Upstream information

CVE-2008-2357 at MITRE

Description

Stack-based buffer overflow in the split_redraw function in split.c in mtr before 0.73, when invoked with the -p (aka --split) option, allows remote attackers to execute arbitrary code via a crafted DNS PTR record. NOTE: it could be argued that this is a vulnerability in the ns_name_ntop function in resolv/ns_name.c in glibc and the proper fix should be in glibc; if so, then this should not be treated as a vulnerability in mtr.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 6.8
Vector AV:N/AC:M/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
SUSE Bugzilla entry: 392458 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise SDK 10 SP2
  • mtr >= 0.69-18.7
  • mtr-gtk >= 0.69-18.7
sle10-sp1-sdk.ia64
sle10-sp2-sdk.x86-64
sles10-sp2.x86
sles10.s390x
sle10-sp1-sdk.ppc
sles10.x86-64
sle10-sp2-sdk.s390x
sles10-sp2.ppc
sles10-sp2.s390x
sles10-sp2.ia64
sle10-sp2-sdk.ppc
sle10-sp2-sdk.x86
sles10.ppc
sle10-sp1-sdk.s390x
sles10.ia64
sle10-sp1-sdk.x86
sles10.x86
sle10-sp2-sdk.ia64
sles10-sp2.x86-64
sle10-sp1-sdk.x86-64
ZYPP Patch Nr: 5291