mtr: stack-based buffer overflow
| Package(s): | mtr |
CVE #(s): | CVE-2008-2357
|
| Created: | May 23, 2008 |
Updated: | August 21, 2008 |
| Description: |
From the CVE entry: Stack-based buffer overflow in the split_redraw function in split.c in mtr before 0.73, when invoked with the -p (aka --split) option, allows remote attackers to execute arbitrary code via a crafted DNS PTR record. NOTE: it could be argued that this is a vulnerability in the ns_name_ntop function in resolv/ns_name.c in glibc and the proper fix should be in glibc; if so, then this should not be treated as a vulnerability in mtr. |
| Alerts: |
| Mandriva |
MDVSA-2008:176 |
mtr |
2008-08-20 |
| Slackware |
SSA:2008-210-06 |
mtr |
2008-07-29 |
| SuSE |
SUSE-SR:2008:014 |
sudo, courier-authlib, gnome-screensaver, clamav, php5, ImageMagick, GraphicsMagick, mtr, bind, pcre, tomcat, squid, freetype2 |
2008-07-04 |
| Gentoo |
200806-01 |
mtr |
2008-06-03 |
| Debian |
DSA-1587-1 |
mtr |
2008-05-26 |
| rPath |
rPSA-2008-0175-1 |
mtr |
2008-05-22 |
|
