ID CVE-2002-0497
Summary Buffer overflow in mtr 0.46 and earlier, when installed setuid root, allows local users to access a raw socket via a long MTR_OPTIONS environment variable.
References
Vulnerable Configurations
  • cpe:2.3:a:mtr:mtr:0.41:*:*:*:*:*:*:*
    cpe:2.3:a:mtr:mtr:0.41:*:*:*:*:*:*:*
CVSS
Base: 2.1 (as of 05-09-2008 - 20:28)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:L/AC:L/Au:N/C:N/I:P/A:N
refmap via4
bid 4217
bugtraq 20020306 mtr 0.45, 0.46
debian DSA-124
xf mtr-options-bo(8367)
statements via4
contributor Mark J Cox
lastmodified 2007-03-14
organization Red Hat
statement Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Last major update 05-09-2008 - 20:28
Published 12-08-2002 - 04:00
Last modified 05-09-2008 - 20:28
Back to Top