Ubuntu: DSA 255-2 High: Network Analyzer Memory Leak Issue
debian
February 27, 2003
Due to insufficient bounds checking performed by the whois parser, it may be possible to corrupt memory on the system stack.
Topics Covered
Summary
A vulnerability has been discovered in NANOG traceroute, an enhanced
version of the Van Jacobson/BSD traceroute program. A buffer overflow
occurs in the 'get_origin()' function. Due to insufficient bounds
checking performed by the whois parser, it may be possible to corrupt
memory on the system stack. This vulnerability can be exploited by a
remote attacker to gain root privileges on a target host. Though,
most probably not in Debian.
The Common Vulnerabilities and Exposures (CVE) project additionally
identified the following vulnerabilities which were already fixed in
the Debian version in stable (woody) and oldstable (potato) and are
mentioned here for completeness (and since other distributions had to
release a separate advisory for them):
* CAN-2002-1364 (BugTraq ID 6166) talks about a buffer overflow in
the get_origin function which allows attackers to execute arbitrary
code via long WHOIS responses.
* CAN-2002-1051 (BugTraq ID 4956) talks about a format string
vulnerability tha...
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Package: traceroute-nanog
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!