CVE-2003-0489

Name of the Vulnerable Software and Affected Versions tcptraceroute versions 1.4 and earlier

Description The issue concerns a problem where tcptraceroute does not fully drop privileges after obtaining a file descriptor for capturing packets. This may allow local users to gain access to the descriptor via a separate issue in tcptraceroute. Additionally, there are multiple vulnerabilities in the tcptraceroute package that can lead to breaches of confidentiality, integrity, and availability of protected information, potentially exploitable by a local attacker.

Recommendations For tcptraceroute versions 1.4 and earlier, consider restricting access to the packet capture functionality until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.