The security problem in the traceroute program as shipped with SuSE Linux distributions is completely different from the one reported on security mailing lists a few days ago (`traceroute -g 1 -g 1’) by Pekka Savola <pekkas@xxxxxxxxxx>. SuSE distributions do not contain this particular traceroute implementation. The problem in our traceroute was discovered independently and reported to us by H D Moore <hdm@xxxxxxxxxxxxxxxx>. The problem in the implementation of traceroute that we ship is a format string parsing bug in a routine that can be used to terminate a line in traceroute’s output to easily embed the program in cgi scripts as used for web frontends for traceroute. Using a specially crafted sequence of characters on the commandline, it is possile to trick the traceroute program into running arbitrary code as root.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
openSUSE | 6.4 | ppc | nkitb | < 2000.10.4-0 | nkitb-2000.10.4-0.ppc.rpm |
openSUSE | 7.0 | i386 | nkitb | < 2000.10.4-0 | nkitb-2000.10.4-0.i386.rpm |
openSUSE | 6.3 | alpha | nkita | < 2000.10.4-0 | nkita-2000.10.4-0.alpha.rpm |
openSUSE | 6.3 | i386 | nkita | < 2000.10.4-0 | nkita-2000.10.4-0.i386.rpm |
openSUSE | 6.2 | i386 | nkita | < 2000.10.4-0 | nkita-2000.10.4-0.i386.rpm |
openSUSE | 6.1 | i386 | nkita | < 2000.10.4-0 | nkita-2000.10.4-0.i386.rpm |
openSUSE | 7.0 | sparc | nkitb | < 2000.10.4-0 | nkitb-2000.10.4-0.sparc.rpm |
openSUSE | 7.0 | ppc | nkitb | < 2000.10.5-0 | nkitb-2000.10.5-0.ppc.rpm |
openSUSE | 6.4 | i386 | nkitb | < 2000.7.11-0 | nkitb-2000.7.11-0.i386.rpm |
openSUSE | 6.4 | alpha | nkitb | < 2000.10.4-0 | nkitb-2000.10.4-0.alpha.rpm |