Mtr Security Vulnerabilities - February

CVE-2000-0172

The mtr program only uses a seteuid call when attempting to drop privileges, which could allow local users to gain root privileges.

CVE-2008-2357

Stack-based buffer overflow in the split_redraw function in split.c in mtr before 0.73, when invoked with the -p (aka --split) option, allows remote attackers to execute arbitrary code via a crafted DNS PTR record. NOTE: it could be argued that this is a vulnerability in the ns_name_ntop function i...