PT-2004-2172 · Mtr · Mtr

Published

2004-12-15

Updated

2017-07-11

CVE-2004-1224

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: mtr versions 0.55 through 0.65

Description: The issue is caused by an off-by-one error in the mtr curses keyaction function. This error allows local users to hijack raw sockets. The "s" keybinding is used as an example to demonstrate this issue, which results in a buffer without a NULL terminator.

Recommendations: For mtr versions 0.55 through 0.65, update to a version that fixes the off-by-one error in the mtr curses keyaction function to prevent local users from hijacking raw sockets.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-1224

Affected Products

Mtr

PT-2004-2172 · Mtr · Mtr

CVE-2004-1224

Related Identifiers

Affected Products

References · 6