Traceroute could be made to execute arbitrary commands.
Software Description:
- traceroute: Traces the route taken by packets over an IPv4/IPv6 network
Details:
It was discovered that Traceroute did not properly parse command
line arguments. An attacker could possibly use this issue to
execute arbitrary commands.
The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS (Available with Ubuntu Pro): traceroute 1:2.1.0-2ubuntu0.22.04.1~esm1 Ubuntu 20.04 LTS (Available with Ubuntu Pro): traceroute 1:2.1.0-2ubuntu0.20.04.1~esm1 Ubuntu 18.04 LTS (Available with Ubuntu Pro): traceroute 1:2.1.0-2ubuntu0.18.04.1~esm1 Ubuntu 16.04 LTS (Available with Ubuntu Pro): traceroute 1:2.0.21-1ubuntu0.1~esm1 Ubuntu 14.04 LTS (Available with Ubuntu Pro): traceroute 1:2.0.20-0ubuntu0.1+esm1 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-6478-1
CVE-2023-46316
Get the latest Linux and open source security news straight to your inbox.