Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2357

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-2357
Last Modified 13 Mar 2009 01:36:28
Published 21 May 2008 09:24:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-2357

Summary

Stack-based buffer overflow in the split_redraw function in split.c in mtr before 0.73, when invoked with the -p (aka --split) option, allows remote attackers to execute arbitrary code via a crafted DNS PTR record. NOTE: it could be argued that this is a vulnerability in the ns_name_ntop function in resolv/ns_name.c in glibc and the proper fix should be in glibc; if so, then this should not be treated as a vulnerability in mtr.

Vulnerable Systems

Application

  • Matt Kimball And Roger Wolff Mtr 0.21

  • Matt Kimball And Roger Wolff Mtr 0.22

  • Matt Kimball And Roger Wolff Mtr 0.23

  • Matt Kimball And Roger Wolff Mtr 0.24

  • Matt Kimball And Roger Wolff Mtr 0.25

  • Matt Kimball And Roger Wolff Mtr 0.26

  • Matt Kimball And Roger Wolff Mtr 0.27

  • Matt Kimball And Roger Wolff Mtr 0.28

  • Matt Kimball And Roger Wolff Mtr 0.29

  • Matt Kimball And Roger Wolff Mtr 0.30

  • Matt Kimball And Roger Wolff Mtr 0.31

  • Matt Kimball And Roger Wolff Mtr 0.32

  • Matt Kimball And Roger Wolff Mtr 0.33

  • Matt Kimball And Roger Wolff Mtr 0.34

  • Matt Kimball And Roger Wolff Mtr 0.35

  • Matt Kimball And Roger Wolff Mtr 0.36

  • Matt Kimball And Roger Wolff Mtr 0.37

  • Matt Kimball And Roger Wolff Mtr 0.38

  • Matt Kimball And Roger Wolff Mtr 0.39

  • Matt Kimball And Roger Wolff Mtr 0.40

  • Matt Kimball And Roger Wolff Mtr 0.41

  • Matt Kimball And Roger Wolff Mtr 0.42

  • Matt Kimball And Roger Wolff Mtr 0.43

  • Matt Kimball And Roger Wolff Mtr 0.44

  • Matt Kimball And Roger Wolff Mtr 0.45

  • Matt Kimball And Roger Wolff Mtr 0.46

  • Matt Kimball And Roger Wolff Mtr 0.47

  • Matt Kimball And Roger Wolff Mtr 0.48

  • Matt Kimball And Roger Wolff Mtr 0.49

  • Matt Kimball And Roger Wolff Mtr 0.50

  • Matt Kimball And Roger Wolff Mtr 0.51

  • Matt Kimball And Roger Wolff Mtr 0.52

  • Matt Kimball And Roger Wolff Mtr 0.53

  • Matt Kimball And Roger Wolff Mtr 0.54

  • Matt Kimball And Roger Wolff Mtr 0.55

  • Matt Kimball And Roger Wolff Mtr 0.56

  • Matt Kimball And Roger Wolff Mtr 0.57

  • Matt Kimball And Roger Wolff Mtr 0.58

  • Matt Kimball And Roger Wolff Mtr 0.59

  • Matt Kimball And Roger Wolff Mtr 0.60

  • Matt Kimball And Roger Wolff Mtr 0.61

  • Matt Kimball And Roger Wolff Mtr 0.62

  • Matt Kimball And Roger Wolff Mtr 0.63

  • Matt Kimball And Roger Wolff Mtr 0.64

  • Matt Kimball And Roger Wolff Mtr 0.65

  • Matt Kimball And Roger Wolff Mtr 0.66

  • Matt Kimball And Roger Wolff Mtr 0.67

  • Matt Kimball And Roger Wolff Mtr 0.68

  • Matt Kimball And Roger Wolff Mtr 0.69

  • Matt Kimball And Roger Wolff Mtr 0.70

  • Matt Kimball And Roger Wolff Mtr 0.71

  • Matt Kimball And Roger Wolff Mtr 0.72


References

CONFIRM - https://issues.rpath.com/browse/RPL-2558

BUGTRAQ - 20080519 Mtr - remote and local stack overflow - uncomment situation in libresolv.

MLIST - [oss-security] 20080521 Re: CVE request: mtr

MANDRIVA - MDVSA-2008:176

CONFIRM - http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0175

SREASON - 3903

SECUNIA - 30967

SECUNIA - 30359

SECUNIA - 30312

SUSE - SUSE-SR:2008:014

CONFIRM - ftp://ftp.bitwizard.nl/mtr/mtr-0.73.diff

XF - mtr-splitredraw-bo(42535)

SECTRACK - 1020046

BID - 29290

DEBIAN - DSA-1587

GENTOO - GLSA-200806-01

SECUNIA - 30522

SECUNIA - 30340


Last Updated: 27 May 2016 10:47:50