Vulnerability Details CVE-2008-2357
Stack-based buffer overflow in the split_redraw function in split.c in mtr before 0.73, when invoked with the -p (aka --split) option, allows remote attackers to execute arbitrary code via a crafted DNS PTR record. NOTE: it could be argued that this is a vulnerability in the ns_name_ntop function in resolv/ns_name.c in glibc and the proper fix should be in glibc; if so, then this should not be treated as a vulnerability in mtr.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.076
EPSS Ranking 91.4%
CVSS Severity
CVSS v2 Score 6.8
References
- ftp://ftp.bitwizard.nl/mtr/mtr-0.73.diff
- http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
- http://seclists.org/fulldisclosure/2008/May/0488.html
- http://secunia.com/advisories/30312
- http://secunia.com/advisories/30340
- http://secunia.com/advisories/30359
- http://secunia.com/advisories/30522
- http://secunia.com/advisories/30967
- http://security.gentoo.org/glsa/glsa-200806-01.xml
- http://securityreason.com/securityalert/3903
- http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0175
- http://www.debian.org/security/2008/dsa-1587
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:176
- http://www.openwall.com/lists/oss-security/2008/05/21/1
- http://www.openwall.com/lists/oss-security/2008/05/21/3
- http://www.openwall.com/lists/oss-security/2008/05/21/4
- http://www.securityfocus.com/archive/1/492260/100/0/threaded
- http://www.securityfocus.com/bid/29290
- http://www.securitytracker.com/id?1020046
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42535
- https://issues.rpath.com/browse/RPL-2558
- ftp://ftp.bitwizard.nl/mtr/mtr-0.73.diff
- http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
- http://seclists.org/fulldisclosure/2008/May/0488.html
- http://secunia.com/advisories/30312
- http://secunia.com/advisories/30340
- http://secunia.com/advisories/30359
- http://secunia.com/advisories/30522
- http://secunia.com/advisories/30967
- http://security.gentoo.org/glsa/glsa-200806-01.xml
- http://securityreason.com/securityalert/3903
- http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0175
- http://www.debian.org/security/2008/dsa-1587
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:176
- http://www.openwall.com/lists/oss-security/2008/05/21/1
- http://www.openwall.com/lists/oss-security/2008/05/21/3
- http://www.openwall.com/lists/oss-security/2008/05/21/4
- http://www.securityfocus.com/archive/1/492260/100/0/threaded
- http://www.securityfocus.com/bid/29290
- http://www.securitytracker.com/id?1020046
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42535
- https://issues.rpath.com/browse/RPL-2558
Products affected by CVE-2008-2357
-
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:*
-
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.21
-
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.22
-
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.23
-
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.24
-
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.25
-
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.26
-
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.27
-
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.28
-
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.29
-
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.30
-
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.31
-
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.32
-
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.33
-
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.34
-
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.35
-
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.36
-
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.37
-
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.38
-
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.39
-
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.40
-
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.41
-
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.42
-
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.43
-
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.44
-
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.45
-
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.46
-
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.47
-
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.48
-
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.49
-
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.50
-
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.51
-
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.52
-
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.53
-
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.54
-
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.55
-
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.56
-
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.57
-
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.58
-
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.59
-
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.60
-
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.61
-
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.62
-
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.63
-
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.64
-
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.65
-
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.66
-
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.67
-
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.68
-
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.69
-
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.70
-
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.71