Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Potential security problem with mtr - fixed
From: jeffd () EVCOM NET (Jeff Dafoe)
Date: Mon, 6 Mar 2000 10:24:56 -0500

The mtr developers have been contacted on the address supplied with
the code, but no reply has been received.

The remedy to this problem is very simple: the call to seteuid()
should be replaced with a call to setuid(). Apply the following
diff to mtr.c
in the mtr distribution.

From /usr/doc/mtr/changelog.Debian.gz:

mtr (0.28-1) stable; urgency=high

  * Security fix for theoretical stack-smash-and-fork attack -
    s/seteuid/setuid/ in mtr.c

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]