Debian DSA-124-1 : mtr - buffer overflow

low Nessus Plugin ID 14961

Synopsis

The remote Debian host is missing a security-related update.

Description

The authors of mtr released a new upstream version, noting a non-exploitable buffer overflow in their ChangeLog. Przemyslaw Frasunek, however, found an easy way to exploit this bug, which allows an attacker to gain access to the raw socket, which makes IP spoofing and other malicious network activity possible.

The problem has been fixed by the Debian maintainer in version 0.41-6 for the stable distribution of Debian by backporting the upstream fix and in version 0.48-1 for the testing/unstable distribution.

Solution

Upgrade the mtr package immediately.

See Also

https://bugs.debian.org/137102

http://www.debian.org/security/2002/dsa-124

Plugin Details

Severity: Low

ID: 14961

File Name: debian_DSA-124.nasl

Version: 1.21

Type: local

Agent: unix

Published: 9/29/2004

Updated: 1/4/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:mtr, cpe:/o:debian:debian_linux:2.2

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 3/26/2002

Vulnerability Publication Date: 3/7/2002

Reference Information

CVE: CVE-2002-0497

BID: 4217

DSA: 124