--------------------------------------------------------------------------
Debian Security Advisory DSA 254-1                     security@debian.org 
Debian -- Security Information                              Martin Schulze
February 27th, 2003                      http://www.debian.org/security/faq
--------------------------------------------------------------------------

Package        : traceroute-nanog
Vulnerability  : buffer overflow
Problem-Type   : local, remote
Debian-specific: no
CVE Id         : CAN-2002-1051 CAN-2002-1364 CAN-2002-1386 CAN-2002-1387
BugTraq Id     : 4956 6166 6274 6275

A vulnerability has been discovered in NANOG traceroute, an enhanced
version of the Van Jacobson/BSD traceroute program.  A buffer overflow
occurs in the 'get_origin()' function.  Due to insufficient bounds
checking performed by the whois parser, it may be possible to corrupt
memory on the system stack.  This vulnerability can be exploited by a
remote attacker to gain root privileges on a target host.  Though,
most probably not in Debian.

The Common Vulnerabilities and Exposures (CVE) project additionally
identified the following vulnerabilities which were already fixed in
the Debian version in stable (woody) and oldstable (potato) and are
mentioned here for completeness (and since other distributions had to
release a separate advisory for them):

 * CAN-2002-1364 (BugTraq ID 6166) talks about a buffer overflow in
   the get_origin function which allows attackers to execute arbitrary
   code via long WHOIS responses.

 * CAN-2002-1051 (BugTraq ID 4956) talks about a format string
   vulnerability that allows local users to execute arbitrary code via
   the -T (terminator) command line argument.

 * CAN-2002-1386 talks about a buffer overflow that may allow local
   users to execute arbitrary code via a long hostname argument.

 * CAN-2002-1387 talks about the spray mode that may allow local users   to overwrite arbitrary memory locations.

Fortunately, the Debian package drops privileges quite early after
startup, so those problems aer not likely to result in an exploit on a
Debian machine.

For the current stable distribution (woody) the above problem has been
fixed in version 6.1.1-1.2.
For the old stable distribution (potato) the above problem has been
fixed in version 6.0-2.2.

For the unstable distribution (sid) these problems have been fixed in
version 6.3.0-1.

We recommend that you upgrade your traceroute-nanog package.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 2.2 alias potato
---------------------------------

  Source archives:

      
      Size/MD5 checksum:      578 c0a65b3b527a4939ceb53195eb67078f
      
      Size/MD5 checksum:     6651 74ae0eb419bd8bcbcf3f0f591b1015aa
      
      Size/MD5 checksum:    27020 39246e5b1d44d6276489d4801c4a7bfb

  Alpha architecture:

      
      Size/MD5 checksum:    23168 67c44d189c1c2c8384e49fda6dc25df1

  ARM architecture:

      
      Size/MD5 checksum:    19872 4f9a429c9eb0623e02ebcf226dcfb20a

  Intel IA-32 architecture:

      
      Size/MD5 checksum:    18588 78445b5c9cbef332d14f22e40dce094b

  Motorola 680x0 architecture:

      
      Size/MD5 checksum:    17742 a797b9831aee1f5bdca3fa879a39fc34

  PowerPC architecture:

      
      Size/MD5 checksum:    19550 66ccd20f5d062885425531ee141d0cf1

  Sun Sparc architecture:

      
      Size/MD5 checksum:    22154 623a8662411fd9a00fea53688237c60d


Debian GNU/Linux 3.0 alias woody
--------------------------------

  Source archives:

      
      Size/MD5 checksum:      589 d7eb4bd225e4f2fc16c021776da0c081
      
      Size/MD5 checksum:     6769 fbe2f9d877d77681846838bf7dea67f2
      
      Size/MD5 checksum:    27560 493e77d8cf0e86744668e3efd4622378

  Alpha architecture:

      
      Size/MD5 checksum:    23882 82ddf32182750bc2fa044a6cf9a85733

  ARM architecture:

      
      Size/MD5 checksum:    20374 e23517c29047740b8d8b0ae7820e10f8

  Intel IA-32 architecture:

      
      Size/MD5 checksum:    19068 2be7ec42cc04ffff294a53b3156126d2

  Intel IA-64 architecture:


      
      Size/MD5 checksum:    26644 6c77e2d0deca24c66840705f790bdb80

  HP Precision architecture:

      
      Size/MD5 checksum:    21754 562203dd8680bc949e13af13665a5bf7

  Motorola 680x0 architecture:

      
      Size/MD5 checksum:    18360 511b65c864403cdd3837a5f864349244

  Big endian MIPS architecture:

      
      Size/MD5 checksum:    21370 67ea3bb02eae05d9036cacd9b2077a04

  Little endian MIPS architecture:

      
      Size/MD5 checksum:    21414 4d3606016b222a566fc9b9221b1cf7e5

  PowerPC architecture:

      
      Size/MD5 checksum:    20320 378a7f4eaf2b14f30d8d1e97d5562bdc

  IBM S/390 architecture:

      
      Size/MD5 checksum:    20286 3433605f96800f3028330cac370018e8

  Sun Sparc architecture:

      
      Size/MD5 checksum:    23038 2785266b4cd3c7c14ebd50be2095dcf4


  These files will probably be moved into the stable distribution on
  its next revision.

---------------------------------------------------------------------------------
For apt-get: deb  Debian -- Security Information  stable/updates main
For dpkg-ftp:    dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and  http://packages.debian.org/

Debian: NANOG traceroute buffer overflow vulnerability

February 27, 2003
Due to insufficient bounds checking performed by the whois parser, it may be possible to corrupt memory on the system stack.

Summary

A vulnerability has been discovered in NANOG traceroute, an enhanced
version of the Van Jacobson/BSD traceroute program. A buffer overflow
occurs in the 'get_origin()' function. Due to insufficient bounds
checking performed by the whois parser, it may be possible to corrupt
memory on the system stack. This vulnerability can be exploited by a
remote attacker to gain root privileges on a target host. Though,
most probably not in Debian.

The Common Vulnerabilities and Exposures (CVE) project additionally
identified the following vulnerabilities which were already fixed in
the Debian version in stable (woody) and oldstable (potato) and are
mentioned here for completeness (and since other distributions had to
release a separate advisory for them):

* CAN-2002-1364 (BugTraq ID 6166) talks about a buffer overflow in
the get_origin function which allows attackers to execute arbitrary
code via long WHOIS responses.

* CAN-2002-1051 (BugTraq ID 4956) talks about a format string
vulnerability that allows local users to execute arbitrary code via
the -T (terminator) command line argument.

* CAN-2002-1386 talks about a buffer overflow that may allow local
users to execute arbitrary code via a long hostname argument.

* CAN-2002-1387 talks about the spray mode that may allow local users to overwrite arbitrary memory locations.

Fortunately, the Debian package drops privileges quite early after
startup, so those problems aer not likely to result in an exploit on a
Debian machine.

For the current stable distribution (woody) the above problem has been
fixed in version 6.1.1-1.2.
For the old stable distribution (potato) the above problem has been
fixed in version 6.0-2.2.

For the unstable distribution (sid) these problems have been fixed in
version 6.3.0-1.

We recommend that you upgrade your traceroute-nanog package.

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 2.2 alias potato
---------------------------------

Source archives:


Size/MD5 checksum: 578 c0a65b3b527a4939ceb53195eb67078f

Size/MD5 checksum: 6651 74ae0eb419bd8bcbcf3f0f591b1015aa

Size/MD5 checksum: 27020 39246e5b1d44d6276489d4801c4a7bfb

Alpha architecture:


Size/MD5 checksum: 23168 67c44d189c1c2c8384e49fda6dc25df1

ARM architecture:


Size/MD5 checksum: 19872 4f9a429c9eb0623e02ebcf226dcfb20a

Intel IA-32 architecture:


Size/MD5 checksum: 18588 78445b5c9cbef332d14f22e40dce094b

Motorola 680x0 architecture:


Size/MD5 checksum: 17742 a797b9831aee1f5bdca3fa879a39fc34

PowerPC architecture:


Size/MD5 checksum: 19550 66ccd20f5d062885425531ee141d0cf1

Sun Sparc architecture:


Size/MD5 checksum: 22154 623a8662411fd9a00fea53688237c60d


Debian GNU/Linux 3.0 alias woody
--------------------------------

Source archives:


Size/MD5 checksum: 589 d7eb4bd225e4f2fc16c021776da0c081

Size/MD5 checksum: 6769 fbe2f9d877d77681846838bf7dea67f2

Size/MD5 checksum: 27560 493e77d8cf0e86744668e3efd4622378

Alpha architecture:


Size/MD5 checksum: 23882 82ddf32182750bc2fa044a6cf9a85733

ARM architecture:


Size/MD5 checksum: 20374 e23517c29047740b8d8b0ae7820e10f8

Intel IA-32 architecture:


Size/MD5 checksum: 19068 2be7ec42cc04ffff294a53b3156126d2

Intel IA-64 architecture:



Size/MD5 checksum: 26644 6c77e2d0deca24c66840705f790bdb80

HP Precision architecture:


Size/MD5 checksum: 21754 562203dd8680bc949e13af13665a5bf7

Motorola 680x0 architecture:


Size/MD5 checksum: 18360 511b65c864403cdd3837a5f864349244

Big endian MIPS architecture:


Size/MD5 checksum: 21370 67ea3bb02eae05d9036cacd9b2077a04

Little endian MIPS architecture:


Size/MD5 checksum: 21414 4d3606016b222a566fc9b9221b1cf7e5

PowerPC architecture:


Size/MD5 checksum: 20320 378a7f4eaf2b14f30d8d1e97d5562bdc

IBM S/390 architecture:


Size/MD5 checksum: 20286 3433605f96800f3028330cac370018e8

Sun Sparc architecture:


Size/MD5 checksum: 23038 2785266b4cd3c7c14ebd50be2095dcf4


These files will probably be moved into the stable distribution on
its next revision.

Severity
Package : traceroute-nanog
Vulnerability : buffer overflow
Problem-Type : local, remote
Debian-specific: no
CVE Id : CAN-2002-1051 CAN-2002-1364 CAN-2002-1386 CAN-2002-1387
BugTraq Id : 4956 6166 6274 6275

Related News

5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved