[14186] in bugtraq
Re: Potential security problem with mtr
daemon@ATHENA.MIT.EDU (Viktor Fougstedt)
Tue Mar 7 08:32:56 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.GSO.4.10.10003042103240.6623-100000@palver.dtek.chalmers.se>
Date: Sat, 4 Mar 2000 21:13:03 +0100
Reply-To: Viktor Fougstedt <viktor@DTEK.CHALMERS.SE>
From: Viktor Fougstedt <viktor@DTEK.CHALMERS.SE>
X-To: Rogier Wolff <R.E.Wolff@BitWizard.nl>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <200003032340.AAA11983@cave.bitwizard.nl>
On Sat, 4 Mar 2000, Rogier Wolff wrote:
> Viktor Fougstedt wrote:
> > mtr-0.28 seems to be a standard package in some Linux distributions,
> > but it is not known whether it is installed setuid-root.
>
> 0.41 is current.
0.41 was the version I tried. I'm sorry I didn't make that
clearer. The mentioning of 0.28 comes from the fact that that is the
version distributed with Debian. 0.41 has the same problem, though.
> > The authors have been contacted, but no reply has been received. The
> > latest version is from Aug 19 1999, and I am uncertain whether mtr is
> > still being actively developed.
>
> I'm the maintainer. I haven't been contacted. Viktor, may I ask you to
> do your homework a bit better next time?
You may certainly. According to the file AUTHORS in the 0.41
distribution, bug reports should be sent to the mtr mailing list. And
the file README in the same tarball gives this address as
mtr@lists.xmission.com. I sent a message to that address on Wed, 2 Feb
2000 20:13:40 +0100. I received no response to that mail. If this was
not the correct address, may I ask that the information in the AUTHORS
and README files be updated to contain correct information?
/Viktor...
--| Viktor Fougstedt, system administrator at dtek.chalmers.se |--
--| http://www.dtek.chalmers.se/~viktor/ |--
--| ...soon we'll be sliding down the razor blade of life. /Tom Lehrer |--
