Lucene search

K
debianDebianDEBIAN:DSA-254-1:683D7
HistoryFeb 27, 2003 - 2:45 p.m.

[SECURITY] [DSA 254-1] New NANOG traceroute packages fix buffer overflow

2003-02-2714:45:59
lists.debian.org
8

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C


Debian Security Advisory DSA 254-1 [email protected]
http://www.debian.org/security/ Martin Schulze
February 27th, 2003 http://www.debian.org/security/faq


Package : traceroute-nanog
Vulnerability : buffer overflow
Problem-Type : local, remote
Debian-specific: no
CVE Id : CAN-2002-1051 CAN-2002-1364 CAN-2002-1386 CAN-2002-1387
BugTraq Id : 4956 6166 6274 6275

A vulnerability has been discovered in NANOG traceroute, an enhanced
version of the Van Jacobson/BSD traceroute program. A buffer overflow
occurs in the 'get_origin()' function. Due to insufficient bounds
checking performed by the whois parser, it may be possible to corrupt
memory on the system stack. This vulnerability can be exploited by a
remote attacker to gain root privileges on a target host. Though,
most probably not in Debian.

The Common Vulnerabilities and Exposures (CVE) project additionally
identified the following vulnerabilities which were already fixed in
the Debian version in stable (woody) and oldstable (potato) and are
mentioned here for completeness (and since other distributions had to
release a separate advisory for them):

  • CAN-2002-1364 (BugTraq ID 6166) talks about a buffer overflow in
    the get_origin function which allows attackers to execute arbitrary
    code via long WHOIS responses.

  • CAN-2002-1051 (BugTraq ID 4956) talks about a format string
    vulnerability that allows local users to execute arbitrary code via
    the -T (terminator) command line argument.

  • CAN-2002-1386 talks about a buffer overflow that may allow local
    users to execute arbitrary code via a long hostname argument.

  • CAN-2002-1387 talks about the spray mode that may allow local users
    to overwrite arbitrary memory locations.

Fortunately, the Debian package drops privileges quite early after
startup, so those problems aer not likely to result in an exploit on a
Debian machine.

For the current stable distribution (woody) the above problem has been
fixed in version 6.1.1-1.2.

For the old stable distribution (potato) the above problem has been
fixed in version 6.0-2.2.

For the unstable distribution (sid) these problems have been fixed in
version 6.3.0-1.

We recommend that you upgrade your traceroute-nanog package.

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 2.2 alias potato


Source archives:

http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.0-2.2.dsc
  Size/MD5 checksum:      578 c0a65b3b527a4939ceb53195eb67078f
http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.0-2.2.diff.gz
  Size/MD5 checksum:     6651 74ae0eb419bd8bcbcf3f0f591b1015aa
http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.0.orig.tar.gz
  Size/MD5 checksum:    27020 39246e5b1d44d6276489d4801c4a7bfb

Alpha architecture:

http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.0-2.2_alpha.deb
  Size/MD5 checksum:    23168 67c44d189c1c2c8384e49fda6dc25df1

ARM architecture:

http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.0-2.2_arm.deb
  Size/MD5 checksum:    19872 4f9a429c9eb0623e02ebcf226dcfb20a

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.0-2.2_i386.deb
  Size/MD5 checksum:    18588 78445b5c9cbef332d14f22e40dce094b

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.0-2.2_m68k.deb
  Size/MD5 checksum:    17742 a797b9831aee1f5bdca3fa879a39fc34

PowerPC architecture:

http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.0-2.2_powerpc.deb
  Size/MD5 checksum:    19550 66ccd20f5d062885425531ee141d0cf1

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.0-2.2_sparc.deb
  Size/MD5 checksum:    22154 623a8662411fd9a00fea53688237c60d

Debian GNU/Linux 3.0 alias woody


Source archives:

http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2.dsc
  Size/MD5 checksum:      589 d7eb4bd225e4f2fc16c021776da0c081
http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2.diff.gz
  Size/MD5 checksum:     6769 fbe2f9d877d77681846838bf7dea67f2
http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1.orig.tar.gz
  Size/MD5 checksum:    27560 493e77d8cf0e86744668e3efd4622378

Alpha architecture:

http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2_alpha.deb
  Size/MD5 checksum:    23882 82ddf32182750bc2fa044a6cf9a85733

ARM architecture:

http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2_arm.deb
  Size/MD5 checksum:    20374 e23517c29047740b8d8b0ae7820e10f8

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2_i386.deb
  Size/MD5 checksum:    19068 2be7ec42cc04ffff294a53b3156126d2

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2_ia64.deb
  Size/MD5 checksum:    26644 6c77e2d0deca24c66840705f790bdb80

HP Precision architecture:

http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2_hppa.deb
  Size/MD5 checksum:    21754 562203dd8680bc949e13af13665a5bf7

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2_m68k.deb
  Size/MD5 checksum:    18360 511b65c864403cdd3837a5f864349244

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2_mips.deb
  Size/MD5 checksum:    21370 67ea3bb02eae05d9036cacd9b2077a04

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2_mipsel.deb
  Size/MD5 checksum:    21414 4d3606016b222a566fc9b9221b1cf7e5

PowerPC architecture:

http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2_powerpc.deb
  Size/MD5 checksum:    20320 378a7f4eaf2b14f30d8d1e97d5562bdc

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2_s390.deb
  Size/MD5 checksum:    20286 3433605f96800f3028330cac370018e8

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2_sparc.deb
  Size/MD5 checksum:    23038 2785266b4cd3c7c14ebd50be2095dcf4

These files will probably be moved into the stable distribution on
its next revision.


For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: [email protected]
Package info: `apt-cache show <pkg>' and http://packages.debian.org/&lt;pkg&gt;

OSVersionArchitecturePackageVersionFilename
Debian3alltraceroute-nanog< 6.1.1-1.2traceroute-nanog_6.1.1-1.2_all.deb

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

Related for DEBIAN:DSA-254-1:683D7