Lucene search
Copyright (C) 2008 E-Soft Inc.OPENVAS:136141256231053399HistoryJan 17, 2008 - 12:00 a.m.
Debian Security Advisory DSA 124-1 (mtr)
2008-01-1700:00:00
Copyright (C) 2008 E-Soft Inc.
plugins.openvas.org
1
CVSS2
2.1
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
AI Score
7.2
Confidence
Low
EPSS
0
Percentile
5.1%
The remote host is missing an update to mtr
announced via advisory DSA 124-1.
# SPDX-FileCopyrightText: 2008 E-Soft Inc.
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.53399");
script_cve_id("CVE-2002-0497");
script_version("2023-07-19T05:05:15+0000");
script_tag(name:"last_modification", value:"2023-07-19 05:05:15 +0000 (Wed, 19 Jul 2023)");
script_tag(name:"creation_date", value:"2008-01-17 22:24:46 +0100 (Thu, 17 Jan 2008)");
script_tag(name:"cvss_base", value:"2.1");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:N/I:P/A:N");
script_name("Debian Security Advisory DSA 124-1 (mtr)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2008 E-Soft Inc.");
script_family("Debian Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages", re:"ssh/login/release=DEB2\.2");
script_xref(name:"URL", value:"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20124-1");
script_tag(name:"insight", value:"The authors of mtr released a new upstream version, noting a
non-exploitable buffer overflow in their ChangeLog. Przemyslaw
Frasunek, however, found an easy way to exploit this bug, which allows
an attacker to gain access to the raw socket, which makes IP spoofing
and other malicious network activity possible.
The problem has been fixed by the Debian maintainer in version 0.41-6
for the stable distribution of Debian by backporting the upstream fix
and in version 0.48-1 for the testing/unstable distribution.");
script_tag(name:"solution", value:"We recommend that you upgrade your mtr package immediately.");
script_tag(name:"summary", value:"The remote host is missing an update to mtr
announced via advisory DSA 124-1.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
res = "";
report = "";
if((res = isdpkgvuln(pkg:"mtr", ver:"0.41-6", rls:"DEB2.2")) != NULL) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
Related
nessus
nessus
Debian DSA-124-1 : mtr - buffer overflow
2004-09-29 00:00:00
openvas
openvas
Debian Security Advisory DSA 124-1 (mtr)
2008-01-17 00:00:00
cvelist
cvelist
CVE-2002-0497
2003-04-02 05:00:00
redhatcve
redhatcve
CVE-2002-0497
2015-10-30 09:33:38
nvd
nvd
CVE-2002-0497
2002-08-12 04:00:00
cve
cve
CVE-2002-0497
2003-04-02 05:00:00
CVSS2
2.1
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
AI Score
7.2
Confidence
Low
EPSS
0
Percentile
5.1%
Related for OPENVAS:136141256231053399