May/0488.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30312"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30340"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30359"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30522"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30967"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200806-01.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/3903"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0175"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2008/dsa-1587"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:176"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2008/05/21/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2008/05/21/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2008/05/21/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/492260/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/29290"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1020046"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42535"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://issues.rpath.com/browse/RPL-2558"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "This issue does not affect the versions of mtr as shipped with Red Hat Enterprise Linux 4 or 5.\n\nFor Red Hat Enterprise Linux 2.1 and 3, this issue can only be exploited if an attacker can convince victim to use mtr to trace path to or via the IP, for which an attacker controls PTR DNS records. Additionally, the victim must run mtr in \u0026quot;split mode\u0026quot; by providing -p or --split\ncommand line options.  The Red Hat Security Response Team has therefore rated this issue as having low security impact, a future update may address this flaw.",
      "lastModified": "2008-06-25T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2000-0172
Vulnerability from cvelistv5
Published
2000-04-10 04:00
Modified
2024-08-08 05:05
Severity ?
Summary
The mtr program only uses a seteuid call when attempting to drop privileges, which could allow local users to gain root privileges.
References
http://www.securityfocus.com/bid/1038vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T05:05:53.917Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1038",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/1038"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2000-03-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The mtr program only uses a seteuid call when attempting to drop privileges, which could allow local users to gain root privileges."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2005-11-02T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1038",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/1038"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2000-0172",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The mtr program only uses a seteuid call when attempting to drop privileges, which could allow local users to gain root privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1038",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/1038"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2000-0172",
    "datePublished": "2000-04-10T04:00:00",
    "dateReserved": "2000-03-22T00:00:00",
    "dateUpdated": "2024-08-08T05:05:53.917Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2008-2357
Vulnerability from cvelistv5
Published
2008-05-21 10:00
Modified
2024-08-07 08:58
Severity ?
Summary
Stack-based buffer overflow in the split_redraw function in split.c in mtr before 0.73, when invoked with the -p (aka --split) option, allows remote attackers to execute arbitrary code via a crafted DNS PTR record. NOTE: it could be argued that this is a vulnerability in the ns_name_ntop function in resolv/ns_name.c in glibc and the proper fix should be in glibc; if so, then this should not be treated as a vulnerability in mtr.
References
http://secunia.com/advisories/30340third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/30522third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/492260/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/30312third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDVSA-2008:176vendor-advisory, x_refsource_MANDRIVA
http://www.securityfocus.com/bid/29290vdb-entry, x_refsource_BID
http://security.gentoo.org/glsa/glsa-200806-01.xmlvendor-advisory, x_refsource_GENTOO
http://www.openwall.com/lists/oss-security/2008/05/21/3mailing-list, x_refsource_MLIST
http://secunia.com/advisories/30967third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/30359third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/42535vdb-entry, x_refsource_XF
http://www.openwall.com/lists/oss-security/2008/05/21/4mailing-list, x_refsource_MLIST
http://securityreason.com/securityalert/3903third-party-advisory, x_refsource_SREASON
http://www.debian.org/security/2008/dsa-1587vendor-advisory, x_refsource_DEBIAN
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.htmlvendor-advisory, x_refsource_SUSE
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0175x_refsource_CONFIRM
http://seclists.org/fulldisclosure/2008/May/0488.htmlmailing-list, x_refsource_FULLDISC
http://www.openwall.com/lists/oss-security/2008/05/21/1mailing-list, x_refsource_MLIST
http://www.securitytracker.com/id?1020046vdb-entry, x_refsource_SECTRACK
https://issues.rpath.com/browse/RPL-2558x_refsource_CONFIRM
ftp://ftp.bitwizard.nl/mtr/mtr-0.73.diffx_refsource_CONFIRM
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:58:01.973Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "30340",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30340"
          },
          {
            "name": "30522",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30522"
          },
          {
            "name": "20080519 Mtr - remote and local stack overflow - uncomment situation in libresolv.",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/492260/100/0/threaded"
          },
          {
            "name": "30312",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30312"
          },
          {
            "name": "MDVSA-2008:176",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:176"
          },
          {
            "name": "29290",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/29290"
          },
          {
            "name": "GLSA-200806-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200806-01.xml"
          },
          {
            "name": "[oss-security] 20080521 Re: CVE request: mtr",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2008/05/21/3"
          },
          {
            "name": "30967",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30967"
          },
          {
            "name": "30359",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30359"
          },
          {
            "name": "mtr-splitredraw-bo(42535)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42535"
          },
          {
            "name": "[oss-security] 20080521 Re: CVE request: mtr",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2008/05/21/4"
          },
          {
            "name": "3903",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/3903"
          },
          {
            "name": "DSA-1587",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1587"
          },
          {
            "name": "SUSE-SR:2008:014",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0175"
          },
          {
            "name": "20080519 Mtr - remote and local stack overflow - uncomment situation in libresolv.",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2008/May/0488.html"
          },
          {
            "name": "[oss-security] 20080521 Re: CVE request: mtr",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2008/05/21/1"
          },
          {
            "name": "1020046",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1020046"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-2558"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://ftp.bitwizard.nl/mtr/mtr-0.73.diff"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-05-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in the split_redraw function in split.c in mtr before 0.73, when invoked with the -p (aka --split) option, allows remote attackers to execute arbitrary code via a crafted DNS PTR record.  NOTE: it could be argued that this is a vulnerability in the ns_name_ntop function in resolv/ns_name.c in glibc and the proper fix should be in glibc; if so, then this should not be treated as a vulnerability in mtr."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "30340",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30340"
        },
        {
          "name": "30522",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30522"
        },
        {
          "name": "20080519 Mtr - remote and local stack overflow - uncomment situation in libresolv.",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/492260/100/0/threaded"
        },
        {
          "name": "30312",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30312"
        },
        {
          "name": "MDVSA-2008:176",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:176"
        },
        {
          "name": "29290",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/29290"
        },
        {
          "name": "GLSA-200806-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200806-01.xml"
        },
        {
          "name": "[oss-security] 20080521 Re: CVE request: mtr",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2008/05/21/3"
        },
        {
          "name": "30967",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30967"
        },
        {
          "name": "30359",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30359"
        },
        {
          "name": "mtr-splitredraw-bo(42535)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42535"
        },
        {
          "name": "[oss-security] 20080521 Re: CVE request: mtr",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2008/05/21/4"
        },
        {
          "name": "3903",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/3903"
        },
        {
          "name": "DSA-1587",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1587"
        },
        {
          "name": "SUSE-SR:2008:014",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0175"
        },
        {
          "name": "20080519 Mtr - remote and local stack overflow - uncomment situation in libresolv.",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2008/May/0488.html"
        },
        {
          "name": "[oss-security] 20080521 Re: CVE request: mtr",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2008/05/21/1"
        },
        {
          "name": "1020046",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1020046"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-2558"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://ftp.bitwizard.nl/mtr/mtr-0.73.diff"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-2357",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in the split_redraw function in split.c in mtr before 0.73, when invoked with the -p (aka --split) option, allows remote attackers to execute arbitrary code via a crafted DNS PTR record.  NOTE: it could be argued that this is a vulnerability in the ns_name_ntop function in resolv/ns_name.c in glibc and the proper fix should be in glibc; if so, then this should not be treated as a vulnerability in mtr."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "30340",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30340"
            },
            {
              "name": "30522",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30522"
            },
            {
              "name": "20080519 Mtr - remote and local stack overflow - uncomment situation in libresolv.",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/492260/100/0/threaded"
            },
            {
              "name": "30312",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30312"
            },
            {
              "name": "MDVSA-2008:176",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:176"
            },
            {
              "name": "29290",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/29290"
            },
            {
              "name": "GLSA-200806-01",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200806-01.xml"
            },
            {
              "name": "[oss-security] 20080521 Re: CVE request: mtr",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2008/05/21/3"
            },
            {
              "name": "30967",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30967"
            },
            {
              "name": "30359",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30359"
            },
            {
              "name": "mtr-splitredraw-bo(42535)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42535"
            },
            {
              "name": "[oss-security] 20080521 Re: CVE request: mtr",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2008/05/21/4"
            },
            {
              "name": "3903",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/3903"
            },
            {
              "name": "DSA-1587",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2008/dsa-1587"
            },
            {
              "name": "SUSE-SR:2008:014",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"
            },
            {
              "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0175",
              "refsource": "CONFIRM",
              "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0175"
            },
            {
              "name": "20080519 Mtr - remote and local stack overflow - uncomment situation in libresolv.",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2008/May/0488.html"
            },
            {
              "name": "[oss-security] 20080521 Re: CVE request: mtr",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2008/05/21/1"
            },
            {
              "name": "1020046",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1020046"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-2558",
              "refsource": "CONFIRM",
              "url": "https://issues.rpath.com/browse/RPL-2558"
            },
            {
              "name": "ftp://ftp.bitwizard.nl/mtr/mtr-0.73.diff",
              "refsource": "CONFIRM",
              "url": "ftp://ftp.bitwizard.nl/mtr/mtr-0.73.diff"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-2357",
    "datePublished": "2008-05-21T10:00:00",
    "dateReserved": "2008-05-21T00:00:00",
    "dateUpdated": "2024-08-07T08:58:01.973Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}