TrACESroute NANOG implementation integer overflow

tracesroute-nanog-integer-overflow (12400) The risk level is classified as HighHigh Risk

Description:

The NANOG implementation included with TrACESroute is vulnerable to an integer overflow, caused by improper bounds checking of the max_ttl and nprobes values. A local attacker can exploit this vulnerability to overflow a buffer and possibly execute code on the system with elevated privileges.


Consequences:

Gain Privileges

Remedy:

For Debian GNU/Linux 3.0 (alias woody):
Upgrade to the latest traceroute-nanog package (6.1.1-1.3 or later), as listed in DSA 348-1. See References.

References:

  • BugTraq Mailing List, Fri Jun 20 2003 - 01:09:30 CDT : BAZARR FAREWELL.
  • DSA 348-1: traceroute-nanog.
  • BID-7994: Traceroute-Nanog Integer Overflow Memory Corruption Vulnerability
  • CVE-2003-0453: traceroute-nanog 6.1.1 allows local users to overwrite unauthorized memory and possibly execute arbitrary code via certain nprobes and max_ttl arguments that cause an integer overflow that is used when allocating memory, which leads to a buffer overflow.
  • DSA-348: traceroute-nanog -- integer overflow
  • OSVDB ID: 4634: NANOG traceroute max_ttl Arbitrary Memory Overwrite
  • OSVDB ID: 4635: NANOG traceroute nprobes Arbitrary Memory Overwrite

Platforms Affected:

  • Debian Debian Linux 3.0
  • Ehud Gavron TrACESroute 6.1.1

Reported:

Jun 20, 2003

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this

Return to the main page