PT-2004-2172 · Mtr · Mtr

Publicado

2004-12-15

Atualizado

2017-07-11

CVE-2004-1224

CVSS v2.0

4.6

Média

Vetor

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: mtr versions 0.55 through 0.65

Description: The issue is caused by an off-by-one error in the mtr curses keyaction function. This error allows local users to hijack raw sockets. The "s" keybinding is used as an example to demonstrate this issue, which results in a buffer without a NULL terminator.

Recommendations: For mtr versions 0.55 through 0.65, update to a version that fixes the off-by-one error in the mtr curses keyaction function to prevent local users from hijacking raw sockets.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2004-1224

Produtos afetados

Mtr

PT-2004-2172 · Mtr · Mtr

CVE-2004-1224

Identificadores relacionados

Produtos afetados

Referências · 6