[MBT] new ticket for pkg traceroute "Possible access to raw IP socket"
bugs at pld-linux.org
bugs at pld-linux.org
Wed Jan 28 16:03:35 CET 2004
Date: 2004-01-28 16:03:35+01 Author: (kreutzm) <kreutzm at itp.uni-hannover.de>
Title: Possible access to raw IP socket
Ticket ID: #813
Ticket URL: http://bugs.pld-linux.org/?bug=813
Package: traceroute-1:1.4a12-8
Distribution: PLD-1.0.updates.general
Category: security problem
Current state: opened
Text:
This one is from SuSE-SA:2003:035:
They mention the following (scroll below in that advisory):
- traceroute(-nanog)
A integer overflow in traceroute can be abused by local attackers
to gain access to a raw IP socket.
New packages are available on out FTP servers.
I *think* this applies to traceroute-nanog, but since they put it in brackets, maybe also to traceroute itself.
Sorry for not providing more details.
More information about the pld-bugs
mailing list