PT-2001-1104 · Linux+1 · Linux+1

Published

2001-03-12

Updated

2016-10-18

CVE-2000-0314

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions NetBSD version 1.3.3 Linux systems (affected versions not specified)

Description The issue allows local users to flood other systems by exploiting the traceroute command. This is achieved by providing a large waittime option, which is not properly parsed and results in setting the time delay for sending packets to zero.

Recommendations For NetBSD version 1.3.3, avoid using the -w option with large values in the traceroute command until a fix is available. For Linux systems, restrict the use of the traceroute command with the -w option to prevent flooding attacks, and consider implementing rate limiting on outgoing packets.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2000-0314

Affected Products

Linux

Netbsd

PT-2001-1104 · Linux+1 · Linux+1

CVE-2000-0314

Related Identifiers

Affected Products

References · 4