CVE-2008-2357

Stack-based buffer overflow in the split_redraw function in split.c in mtr before 0.73, when invoked with the -p (aka --split) option, allows remote attackers to execute arbitrary code via a crafted DNS PTR record. NOTE: it could be argued that this is a vulnerability in the ns_name_ntop function in resolv/ns_name.c in glibc and the proper fix should be in glibc; if so, then this should not be treated as a vulnerability in mtr.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://seclists.org/fulldisclosure/2008/May/0488.html	Exploit
http://www.openwall.com/lists/oss-security/2008/05/21/1
http://www.openwall.com/lists/oss-security/2008/05/21/3
http://www.openwall.com/lists/oss-security/2008/05/21/4
ftp://ftp.bitwizard.nl/mtr/mtr-0.73.diff
https://issues.rpath.com/browse/RPL-2558
http://secunia.com/advisories/30312	Vendor Advisory
http://www.debian.org/security/2008/dsa-1587
http://www.securityfocus.com/bid/29290
http://www.securitytracker.com/id?1020046
http://secunia.com/advisories/30340
http://security.gentoo.org/glsa/glsa-200806-01.xml
http://secunia.com/advisories/30522
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
http://www.mandriva.com/security/advisories?name=MDVSA-2008:176
http://secunia.com/advisories/30967
http://securityreason.com/securityalert/3903
http://secunia.com/advisories/30359
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0175
https://exchange.xforce.ibmcloud.com/vulnerabilities/42535
http://www.securityfocus.com/archive/1/492260/100/0/threaded

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.22:::::::*
	cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.23:::::::*
	cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.30:::::::*
	cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.31:::::::*
	cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.39:::::::*
	cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.40:::::::*
	cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.47:::::::*
	cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.48:::::::*
	cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.55:::::::*
	cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.56:::::::*
	cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.64:::::::*
	cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.35:::::::*
	cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.25:::::::*
	cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.69:::::::*
	cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.49:::::::*
	cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.59:::::::*
	cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.34:::::::*
	cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.60:::::::*
	cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.52:::::::*
	cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.42:::::::*
	cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.32:::::::*
	cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.24:::::::*
	cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.65:::::::*
	cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.51:::::::*
	cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.68:::::::*
	cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.43:::::::*
	cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.61:::::::*
	cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.26:::::::*
	cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.44:::::::*
	cpe:2.3:a:matt_kimball_and_roger_wolff:mtr::::::::
	cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.33:::::::*
	cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.27:::::::*
	cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.41:::::::*
	cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.37:::::::*
	cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.58:::::::*
	cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.70:::::::*
	cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.46:::::::*
	cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.71:::::::*
	cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.45:::::::*
	cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.28:::::::*
	cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.38:::::::*
	cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.66:::::::*
	cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.29:::::::*
	cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.50:::::::*
	cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.57:::::::*
	cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.62:::::::*
	cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.36:::::::*
	cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.63:::::::*
	cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.21:::::::*
	cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.67:::::::*
	cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.53:::::::*
	cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.54:::::::*

Information

Published : 2008-05-21 06:24

Updated : 2018-10-11 13:40

NVD link : CVE-2008-2357

Mitre link : CVE-2008-2357

JSON object : View

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Products Affected

matt_kimball_and_roger_wolff

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://seclists.org/fulldisclosure/2008/May/0488.html", "name": "20080519 Mtr - remote and local stack overflow - uncomment situation in libresolv.", "tags": ["Exploit"], "refsource": "FULLDISC"}, {"url": "http://www.openwall.com/lists/oss-security/2008/05/21/1", "name": "[oss-security] 20080521 Re: CVE request: mtr", "tags": [], "refsource": "MLIST"}, {"url": "http://www.openwall.com/lists/oss-security/2008/05/21/3", "name": "[oss-security] 20080521 Re: CVE request: mtr", "tags": [], "refsource": "MLIST"}, {"url": "http://www.openwall.com/lists/oss-security/2008/05/21/4", "name": "[oss-security] 20080521 Re: CVE request: mtr", "tags": [], "refsource": "MLIST"}, {"url": "ftp://ftp.bitwizard.nl/mtr/mtr-0.73.diff", "name": "ftp://ftp.bitwizard.nl/mtr/mtr-0.73.diff", "tags": [], "refsource": "CONFIRM"}, {"url": "https://issues.rpath.com/browse/RPL-2558", "name": "https://issues.rpath.com/browse/RPL-2558", "tags": [], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/30312", "name": "30312", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.debian.org/security/2008/dsa-1587", "name": "DSA-1587", "tags": [], "refsource": "DEBIAN"}, {"url": "http://www.securityfocus.com/bid/29290", "name": "29290", "tags": [], "refsource": "BID"}, {"url": "http://www.securitytracker.com/id?1020046", "name": "1020046", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/30340", "name": "30340", "tags": [], "refsource": "SECUNIA"}, {"url": "http://security.gentoo.org/glsa/glsa-200806-01.xml", "name": "GLSA-200806-01", "tags": [], "refsource": "GENTOO"}, {"url": "http://secunia.com/advisories/30522", "name": "30522", "tags": [], "refsource": "SECUNIA"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html", "name": "SUSE-SR:2008:014", "tags": [], "refsource": "SUSE"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:176", "name": "MDVSA-2008:176", "tags": [], "refsource": "MANDRIVA"}, {"url": "http://secunia.com/advisories/30967", "name": "30967", "tags": [], "refsource": "SECUNIA"}, {"url": "http://securityreason.com/securityalert/3903", "name": "3903", "tags": [], "refsource": "SREASON"}, {"url": "http://secunia.com/advisories/30359", "name": "30359", "tags": [], "refsource": "SECUNIA"}, {"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0175", "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0175", "tags": [], "refsource": "CONFIRM"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42535", "name": "mtr-splitredraw-bo(42535)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/492260/100/0/threaded", "name": "20080519 Mtr - remote and local stack overflow - uncomment situation in libresolv.", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Stack-based buffer overflow in the split_redraw function in split.c in mtr before 0.73, when invoked with the -p (aka --split) option, allows remote attackers to execute arbitrary code via a crafted DNS PTR record. NOTE: it could be argued that this is a vulnerability in the ns_name_ntop function in resolv/ns_name.c in glibc and the proper fix should be in glibc; if so, then this should not be treated as a vulnerability in mtr."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-119"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2008-2357", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2008-05-21T13:24Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.39:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.40:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.47:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.48:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.55:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.56:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.64:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.69:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.49:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.59:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.60:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.52:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.42:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.24:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.65:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.51:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.68:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.43:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.61:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.26:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.44:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "0.72"}, {"cpe23Uri": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.27:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.41:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.37:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.58:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.70:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.46:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.71:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.45:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.28:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.38:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.66:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.29:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.50:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.57:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.62:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.63:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.67:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.53:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.54:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-11T20:40Z"}

6.8 /10