Traceroute-nanog Update for Debian
Posted on: 02/28/2003 12:50 AM

A new security update for Debian GNU/Linux is available:

DSA-254-1 traceroute-nanog -- buffer overflow

A vulnerability has been discovered in NANOG traceroute, an enhanced version of the Van Jacobson/BSD traceroute program. A buffer overflow occurs in the 'get_origin()' function. Due to insufficient bounds checking performed by the whois parser, it may be possible to corrupt memory on the system stack. This vulnerability can be exploited by a remote attacker to gain root privileges on a target host. Though, most probably not in Debian.

Read more




Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/traceroute_nanog_update_for_debian.html)