首页 -> 安全研究
安全研究
安全漏洞
MTR本地缓冲区溢出漏洞
发布日期:2002-02-27
更新日期:2002-03-07
受影响系统:
MTR MTR 0.45不受影响系统:
- Caldera OpenLinux Server 3.1.1
- Caldera OpenLinux Workstation 3.1.1
- Debian Linux 2.2 arm
- Debian Linux 2.2 sparc
- Debian Linux 2.2 68k
- Debian Linux 2.2 IA-32
- Debian Linux 2.2 alpha
- Debian Linux 2.2 powerpc
- FreeBSD 4.5
- Mandrake Linux 8.1
- Mandrake Linux 8.0
- RedHat Linux 7.2 x86
- RedHat Linux 7.2 ia64
- RedHat Linux 7.1
- RedHat Linux 7.1 ia64
- RedHat Linux 7.1 x86
- RedHat Linux 7.1 alpha
- RedHat Linux 7.0 sparc
- RedHat Linux 7.0
- RedHat Linux 7.0 x86
- RedHat Linux 7.0 alpha
- Slackware Linux 8.0
- Slackware Linux 7.1
- Sun Solaris 8.0
- Sun Solaris 7.0
- Sun Solaris 2.6 x86
- Sun Solaris 2.6
MTR MTR 0.46
- Caldera OpenLinux Server 3.1.1
- Caldera OpenLinux Workstation 3.1.1
- Debian Linux 2.2 IA-32
- Debian Linux 2.2 alpha
- Debian Linux 2.2 powerpc
- Debian Linux 2.2 arm
- Debian Linux 2.2 sparc
- Debian Linux 2.2 68k
- FreeBSD 4.5
- Mandrake Linux 8.1
- Mandrake Linux 8.0
- RedHat Linux 7.2 ia64
- RedHat Linux 7.2 x86
- RedHat Linux 7.1 x86
- RedHat Linux 7.1 alpha
- RedHat Linux 7.1
- RedHat Linux 7.1 ia64
- RedHat Linux 7.0 x86
- RedHat Linux 7.0 alpha
- RedHat Linux 7.0 sparc
- RedHat Linux 7.0
- Slackware Linux 8.0
- Slackware Linux 7.1
- Sun Solaris 8.0
- Sun Solaris 7.0
- Sun Solaris 2.6 x86
- Sun Solaris 2.6
MTR MTR 0.47描述:
- Caldera OpenLinux Server 3.1.1
- Caldera OpenLinux Workstation 3.1.1
- Debian Linux 2.2 alpha
- Debian Linux 2.2 powerpc
- Debian Linux 2.2 arm
- Debian Linux 2.2 sparc
- Debian Linux 2.2 68k
- Debian Linux 2.2 IA-32
- FreeBSD 4.5
- Mandrake Linux 8.1
- Mandrake Linux 8.0
- RedHat Linux 7.2 ia64
- RedHat Linux 7.2 x86
- RedHat Linux 7.1
- RedHat Linux 7.1 ia64
- RedHat Linux 7.1 x86
- RedHat Linux 7.1 alpha
- RedHat Linux 7.0 alpha
- RedHat Linux 7.0 sparc
- RedHat Linux 7.0
- RedHat Linux 7.0 x86
- Slackware Linux 8.0
- Slackware Linux 7.1
- Sun Solaris 8.0
- Sun Solaris 7.0
- Sun Solaris 2.6
- Sun Solaris 2.6 x86
BUGTRAQ ID: 4217
CVE(CAN) ID: CVE-2002-0497
MTR是种免费使用、开放源码的应用程序,集成了traceroute和ping功能。
MTR存在本地缓冲区溢出漏洞。
在处理MTR_OPTIONS环境变量时,缺乏足够的边界检查,导致本地缓冲区溢出。该程序是setuid-to-root的,潜在允许攻击者获取root权限。
<*来源:Damian Gryski (dgryski@uwaterloo.ca)
*>
建议:
临时解决方法:
如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:
* 暂时去掉MTR程序的suid root位。
厂商补丁:
MTR
---
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
mtr Upgrade mtr-0.47.tar.gz
ftp://ftp.bitwizard.nl/mtr/mtr-0.47.tar.gz
浏览次数:3152
严重程度:0(网友投票)
绿盟科技给您安全的保障