Debian DSA-330-1 : tcptraceroute - failure to drop root privileges

tcptraceroute is a setuid-root program which drops root privileges after obtaining a file descriptor used for raw packet capture. However, it did not fully relinquish all privileges, and in the event of an exploitable vulnerability, root privileges could be regained. No current exploit is known,...

CVE-2003-0489

tcptraceroute 1.4 and earlier does not fully drop privileges after obtaining a file descriptor for capturing packets, which may allow local users to gain access to the descriptor via a separate vulnerability in tcptraceroute...

CVE-2003-0489

CVE-2003-0489 applies to tcptraceroute 1.4 and earlier, where the program’s privilege-dropping after obtaining a file descriptor for raw packet capture is incomplete. Several connected sources document that a local attacker could potentially access the capture descriptor via a separate vulnerabil...

CVE-2003-0489

tcptraceroute 1.4 and earlier does not fully drop privileges after obtaining a file descriptor for capturing packets, which may allow local users to gain access to the descriptor via a separate vulnerability in tcptraceroute...