|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[SA13430] mtr "mtr_curses_keyaction()" Function Buffer Overflow Vulnerability
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Tue Dec 14 2004 - 07:20:01 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
mtr "mtr_curses_keyaction()" Function Buffer Overflow Vulnerability
SECUNIA ADVISORY ID:
SA13430
VERIFY ADVISORY:
http://secunia.com/advisories/13430/
CRITICAL:
Less critical
IMPACT:
Privilege escalation
WHERE:
Local system
SOFTWARE:
mtr 0.x
http://secunia.com/product/4376/
DESCRIPTION:
Przemysaw Frasunek has reported a vulnerability in mtr, which
potentially can be exploited by malicious, local users to perform
certain actions with escalated privileges.
The vulnerability is caused due to an off-by-one error in the
keybinding routine in "mtr_curses_keyaction()". This may be exploited
by supplying specially crafted, overly long input.
Successful exploitation may allow execution of arbitrary code with
the privileges limited to hijacking raw sockets.
NOTE: Exploitation requires that mtr is setuid "root" and not
compiled with gcc 3.x.
The vulnerability has been reported in versions 0.55 through 0.65.
SOLUTION:
Update to version 0.67.
ftp://ftp.bitwizard.nl/mtr/
PROVIDED AND/OR DISCOVERED BY:
Przemysaw Frasunek
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]