1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
PublicDate: 2008-05-21
Candidate: CVE-2008-2357
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2357
Description:
Stack-based buffer overflow in the split_redraw function in split.c in mtr
before 0.73, when invoked with the -p (aka --split) option, allows remote
attackers to execute arbitrary code via a crafted DNS PTR record. NOTE: it
could be argued that this is a vulnerability in the ns_name_ntop function
in resolv/ns_name.c in glibc and the proper fix should be in glibc; if so,
then this should not be treated as a vulnerability in mtr.
Ubuntu-Description:
Notes:
Bugs:
https://launchpad.net/bugs/206071
Priority: low
Discovered-by:
Assigned-to:
Patches_mtr:
upstream_mtr: released (0.73)
dapper_mtr: ignored (reached end-of-life)
feisty_mtr: needed (reached end-of-life)
gutsy_mtr: needed (reached end-of-life)
hardy_mtr: not-affected
intrepid_mtr: not-affected
jaunty_mtr: not-affected
karmic_mtr: not-affected
lucid_mtr: not-affected
maverick_mtr: not-affected
natty_mtr: not-affected
devel_mtr: not-affected
|