CVE-2023-46316 – traceroute: improper command line parsing

https://notcve.org/view.php?id=CVE-2023-46316

In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines. En buc Traceroute 2.0.12 a 2.1.2 anterior a 2.1.3, los scripts contenedores no analizan correctamente las líneas de comando. A vulnerability was found in traceroute. This security issue is caused by wrapper scripts that do not properly parse command lines. In Traceroute versions 2.0.12 through to 2.1.2, the wrapper scripts mishandle shell metacharacters, which can lead to privilege escalation if the wrapper scripts are executed via sudo. • http://packetstormsecurity.com/files/176660/Traceroute-2.1.2-Privilege-Escalation.html https://security-tracker.debian.org/tracker/CVE-2023-46316 https://sourceforge.net/projects/traceroute/files/traceroute/traceroute-2.1.3 https://access.redhat.com/security/cve/CVE-2023-46316 https://bugzilla.redhat.com/show_bug.cgi?id=2246303 • CWE-214: Invocation of Process Using Visible Sensitive Information CWE-234: Failure to Handle Missing Parameter •