Bugtraq mailing list archives
Re: Potential security problem with mtr - fixed
From: jeffd () EVCOM NET (Jeff Dafoe)
Date: Mon, 6 Mar 2000 10:24:56 -0500
The mtr developers have been contacted on the address supplied with the code, but no reply has been received. The remedy to this problem is very simple: the call to seteuid() should be replaced with a call to setuid(). Apply the following diff to mtr.c in the mtr distribution.
From /usr/doc/mtr/changelog.Debian.gz:
mtr (0.28-1) stable; urgency=high * Security fix for theoretical stack-smash-and-fork attack - s/seteuid/setuid/ in mtr.c
Current thread:
- Re: Potential security problem with mtr, (continued)
- Re: Potential security problem with mtr LaMont Jones (Mar 03)
- Re: Potential security problem with mtr Viktor Fougstedt (Mar 03)
- [RHSA-2000:006-01] New nmh packages available bugzilla () REDHAT COM (Mar 06)
- Microsoft Security Bulletin (MS00-015) Microsoft Product Security (Mar 06)
- @Stake Advisory: Microsoft Office 2000 ClipArt Vulnerablity Weld Pond (Mar 07)
- Re: @Stake Advisory: Microsoft Office 2000 ClipArt Vulnerablity Dustin Miller (Mar 07)
- Re: @Stake Advisory: Microsoft Office 2000 ClipArt Vulnerablity Weld Pond (Mar 08)
- Problem with MacOS 9 Multiple Users and Netware AFP Don Lambert (Mar 03)
- Re: Potential security problem with mtr Rogier Wolff (Mar 03)
- Re: Potential security problem with mtr Viktor Fougstedt (Mar 04)
- Re: Potential security problem with mtr - fixed Jeff Dafoe (Mar 06)
- userv (security boundary tool) 1.0.0 released Ian Jackson (Mar 06)