LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: September 22nd, 2014
Linux Advisory Watch: September 19th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Debian: NANOG traceroute buffer overflow vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by LinuxSecurity.com Team   
Debian Due to insufficient bounds checking performed by the whois parser, it may be possible to corrupt memory on the system stack.

--------------------------------------------------------------------------
Debian Security Advisory DSA 254-1                     security@debian.org 
http://www.debian.org/security/                             Martin Schulze
February 27th, 2003                      http://www.debian.org/security/faq
--------------------------------------------------------------------------

Package        : traceroute-nanog
Vulnerability  : buffer overflow
Problem-Type   : local, remote
Debian-specific: no
CVE Id         : CAN-2002-1051 CAN-2002-1364 CAN-2002-1386 CAN-2002-1387
BugTraq Id     : 4956 6166 6274 6275

A vulnerability has been discovered in NANOG traceroute, an enhanced
version of the Van Jacobson/BSD traceroute program.  A buffer overflow
occurs in the 'get_origin()' function.  Due to insufficient bounds
checking performed by the whois parser, it may be possible to corrupt
memory on the system stack.  This vulnerability can be exploited by a
remote attacker to gain root privileges on a target host.  Though,
most probably not in Debian.

The Common Vulnerabilities and Exposures (CVE) project additionally
identified the following vulnerabilities which were already fixed in
the Debian version in stable (woody) and oldstable (potato) and are
mentioned here for completeness (and since other distributions had to
release a separate advisory for them):

 * CAN-2002-1364 (BugTraq ID 6166) talks about a buffer overflow in
   the get_origin function which allows attackers to execute arbitrary
   code via long WHOIS responses.

 * CAN-2002-1051 (BugTraq ID 4956) talks about a format string
   vulnerability that allows local users to execute arbitrary code via
   the -T (terminator) command line argument.

 * CAN-2002-1386 talks about a buffer overflow that may allow local
   users to execute arbitrary code via a long hostname argument.

 * CAN-2002-1387 talks about the spray mode that may allow local users
   to overwrite arbitrary memory locations.

Fortunately, the Debian package drops privileges quite early after
startup, so those problems aer not likely to result in an exploit on a
Debian machine.

For the current stable distribution (woody) the above problem has been
fixed in version 6.1.1-1.2.
For the old stable distribution (potato) the above problem has been
fixed in version 6.0-2.2.

For the unstable distribution (sid) these problems have been fixed in
version 6.3.0-1.

We recommend that you upgrade your traceroute-nanog package.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 2.2 alias potato
---------------------------------

  Source archives:

     http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.0-2.2.dsc
      Size/MD5 checksum:      578 c0a65b3b527a4939ceb53195eb67078f
     http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.0-2.2.diff.gz
      Size/MD5 checksum:     6651 74ae0eb419bd8bcbcf3f0f591b1015aa
     http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.0.orig.tar.gz
      Size/MD5 checksum:    27020 39246e5b1d44d6276489d4801c4a7bfb

  Alpha architecture:

     http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.0-2.2_alpha.deb
      Size/MD5 checksum:    23168 67c44d189c1c2c8384e49fda6dc25df1

  ARM architecture:

     http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.0-2.2_arm.deb
      Size/MD5 checksum:    19872 4f9a429c9eb0623e02ebcf226dcfb20a

  Intel IA-32 architecture:

     http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.0-2.2_i386.deb
      Size/MD5 checksum:    18588 78445b5c9cbef332d14f22e40dce094b

  Motorola 680x0 architecture:

     http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.0-2.2_m68k.deb
      Size/MD5 checksum:    17742 a797b9831aee1f5bdca3fa879a39fc34

  PowerPC architecture:

     http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.0-2.2_powerpc.deb
      Size/MD5 checksum:    19550 66ccd20f5d062885425531ee141d0cf1

  Sun Sparc architecture:

     http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.0-2.2_sparc.deb
      Size/MD5 checksum:    22154 623a8662411fd9a00fea53688237c60d


Debian GNU/Linux 3.0 alias woody
--------------------------------

  Source archives:

     http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2.dsc
      Size/MD5 checksum:      589 d7eb4bd225e4f2fc16c021776da0c081
     http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2.diff.gz
      Size/MD5 checksum:     6769 fbe2f9d877d77681846838bf7dea67f2
     http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1.orig.tar.gz
      Size/MD5 checksum:    27560 493e77d8cf0e86744668e3efd4622378

  Alpha architecture:

     http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2_alpha.deb
      Size/MD5 checksum:    23882 82ddf32182750bc2fa044a6cf9a85733

  ARM architecture:

     http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2_arm.deb
      Size/MD5 checksum:    20374 e23517c29047740b8d8b0ae7820e10f8

  Intel IA-32 architecture:

     http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2_i386.deb
      Size/MD5 checksum:    19068 2be7ec42cc04ffff294a53b3156126d2

  Intel IA-64 architecture:


     http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2_ia64.deb
      Size/MD5 checksum:    26644 6c77e2d0deca24c66840705f790bdb80

  HP Precision architecture:

     http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2_hppa.deb
      Size/MD5 checksum:    21754 562203dd8680bc949e13af13665a5bf7

  Motorola 680x0 architecture:

     http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2_m68k.deb
      Size/MD5 checksum:    18360 511b65c864403cdd3837a5f864349244

  Big endian MIPS architecture:

     http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2_mips.deb
      Size/MD5 checksum:    21370 67ea3bb02eae05d9036cacd9b2077a04

  Little endian MIPS architecture:

     http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2_mipsel.deb
      Size/MD5 checksum:    21414 4d3606016b222a566fc9b9221b1cf7e5

  PowerPC architecture:

     http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2_powerpc.deb
      Size/MD5 checksum:    20320 378a7f4eaf2b14f30d8d1e97d5562bdc

  IBM S/390 architecture:

     http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2_s390.deb
      Size/MD5 checksum:    20286 3433605f96800f3028330cac370018e8

  Sun Sparc architecture:

     http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2_sparc.deb
      Size/MD5 checksum:    23038 2785266b4cd3c7c14ebd50be2095dcf4


  These files will probably be moved into the stable distribution on
  its next revision.

---------------------------------------------------------------------------------
For apt-get: deb  http://security.debian.org/ stable/updates main
For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and  http://packages.debian.org/


 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Snowden: New Zealand Is Spying, Too
DDoS attackers turn fire on ISPs and gaming servers
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.