Debian: NANOG traceroute buffer overflow vulnerability

    Date27 Feb 2003
    CategoryDebian
    2054
    Posted ByLinuxSecurity Advisories
    Due to insufficient bounds checking performed by the whois parser, it may be possible to corrupt memory on the system stack.
    
    --------------------------------------------------------------------------
    Debian Security Advisory DSA 254-1                     This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/                             Martin Schulze
    February 27th, 2003                      http://www.debian.org/security/faq
    --------------------------------------------------------------------------
    
    Package        : traceroute-nanog
    Vulnerability  : buffer overflow
    Problem-Type   : local, remote
    Debian-specific: no
    CVE Id         : CAN-2002-1051 CAN-2002-1364 CAN-2002-1386 CAN-2002-1387
    BugTraq Id     : 4956 6166 6274 6275
    
    A vulnerability has been discovered in NANOG traceroute, an enhanced
    version of the Van Jacobson/BSD traceroute program.  A buffer overflow
    occurs in the 'get_origin()' function.  Due to insufficient bounds
    checking performed by the whois parser, it may be possible to corrupt
    memory on the system stack.  This vulnerability can be exploited by a
    remote attacker to gain root privileges on a target host.  Though,
    most probably not in Debian.
    
    The Common Vulnerabilities and Exposures (CVE) project additionally
    identified the following vulnerabilities which were already fixed in
    the Debian version in stable (woody) and oldstable (potato) and are
    mentioned here for completeness (and since other distributions had to
    release a separate advisory for them):
    
     * CAN-2002-1364 (BugTraq ID 6166) talks about a buffer overflow in
       the get_origin function which allows attackers to execute arbitrary
       code via long WHOIS responses.
    
     * CAN-2002-1051 (BugTraq ID 4956) talks about a format string
       vulnerability that allows local users to execute arbitrary code via
       the -T (terminator) command line argument.
    
     * CAN-2002-1386 talks about a buffer overflow that may allow local
       users to execute arbitrary code via a long hostname argument.
    
     * CAN-2002-1387 talks about the spray mode that may allow local users
       to overwrite arbitrary memory locations.
    
    Fortunately, the Debian package drops privileges quite early after
    startup, so those problems aer not likely to result in an exploit on a
    Debian machine.
    
    For the current stable distribution (woody) the above problem has been
    fixed in version 6.1.1-1.2.
    For the old stable distribution (potato) the above problem has been
    fixed in version 6.0-2.2.
    
    For the unstable distribution (sid) these problems have been fixed in
    version 6.3.0-1.
    
    We recommend that you upgrade your traceroute-nanog package.
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 2.2 alias potato
    ---------------------------------
    
      Source archives:
    
         http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.0-2.2.dsc
          Size/MD5 checksum:      578 c0a65b3b527a4939ceb53195eb67078f
         http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.0-2.2.diff.gz
          Size/MD5 checksum:     6651 74ae0eb419bd8bcbcf3f0f591b1015aa
         http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.0.orig.tar.gz
          Size/MD5 checksum:    27020 39246e5b1d44d6276489d4801c4a7bfb
    
      Alpha architecture:
    
         http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.0-2.2_alpha.deb
          Size/MD5 checksum:    23168 67c44d189c1c2c8384e49fda6dc25df1
    
      ARM architecture:
    
         http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.0-2.2_arm.deb
          Size/MD5 checksum:    19872 4f9a429c9eb0623e02ebcf226dcfb20a
    
      Intel IA-32 architecture:
    
         http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.0-2.2_i386.deb
          Size/MD5 checksum:    18588 78445b5c9cbef332d14f22e40dce094b
    
      Motorola 680x0 architecture:
    
         http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.0-2.2_m68k.deb
          Size/MD5 checksum:    17742 a797b9831aee1f5bdca3fa879a39fc34
    
      PowerPC architecture:
    
         http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.0-2.2_powerpc.deb
          Size/MD5 checksum:    19550 66ccd20f5d062885425531ee141d0cf1
    
      Sun Sparc architecture:
    
         http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.0-2.2_sparc.deb
          Size/MD5 checksum:    22154 623a8662411fd9a00fea53688237c60d
    
    
    Debian GNU/Linux 3.0 alias woody
    --------------------------------
    
      Source archives:
    
         http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2.dsc
          Size/MD5 checksum:      589 d7eb4bd225e4f2fc16c021776da0c081
         http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2.diff.gz
          Size/MD5 checksum:     6769 fbe2f9d877d77681846838bf7dea67f2
         http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1.orig.tar.gz
          Size/MD5 checksum:    27560 493e77d8cf0e86744668e3efd4622378
    
      Alpha architecture:
    
         http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2_alpha.deb
          Size/MD5 checksum:    23882 82ddf32182750bc2fa044a6cf9a85733
    
      ARM architecture:
    
         http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2_arm.deb
          Size/MD5 checksum:    20374 e23517c29047740b8d8b0ae7820e10f8
    
      Intel IA-32 architecture:
    
         http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2_i386.deb
          Size/MD5 checksum:    19068 2be7ec42cc04ffff294a53b3156126d2
    
      Intel IA-64 architecture:
    
    
         http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2_ia64.deb
          Size/MD5 checksum:    26644 6c77e2d0deca24c66840705f790bdb80
    
      HP Precision architecture:
    
         http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2_hppa.deb
          Size/MD5 checksum:    21754 562203dd8680bc949e13af13665a5bf7
    
      Motorola 680x0 architecture:
    
         http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2_m68k.deb
          Size/MD5 checksum:    18360 511b65c864403cdd3837a5f864349244
    
      Big endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2_mips.deb
          Size/MD5 checksum:    21370 67ea3bb02eae05d9036cacd9b2077a04
    
      Little endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2_mipsel.deb
          Size/MD5 checksum:    21414 4d3606016b222a566fc9b9221b1cf7e5
    
      PowerPC architecture:
    
         http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2_powerpc.deb
          Size/MD5 checksum:    20320 378a7f4eaf2b14f30d8d1e97d5562bdc
    
      IBM S/390 architecture:
    
         http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2_s390.deb
          Size/MD5 checksum:    20286 3433605f96800f3028330cac370018e8
    
      Sun Sparc architecture:
    
         http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2_sparc.deb
          Size/MD5 checksum:    23038 2785266b4cd3c7c14ebd50be2095dcf4
    
    
      These files will probably be moved into the stable distribution on
      its next revision.
    
    ---------------------------------------------------------------------------------
    For apt-get: deb  http://security.debian.org/ stable/updates main
    For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and  http://packages.debian.org/
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"7","type":"x","order":"1","pct":58.33,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":25,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"2","type":"x","order":"3","pct":16.67,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.