• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Traceroute-nanog Local Buffer Overflow Vulnerability

Solution:
The vendor has released fixes addressing this issue. Users are advised to upgrade to the latest packages.

It has been reported that the fixes made available by SuSE do not fix the vulnerability, but instead remove root privileges from the executable. Remote code execution may be possible if an attacker controls the resolving host.

Fixes:


Ehud Gavron TrACESroute 6.0

• Debian traceroute-nanog_6.0-2.2_alpha.deb
  http://security.debian.org/pool/updates/main/t/traceroute-nanog/tracer oute-nanog_6.0-2.2_alpha.deb


• Debian traceroute-nanog_6.0-2.2_arm.deb
  http://security.debian.org/pool/updates/main/t/traceroute-nanog/tracer oute-nanog_6.0-2.2_arm.deb


• Debian traceroute-nanog_6.0-2.2_i386.deb
  http://security.debian.org/pool/updates/main/t/traceroute-nanog/tracer oute-nanog_6.0-2.2_i386.deb


• Debian traceroute-nanog_6.0-2.2_m68k.deb
  http://security.debian.org/pool/updates/main/t/traceroute-nanog/tracer oute-nanog_6.0-2.2_m68k.deb


• Debian traceroute-nanog_6.0-2.2_powerpc.deb
  http://security.debian.org/pool/updates/main/t/traceroute-nanog/tracer oute-nanog_6.0-2.2_powerpc.deb


• Debian traceroute-nanog_6.0-2.2_sparc.deb
  http://security.debian.org/pool/updates/main/t/traceroute-nanog/tracer oute-nanog_6.0-2.2_sparc.deb


• SuSE nkitb-2002.11.6-0.alpha.rpm
  ftp://ftp.suse.com/pub/suse/axp/update/7.0/a1/nkitb-2002.11.6-0.alpha. rpm


• SuSE nkitb-2002.11.6-0.i386.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/7.0/a1/nkitb-2002.11.6-0.i386. rpm


• SuSE nkitb-2002.11.6-0.ppc.rpm
  ftp://ftp.suse.com/pub/suse/ppc/update/7.0/a1/nkitb-2002.11.6-0.ppc.rp m


• SuSE nkitb-2002.11.6-0.src.rpm
  ftp://ftp.suse.com/pub/suse/axp/update/7.0/zq1/nkitb-2002.11.6-0.src.r pm


• SuSE nkitb-2002.11.6-0.src.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/nkitb-2002.11.6-0.src. rpm


• SuSE nkitb-2002.11.6-0.src.rpm
  ftp://ftp.suse.com/pub/suse/ppc/update/7.0/zq1/nkitb-2002.11.6-0.src.r pm


• SuSE traceroute-6.0-0.alpha.rpm
  ftp://ftp.suse.com/pub/suse/axp/update/7.1/n1/traceroute-6.0-0.alpha.r pm


• SuSE traceroute-6.0-0.i386.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/7.1/n1/traceroute-6.0-0.i386.r pm


• SuSE traceroute-6.0-0.ppc.rpm
  ftp://ftp.suse.com/pub/suse/ppc/update/7.1/n1/traceroute-6.0-0.ppc.rpm


• SuSE traceroute-6.0-0.src.rpm
  ftp://ftp.suse.com/pub/suse/axp/update/7.1/zq1/traceroute-6.0-0.src.rp m


• SuSE traceroute-6.0-0.src.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/7.1/zq1/traceroute-6.0-0.src.r pm


• SuSE traceroute-6.0-0.src.rpm
  ftp://ftp.suse.com/pub/suse/ppc/update/7.1/zq1/traceroute-6.0-0.src.rp m

NANOG Traceroute 6.0

• SuSE nkitb-2002.11.6-0.alpha.rpm
  ftp://ftp.suse.com/pub/suse/axp/update/7.0/a1/nkitb-2002.11.6-0.alpha. rpm


• SuSE nkitb-2002.11.6-0.i386.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/7.0/a1/nkitb-2002.11.6-0.i386. rpm


• SuSE nkitb-2002.11.6-0.ppc.rpm
  ftp://ftp.suse.com/pub/suse/ppc/update/7.0/a1/nkitb-2002.11.6-0.ppc.rp m


• SuSE nkitb-2002.11.6-0.src.rpm
  ftp://ftp.suse.com/pub/suse/axp/update/7.0/zq1/nkitb-2002.11.6-0.src.r pm


• SuSE nkitb-2002.11.6-0.src.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/nkitb-2002.11.6-0.src. rpm


• SuSE nkitb-2002.11.6-0.src.rpm
  ftp://ftp.suse.com/pub/suse/ppc/update/7.0/zq1/nkitb-2002.11.6-0.src.r pm


• SuSE traceroute-6.0-0.alpha.rpm
  ftp://ftp.suse.com/pub/suse/axp/update/7.1/n1/traceroute-6.0-0.alpha.r pm


• SuSE traceroute-6.0-0.i386.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/7.1/n1/traceroute-6.0-0.i386.r pm


• SuSE traceroute-6.0-0.ppc.rpm
  ftp://ftp.suse.com/pub/suse/ppc/update/7.1/n1/traceroute-6.0-0.ppc.rpm


• SuSE traceroute-6.0-0.src.rpm
  ftp://ftp.suse.com/pub/suse/axp/update/7.1/zq1/traceroute-6.0-0.src.rp m


• SuSE traceroute-6.0-0.src.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/7.1/zq1/traceroute-6.0-0.src.r pm


• SuSE traceroute-6.0-0.src.rpm
  ftp://ftp.suse.com/pub/suse/ppc/update/7.1/zq1/traceroute-6.0-0.src.rp m

Ehud Gavron TrACESroute 6.1.1

• Debian traceroute-nanog_6.1.1-1.2_alpha.deb
  http://security.debian.org/pool/updates/main/t/traceroute-nanog/tracer oute-nanog_6.1.1-1.2_alpha.deb


• Debian traceroute-nanog_6.1.1-1.2_arm.deb
  http://security.debian.org/pool/updates/main/t/traceroute-nanog/tracer oute-nanog_6.1.1-1.2_arm.deb


• Debian traceroute-nanog_6.1.1-1.2_hppa.deb
  http://security.debian.org/pool/updates/main/t/traceroute-nanog/tracer oute-nanog_6.1.1-1.2_hppa.deb


• Debian traceroute-nanog_6.1.1-1.2_i386.deb
  http://security.debian.org/pool/updates/main/t/traceroute-nanog/tracer oute-nanog_6.1.1-1.2_i386.deb


• Debian traceroute-nanog_6.1.1-1.2_ia64.deb
  http://security.debian.org/pool/updates/main/t/traceroute-nanog/tracer oute-nanog_6.1.1-1.2_ia64.deb


• Debian traceroute-nanog_6.1.1-1.2_m68k.deb
  http://security.debian.org/pool/updates/main/t/traceroute-nanog/tracer oute-nanog_6.1.1-1.2_m68k.deb


• Debian traceroute-nanog_6.1.1-1.2_mips.deb
  http://security.debian.org/pool/updates/main/t/traceroute-nanog/tracer oute-nanog_6.1.1-1.2_mips.deb


• Debian traceroute-nanog_6.1.1-1.2_mipsel.deb
  http://security.debian.org/pool/updates/main/t/traceroute-nanog/tracer oute-nanog_6.1.1-1.2_mipsel.deb


• Debian traceroute-nanog_6.1.1-1.2_powerpc.deb
  http://security.debian.org/pool/updates/main/t/traceroute-nanog/tracer oute-nanog_6.1.1-1.2_powerpc.deb


• Debian traceroute-nanog_6.1.1-1.2_s390.deb
  http://security.debian.org/pool/updates/main/t/traceroute-nanog/tracer oute-nanog_6.1.1-1.2_s390.deb


• Debian traceroute-nanog_6.1.1-1.2_sparc.deb
  http://security.debian.org/pool/updates/main/t/traceroute-nanog/tracer oute-nanog_6.1.1-1.2_sparc.deb


• SuSE traceroute-6.1.1-0.i386.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/7.2/n1/traceroute-6.1.1-0.i386 .rpm


• SuSE traceroute-6.1.1-0.i386.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/7.3/n1/traceroute-6.1.1-0.i386 .rpm


• SuSE traceroute-6.1.1-0.i386.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.0/n1/traceroute-6.1.1-0.i386 .rpm


• SuSE traceroute-6.1.1-0.ppc.rpm
  ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n1/traceroute-6.1.1-0.ppc.r pm


• SuSE traceroute-6.1.1-0.sparc.rpm
  ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n1/traceroute-6.1.1-0.spa rc.rpm


• SuSE traceroute-6.1.1-0.src.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/7.2/zq1/traceroute-6.1.1-0.src .rpm


• SuSE traceroute-6.1.1-0.src.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/7.3/zq1/traceroute-6.1.1-0.src .rpm


• SuSE traceroute-6.1.1-0.src.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/traceroute-6.1.1-0.src .rpm


• SuSE traceroute-6.1.1-0.src.rpm
  ftp://ftp.suse.com/pub/suse/ppc/update/7.3/zq1/traceroute-6.1.1-0.src. rpm


• SuSE traceroute-6.1.1-0.src.rpm
  ftp://ftp.suse.com/pub/suse/sparc/update/7.3/zq1/traceroute-6.1.1-0.sr c.rpm

NANOG Traceroute 6.1.1

• SuSE traceroute-6.1.1-0.i386.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/7.2/n1/traceroute-6.1.1-0.i386 .rpm


• SuSE traceroute-6.1.1-0.i386.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/7.3/n1/traceroute-6.1.1-0.i386 .rpm


• SuSE traceroute-6.1.1-0.i386.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.0/n1/traceroute-6.1.1-0.i386 .rpm


• SuSE traceroute-6.1.1-0.ppc.rpm
  ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n1/traceroute-6.1.1-0.ppc.r pm


• SuSE traceroute-6.1.1-0.sparc.rpm
  ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n1/traceroute-6.1.1-0.spa rc.rpm


• SuSE traceroute-6.1.1-0.src.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/7.2/zq1/traceroute-6.1.1-0.src .rpm


• SuSE traceroute-6.1.1-0.src.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/7.3/zq1/traceroute-6.1.1-0.src .rpm


• SuSE traceroute-6.1.1-0.src.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/traceroute-6.1.1-0.src .rpm


• SuSE traceroute-6.1.1-0.src.rpm
  ftp://ftp.suse.com/pub/suse/ppc/update/7.3/zq1/traceroute-6.1.1-0.src. rpm


• SuSE traceroute-6.1.1-0.src.rpm
  ftp://ftp.suse.com/pub/suse/sparc/update/7.3/zq1/traceroute-6.1.1-0.sr c.rpm