2 results (0.010 seconds)

CVSS: 6.8EPSS: 12%CPEs: 52EXPL: 1

Stack-based buffer overflow in the split_redraw function in split.c in mtr before 0.73, when invoked with the -p (aka --split) option, allows remote attackers to execute arbitrary code via a crafted DNS PTR record. NOTE: it could be argued that this is a vulnerability in the ns_name_ntop function in resolv/ns_name.c in glibc and the proper fix should be in glibc; if so, then this should not be treated as a vulnerability in mtr. Desbordamiento de Búfer basado en pila de la función spot_redraw en split.c de mtr versiones anteriores a la 0.73, cuando se realiza una llamada a la función con la opción –p (también conocida como --split), permite a atacantes remotos ejecutar código arbitrariamente a través de registros DNS PTR manipulados. NOTA: es discutible que esta es una vulnerabilidad de la función _name_ntop en resolv/ns_name.c de glibc cuyo parche correspondiente estaría en glibc; si así fuera, entonces esto no debería tratarse como una vulnerabilidad de mtr. • ftp://ftp.bitwizard.nl/mtr/mtr-0.73.diff http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html http://seclists.org/fulldisclosure/2008/May/0488.html http://secunia.com/advisories/30312 http://secunia.com/advisories/30340 http://secunia.com/advisories/30359 http://secunia.com/advisories/30522 http://secunia.com/advisories/30967 http://security.gentoo.org/glsa/glsa-200806-01.xml http://securityreason.com/securityalert/3903 http://wiki.rpath.com/wiki/Advi • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 1

The mtr program only uses a seteuid call when attempting to drop privileges, which could allow local users to gain root privileges. • https://www.exploit-db.com/exploits/19796 http://www.securityfocus.com/bid/1038 •