CVE-2008-2357
https://notcve.org/view.php?id=CVE-2008-2357
Stack-based buffer overflow in the split_redraw function in split.c in mtr before 0.73, when invoked with the -p (aka --split) option, allows remote attackers to execute arbitrary code via a crafted DNS PTR record. NOTE: it could be argued that this is a vulnerability in the ns_name_ntop function in resolv/ns_name.c in glibc and the proper fix should be in glibc; if so, then this should not be treated as a vulnerability in mtr. Desbordamiento de Búfer basado en pila de la función spot_redraw en split.c de mtr versiones anteriores a la 0.73, cuando se realiza una llamada a la función con la opción –p (también conocida como --split), permite a atacantes remotos ejecutar código arbitrariamente a través de registros DNS PTR manipulados. NOTA: es discutible que esta es una vulnerabilidad de la función _name_ntop en resolv/ns_name.c de glibc cuyo parche correspondiente estaría en glibc; si así fuera, entonces esto no debería tratarse como una vulnerabilidad de mtr. • ftp://ftp.bitwizard.nl/mtr/mtr-0.73.diff http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html http://seclists.org/fulldisclosure/2008/May/0488.html http://secunia.com/advisories/30312 http://secunia.com/advisories/30340 http://secunia.com/advisories/30359 http://secunia.com/advisories/30522 http://secunia.com/advisories/30967 http://security.gentoo.org/glsa/glsa-200806-01.xml http://securityreason.com/securityalert/3903 http://wiki.rpath.com/wiki/Advi • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2004-1224
https://notcve.org/view.php?id=CVE-2004-1224
Off-by-one error in the mtr_curses_keyaction function for mtr 0.55 through 0.65 allows local users to hijack raw sockets, as demonstrated using the "s" keybinding, which leaves a buffer without a NULL terminator. • http://marc.info/?l=bugtraq&m=110279034910663&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/18428 •
CVE-2002-0497
https://notcve.org/view.php?id=CVE-2002-0497
Buffer overflow in mtr 0.46 and earlier, when installed setuid root, allows local users to access a raw socket via a long MTR_OPTIONS environment variable. • http://archives.neohapsis.com/archives/bugtraq/2002-03/0048.html http://www.debian.org/security/2002/dsa-124 http://www.iss.net/security_center/static/8367.php http://www.securityfocus.com/bid/4217 •
CVE-2000-0172 – Matt Kimball and Roger Wolff mtr 0.28/0.41 / Turbolinux 3.5 b2/4.2/4.4/6.0 - mtr
https://notcve.org/view.php?id=CVE-2000-0172
The mtr program only uses a seteuid call when attempting to drop privileges, which could allow local users to gain root privileges. • https://www.exploit-db.com/exploits/19796 http://www.securityfocus.com/bid/1038 •