Debian Security Bug TrackerDEBIANCVE:CVE-2008-2357CVE-2008-2357
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
95.5%
Stack-based buffer overflow in the split_redraw function in split.c in mtr before 0.73, when invoked with the -p (aka --split) option, allows remote attackers to execute arbitrary code via a crafted DNS PTR record. NOTE: it could be argued that this is a vulnerability in the ns_name_ntop function in resolv/ns_name.c in glibc and the proper fix should be in glibc; if so, then this should not be treated as a vulnerability in mtr.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | mtr | < 0.73-1 | mtr_0.73-1_all.deb |
| Debian | 11 | all | mtr | < 0.73-1 | mtr_0.73-1_all.deb |
| Debian | 999 | all | mtr | < 0.73-1 | mtr_0.73-1_all.deb |
| Debian | 13 | all | mtr | < 0.73-1 | mtr_0.73-1_all.deb |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
95.5%