GFI LANguard - Vulnerability scanning and patch management. Download a free trial!

Main Menu

Free Services

Critical Alerts

- 28 May 2008

Adobe Flash Player Unspecified Remote Code Execution Vulnerability

 

- 11 Mar 2008

Microsoft Excel Multiple Remote Code Execution Vulnerabilities

 

- 16 Jan 2008

Microsoft Excel File Handling Remote Arbitrary Code Execution Vulnerability

 

- 13 Dec 2007

JustSystems Ichitaro "JSGCI.DLL" Document Processing Remote Buffer Overflow Vulnerability

 

- 11 Dec 2007

Microsoft Internet Explorer Multiple Remote Memory Corruption Vulnerabilities

 

Advisories » Mtr "split_redraw()" Remote Buffer Overflow Vulnerability

 

Release Date: 20/05/2008 Severity: Less Critical Less Critical
SecWatch Advisory: SWID1021242 Cause: Boundary error
Solution Status: Vendor Patch Impact: Execution of arbitrary code
Exploit Status: None Available Access Vector: From local network
 
Affected Software: mtr 0.x
 
Original Advisory: http://seclists.org/fulldisclosure/2008/May/0488.html
CVE: CVE-2008-2357
Secunia: SA30312
Bugtraq ID: BID#29290

 

Description:

A vulnerability in Mtr has been reported, which potentially can be exploited by local network users to compromise a user's system.

A boundary error exists handling resolved hostnames in the "split_redraw()" function iwithn split.c, which can be exploited to cause a stack-based buffer overflow and lead to the possible execution of arbitrary code.

Note: Successful exploitation requires that the "-p" (or "--split") command line option is used.

 

Affected:

Mtr version 0.72. Prior versions may also be affected.

 

Solution:

The vulnerability has been fixed in version 0.73.

 

Credits:

Adam Zabrocki

 

Free Vulnerability Notification Service

Receive free instant and customisable notifications of new vulnerabilities or exploits via e-mail, web or RSS feeds. Click here for more information.