[14194] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Potential security problem with mtr - fixed

daemon@ATHENA.MIT.EDU (Jeff Dafoe)
Tue Mar 7 10:04:03 2000

Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id:  <NDBBIOPEKLHMHCDKLPLPAEGPCIAA.jeffd@evcom.net>
Date:         Mon, 6 Mar 2000 10:24:56 -0500
Reply-To: Jeff Dafoe <jeffd@EVCOM.NET>
From: Jeff Dafoe <jeffd@EVCOM.NET>
X-To:         Viktor Fougstedt <viktor@DTEK.CHALMERS.SE>,
              BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To:  <Pine.GSO.4.10.10002142004440.13991-100000@demen.dtek.chalmers.se>

> The mtr developers have been contacted on the address supplied with
> the code, but no reply has been received.
>
> The remedy to this problem is very simple: the call to seteuid()
> should be replaced with a call to setuid(). Apply the following
> diff to mtr.c
> in the mtr distribution.


From /usr/doc/mtr/changelog.Debian.gz:

mtr (0.28-1) stable; urgency=high

  * Security fix for theoretical stack-smash-and-fork attack -
    s/seteuid/setuid/ in mtr.c


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[14194] in bugtraq

Re: Potential security problem with mtr - fixed

daemon@ATHENA.MIT.EDU (Jeff Dafoe)Tue Mar 7 10:04:03 2000

daemon@ATHENA.MIT.EDU (Jeff Dafoe)
Tue Mar 7 10:04:03 2000