CVE-2008-2357 (GCVE-0-2008-2357)
Vulnerability from cvelistv5 – Published: 2008-05-21 10:00 – Updated: 2024-08-07 08:58
VLAI?
Summary
Stack-based buffer overflow in the split_redraw function in split.c in mtr before 0.73, when invoked with the -p (aka --split) option, allows remote attackers to execute arbitrary code via a crafted DNS PTR record. NOTE: it could be argued that this is a vulnerability in the ns_name_ntop function in resolv/ns_name.c in glibc and the proper fix should be in glibc; if so, then this should not be treated as a vulnerability in mtr.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:58:01.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30340",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30340"
},
{
"name": "30522",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30522"
},
{
"name": "20080519 Mtr - remote and local stack overflow - uncomment situation in libresolv.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/492260/100/0/threaded"
},
{
"name": "30312",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30312"
},
{
"name": "MDVSA-2008:176",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:176"
},
{
"name": "29290",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29290"
},
{
"name": "GLSA-200806-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200806-01.xml"
},
{
"name": "[oss-security] 20080521 Re: CVE request: mtr",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/05/21/3"
},
{
"name": "30967",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30967"
},
{
"name": "30359",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30359"
},
{
"name": "mtr-splitredraw-bo(42535)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42535"
},
{
"name": "[oss-security] 20080521 Re: CVE request: mtr",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/05/21/4"
},
{
"name": "3903",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3903"
},
{
"name": "DSA-1587",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1587"
},
{
"name": "SUSE-SR:2008:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0175"
},
{
"name": "20080519 Mtr - remote and local stack overflow - uncomment situation in libresolv.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2008/May/0488.html"
},
{
"name": "[oss-security] 20080521 Re: CVE request: mtr",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/05/21/1"
},
{
"name": "1020046",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020046"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-2558"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp.bitwizard.nl/mtr/mtr-0.73.diff"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the split_redraw function in split.c in mtr before 0.73, when invoked with the -p (aka --split) option, allows remote attackers to execute arbitrary code via a crafted DNS PTR record. NOTE: it could be argued that this is a vulnerability in the ns_name_ntop function in resolv/ns_name.c in glibc and the proper fix should be in glibc; if so, then this should not be treated as a vulnerability in mtr."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30340",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30340"
},
{
"name": "30522",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30522"
},
{
"name": "20080519 Mtr - remote and local stack overflow - uncomment situation in libresolv.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/492260/100/0/threaded"
},
{
"name": "30312",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30312"
},
{
"name": "MDVSA-2008:176",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:176"
},
{
"name": "29290",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29290"
},
{
"name": "GLSA-200806-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200806-01.xml"
},
{
"name": "[oss-security] 20080521 Re: CVE request: mtr",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/05/21/3"
},
{
"name": "30967",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30967"
},
{
"name": "30359",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30359"
},
{
"name": "mtr-splitredraw-bo(42535)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42535"
},
{
"name": "[oss-security] 20080521 Re: CVE request: mtr",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/05/21/4"
},
{
"name": "3903",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3903"
},
{
"name": "DSA-1587",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1587"
},
{
"name": "SUSE-SR:2008:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0175"
},
{
"name": "20080519 Mtr - remote and local stack overflow - uncomment situation in libresolv.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2008/May/0488.html"
},
{
"name": "[oss-security] 20080521 Re: CVE request: mtr",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/05/21/1"
},
{
"name": "1020046",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020046"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-2558"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp.bitwizard.nl/mtr/mtr-0.73.diff"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2357",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the split_redraw function in split.c in mtr before 0.73, when invoked with the -p (aka --split) option, allows remote attackers to execute arbitrary code via a crafted DNS PTR record. NOTE: it could be argued that this is a vulnerability in the ns_name_ntop function in resolv/ns_name.c in glibc and the proper fix should be in glibc; if so, then this should not be treated as a vulnerability in mtr."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30340",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30340"
},
{
"name": "30522",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30522"
},
{
"name": "20080519 Mtr - remote and local stack overflow - uncomment situation in libresolv.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/492260/100/0/threaded"
},
{
"name": "30312",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30312"
},
{
"name": "MDVSA-2008:176",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:176"
},
{
"name": "29290",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29290"
},
{
"name": "GLSA-200806-01",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200806-01.xml"
},
{
"name": "[oss-security] 20080521 Re: CVE request: mtr",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/05/21/3"
},
{
"name": "30967",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30967"
},
{
"name": "30359",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30359"
},
{
"name": "mtr-splitredraw-bo(42535)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42535"
},
{
"name": "[oss-security] 20080521 Re: CVE request: mtr",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/05/21/4"
},
{
"name": "3903",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3903"
},
{
"name": "DSA-1587",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1587"
},
{
"name": "SUSE-SR:2008:014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0175",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0175"
},
{
"name": "20080519 Mtr - remote and local stack overflow - uncomment situation in libresolv.",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2008/May/0488.html"
},
{
"name": "[oss-security] 20080521 Re: CVE request: mtr",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/05/21/1"
},
{
"name": "1020046",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020046"
},
{
"name": "https://issues.rpath.com/browse/RPL-2558",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-2558"
},
{
"name": "ftp://ftp.bitwizard.nl/mtr/mtr-0.73.diff",
"refsource": "CONFIRM",
"url": "ftp://ftp.bitwizard.nl/mtr/mtr-0.73.diff"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2357",
"datePublished": "2008-05-21T10:00:00",
"dateReserved": "2008-05-21T00:00:00",
"dateUpdated": "2024-08-07T08:58:01.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"0.72\", \"matchCriteriaId\": \"03F4DF3D-5E0D-4D68-B462-30308E5E13A1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.21:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F7853B18-8111-4D6E-9A80-AB7AAB1D66AC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.22:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8E9ED651-D6AC-4948-9F02-D5E20F00F0B6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.23:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4D1F6687-B716-4858-BE73-026BE69A0BFA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.24:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F1FA88B7-0254-463D-8F53-06E3D0F94019\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.25:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8B06FCDB-68D7-4A90-9B9D-E68C1988AE65\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.26:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"71958EE1-4E50-4D48-A44A-9BBDBC51BCFA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.27:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"20EA1E63-4547-4341-8823-2150F1BDA9C2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.28:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"374B0A57-7231-403F-B339-1F0E8051E62E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.29:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"42F67AEF-6500-4C93-94AA-996AAB9D7A85\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.30:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8024A2B3-3F77-4090-91F7-F3D1F36C07B4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.31:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0171C37E-345A-4934-92FB-7527AAF0F737\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.32:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2645AD6F-4219-42A1-AF41-D3DF3E00EC3D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.33:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ECBB8635-988E-4C10-B48D-F01DD480D2EA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.34:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C505F066-86C8-433D-BCEE-FBCC420F6B45\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.35:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"12E9959F-11DD-4AA2-960A-505486E313A1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.36:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"102D8451-F90A-4DCF-BD67-D80EECBF6204\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.37:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"04EE1273-A619-4101-8998-5B93B89D0E04\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.38:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0AF1F3A1-6078-413A-BCE1-6586AE39D0BE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.39:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EFE66E77-0054-44C5-93F8-F156C02F32C6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.40:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"15895BE3-0E68-4BDD-9F91-E5CD0F889AAF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.41:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CED7EB1A-43A1-40C8-BA1C-AE826986E89A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.42:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FC8D031C-EF4D-4909-AFB2-B388B463234D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.43:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B3CCD558-3EB8-4541-8854-CFFE1BCE4A61\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.44:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"246C99CD-B83C-4918-8283-840CE0930ED6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.45:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8F65329B-2CA9-483E-BD78-EF0EFEF6FBE0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.46:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"167DDB18-E0FF-4FE0-9070-CBEEF4D00AF6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.47:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6585D8B7-3BD9-4577-878D-5140C6EAD16D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.48:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5F2B7CF7-11D0-42EC-908E-3AD686F918BF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.49:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CE6AFE6B-BAE2-43A0-A969-08A0D19CA3C3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.50:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D9E93793-1883-4562-90AC-F054FC71F7E0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.51:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A1624E70-8A0F-423A-8205-7C27260C9278\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.52:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7E7AEC9D-210E-45D5-92E9-76502A4088F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.53:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"378C925D-E6B2-4569-825F-1F02A1C53E17\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.54:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BFBDD8C1-A741-479F-A521-B5E990C83C93\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.55:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A36351D6-635F-470C-B32A-AC0D81E4F6A5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.56:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"11C682D2-8708-449C-A195-72D609B55462\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.57:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7EA9A3EE-3CC8-4154-AC61-DC92B2213C6C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.58:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"44DFA818-A31A-4D1F-8583-3BF9A8DBDE5D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.59:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D99B8176-7A2D-4DF6-B9EF-9F6A681BCE66\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.60:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EE1F33CC-1F45-439A-B082-639A1E4F8EC9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.61:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"88E62548-9BC1-48B4-A6DC-CAF5E5802298\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.62:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F3D7D899-02F5-4D56-875D-56252BA6228B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.63:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F5322BE5-43B4-48DA-826A-C82F78F4DE07\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.64:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"34BAFF2F-A106-47A6-8C9D-A5E0AB0F9320\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.65:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6AA9702E-52A5-4AC3-B30B-CACEED6456F6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.66:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BFADC518-86EB-45EB-A65A-5065CF2984BE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.67:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FD3AA825-EC60-4B24-92B8-E5CB47460E94\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.68:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C9FE1CCC-214B-421D-8A10-039BDDFB36CF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.69:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D480960D-56DF-4CD9-B088-54F5AD2EC3BA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.70:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D5570E29-C4CE-4161-A91B-98D3CE63BA40\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.71:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2CBB23A6-F7D8-482E-9411-BF152F68CBFF\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Stack-based buffer overflow in the split_redraw function in split.c in mtr before 0.73, when invoked with the -p (aka --split) option, allows remote attackers to execute arbitrary code via a crafted DNS PTR record. NOTE: it could be argued that this is a vulnerability in the ns_name_ntop function in resolv/ns_name.c in glibc and the proper fix should be in glibc; if so, then this should not be treated as a vulnerability in mtr.\"}, {\"lang\": \"es\", \"value\": \"Desbordamiento de B\\u00fafer basado en pila de la funci\\u00f3n spot_redraw en split.c de mtr versiones anteriores a la 0.73, cuando se realiza una llamada a la funci\\u00f3n con la opci\\u00f3n \\u2013p (tambi\\u00e9n conocida como --split), permite a atacantes remotos ejecutar c\\u00f3digo arbitrariamente a trav\\u00e9s de registros DNS PTR manipulados. NOTA: es discutible que esta es una vulnerabilidad de la funci\\u00f3n _name_ntop en resolv/ns_name.c de glibc cuyo parche correspondiente estar\\u00eda en glibc; si as\\u00ed fuera, entonces esto no deber\\u00eda tratarse como una vulnerabilidad de mtr.\"}]",
"id": "CVE-2008-2357",
"lastModified": "2024-11-21T00:46:41.977",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": true, \"userInteractionRequired\": false}]}",
"published": "2008-05-21T13:24:00.000",
"references": "[{\"url\": \"ftp://ftp.bitwizard.nl/mtr/mtr-0.73.diff\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://seclists.org/fulldisclosure/2008/May/0488.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://secunia.com/advisories/30312\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/30340\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/30359\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/30522\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/30967\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://security.gentoo.org/glsa/glsa-200806-01.xml\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securityreason.com/securityalert/3903\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0175\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.debian.org/security/2008/dsa-1587\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2008:176\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2008/05/21/1\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2008/05/21/3\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2008/05/21/4\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/492260/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/29290\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1020046\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/42535\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://issues.rpath.com/browse/RPL-2558\", \"source\": \"cve@mitre.org\"}, {\"url\": \"ftp://ftp.bitwizard.nl/mtr/mtr-0.73.diff\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://seclists.org/fulldisclosure/2008/May/0488.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://secunia.com/advisories/30312\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/30340\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/30359\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/30522\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/30967\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://security.gentoo.org/glsa/glsa-200806-01.xml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securityreason.com/securityalert/3903\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0175\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2008/dsa-1587\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2008:176\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2008/05/21/1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2008/05/21/3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2008/05/21/4\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/492260/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/29290\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1020046\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/42535\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://issues.rpath.com/browse/RPL-2558\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "cve@mitre.org",
"vendorComments": "[{\"organization\": \"Red Hat\", \"comment\": \"This issue does not affect the versions of mtr as shipped with Red Hat Enterprise Linux 4 or 5.\\n\\nFor Red Hat Enterprise Linux 2.1 and 3, this issue can only be exploited if an attacker can convince victim to use mtr to trace path to or via the IP, for which an attacker controls PTR DNS records. Additionally, the victim must run mtr in \u0026quot;split mode\u0026quot; by providing -p or --split\\ncommand line options. The Red Hat Security Response Team has therefore rated this issue as having low security impact, a future update may address this flaw.\", \"lastModified\": \"2008-06-25T00:00:00\"}]",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2008-2357\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-05-21T13:24:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Stack-based buffer overflow in the split_redraw function in split.c in mtr before 0.73, when invoked with the -p (aka --split) option, allows remote attackers to execute arbitrary code via a crafted DNS PTR record. NOTE: it could be argued that this is a vulnerability in the ns_name_ntop function in resolv/ns_name.c in glibc and the proper fix should be in glibc; if so, then this should not be treated as a vulnerability in mtr.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de B\u00fafer basado en pila de la funci\u00f3n spot_redraw en split.c de mtr versiones anteriores a la 0.73, cuando se realiza una llamada a la funci\u00f3n con la opci\u00f3n \u2013p (tambi\u00e9n conocida como --split), permite a atacantes remotos ejecutar c\u00f3digo arbitrariamente a trav\u00e9s de registros DNS PTR manipulados. NOTA: es discutible que esta es una vulnerabilidad de la funci\u00f3n _name_ntop en resolv/ns_name.c de glibc cuyo parche correspondiente estar\u00eda en glibc; si as\u00ed fuera, entonces esto no deber\u00eda tratarse como una vulnerabilidad de mtr.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"0.72\",\"matchCriteriaId\":\"03F4DF3D-5E0D-4D68-B462-30308E5E13A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7853B18-8111-4D6E-9A80-AB7AAB1D66AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E9ED651-D6AC-4948-9F02-D5E20F00F0B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D1F6687-B716-4858-BE73-026BE69A0BFA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1FA88B7-0254-463D-8F53-06E3D0F94019\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B06FCDB-68D7-4A90-9B9D-E68C1988AE65\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71958EE1-4E50-4D48-A44A-9BBDBC51BCFA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.27:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20EA1E63-4547-4341-8823-2150F1BDA9C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.28:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"374B0A57-7231-403F-B339-1F0E8051E62E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"42F67AEF-6500-4C93-94AA-996AAB9D7A85\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8024A2B3-3F77-4090-91F7-F3D1F36C07B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0171C37E-345A-4934-92FB-7527AAF0F737\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2645AD6F-4219-42A1-AF41-D3DF3E00EC3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ECBB8635-988E-4C10-B48D-F01DD480D2EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C505F066-86C8-433D-BCEE-FBCC420F6B45\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"12E9959F-11DD-4AA2-960A-505486E313A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"102D8451-F90A-4DCF-BD67-D80EECBF6204\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04EE1273-A619-4101-8998-5B93B89D0E04\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0AF1F3A1-6078-413A-BCE1-6586AE39D0BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.39:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFE66E77-0054-44C5-93F8-F156C02F32C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.40:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15895BE3-0E68-4BDD-9F91-E5CD0F889AAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.41:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CED7EB1A-43A1-40C8-BA1C-AE826986E89A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.42:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC8D031C-EF4D-4909-AFB2-B388B463234D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.43:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3CCD558-3EB8-4541-8854-CFFE1BCE4A61\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.44:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"246C99CD-B83C-4918-8283-840CE0930ED6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.45:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F65329B-2CA9-483E-BD78-EF0EFEF6FBE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.46:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"167DDB18-E0FF-4FE0-9070-CBEEF4D00AF6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.47:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6585D8B7-3BD9-4577-878D-5140C6EAD16D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.48:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F2B7CF7-11D0-42EC-908E-3AD686F918BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.49:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE6AFE6B-BAE2-43A0-A969-08A0D19CA3C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.50:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9E93793-1883-4562-90AC-F054FC71F7E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.51:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1624E70-8A0F-423A-8205-7C27260C9278\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.52:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E7AEC9D-210E-45D5-92E9-76502A4088F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.53:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"378C925D-E6B2-4569-825F-1F02A1C53E17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.54:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFBDD8C1-A741-479F-A521-B5E990C83C93\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.55:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A36351D6-635F-470C-B32A-AC0D81E4F6A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.56:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11C682D2-8708-449C-A195-72D609B55462\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.57:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7EA9A3EE-3CC8-4154-AC61-DC92B2213C6C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.58:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"44DFA818-A31A-4D1F-8583-3BF9A8DBDE5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.59:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D99B8176-7A2D-4DF6-B9EF-9F6A681BCE66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.60:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE1F33CC-1F45-439A-B082-639A1E4F8EC9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.61:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88E62548-9BC1-48B4-A6DC-CAF5E5802298\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.62:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3D7D899-02F5-4D56-875D-56252BA6228B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.63:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5322BE5-43B4-48DA-826A-C82F78F4DE07\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.64:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"34BAFF2F-A106-47A6-8C9D-A5E0AB0F9320\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.65:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6AA9702E-52A5-4AC3-B30B-CACEED6456F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.66:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFADC518-86EB-45EB-A65A-5065CF2984BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.67:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD3AA825-EC60-4B24-92B8-E5CB47460E94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.68:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9FE1CCC-214B-421D-8A10-039BDDFB36CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.69:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D480960D-56DF-4CD9-B088-54F5AD2EC3BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.70:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5570E29-C4CE-4161-A91B-98D3CE63BA40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.71:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CBB23A6-F7D8-482E-9411-BF152F68CBFF\"}]}]}],\"references\":[{\"url\":\"ftp://ftp.bitwizard.nl/mtr/mtr-0.73.diff\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://seclists.org/fulldisclosure/2008/May/0488.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://secunia.com/advisories/30312\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/30340\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/30359\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/30522\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/30967\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-200806-01.xml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securityreason.com/securityalert/3903\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0175\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2008/dsa-1587\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2008:176\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/05/21/1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/05/21/3\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/05/21/4\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/492260/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/29290\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1020046\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/42535\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://issues.rpath.com/browse/RPL-2558\",\"source\":\"cve@mitre.org\"},{\"url\":\"ftp://ftp.bitwizard.nl/mtr/mtr-0.73.diff\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2008/May/0488.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://secunia.com/advisories/30312\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/30340\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/30359\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/30522\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/30967\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-200806-01.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securityreason.com/securityalert/3903\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0175\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2008/dsa-1587\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2008:176\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/05/21/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/05/21/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2008/05/21/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/492260/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/29290\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1020046\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/42535\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://issues.rpath.com/browse/RPL-2558\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"vendorComments\":[{\"organization\":\"Red Hat\",\"comment\":\"This issue does not affect the versions of mtr as shipped with Red Hat Enterprise Linux 4 or 5.\\n\\nFor Red Hat Enterprise Linux 2.1 and 3, this issue can only be exploited if an attacker can convince victim to use mtr to trace path to or via the IP, for which an attacker controls PTR DNS records. Additionally, the victim must run mtr in \u0026quot;split mode\u0026quot; by providing -p or --split\\ncommand line options. The Red Hat Security Response Team has therefore rated this issue as having low security impact, a future update may address this flaw.\",\"lastModified\":\"2008-06-25T00:00:00\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…