Lucene search
HistoryJan 02, 2003 - 5:00 a.m.
CVE-2002-1387
cve-2002-1387
traceroute-nanog
array index overflow
memory overwrite
nprobes
security vulnerability
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
6.5 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
The spray mode in traceroute-nanog (aka traceroute-ng) may allow local users to overwrite arbitrary memory locations via an array index overflow using the nprobes (number of probes) argument.
Affected configurations
Node
ehud_gavrontracesrouteMatch6.0
ORehud_gavrontracesrouteMatch6.1
ORehud_gavrontracesrouteMatch6.1.1
Related
cvelist
cvelist
CVE-2002-1387
2002-12-31 05:00:00
nvd
nvd
CVE-2002-1387
2003-01-02 05:00:00
nessus
nessus
Debian DSA-254-1 : traceroute-nanog - buffer overflow
2004-09-29 00:00:00
debian
debian
[SECURITY] [DSA 254-1] New NANOG traceroute packages fix buffer overflow
2003-02-27 14:45:59
[SECURITY] [DSA 254-1] New NANOG traceroute packages fix buffer overflow
2003-02-27 14:45:59
openvas
openvas
Debian Security Advisory DSA 254-1 (traceroute-nanog)
2008-01-17 00:00:00
Debian Security Advisory DSA 254-1 (traceroute-nanog)
2008-01-17 00:00:00
osv
osv
traceroute-nanog - buffer overflow
2003-02-27 00:00:00
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
6.5 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
Related for CVE-2002-1387