vendor:
Traceroute-nanog
by:
Carl Livitt
7,2
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: Traceroute-nanog
Affected Version From: 6.0
Affected Version To: 6.1.1
Patch Exists: Yes
Related CWE: N/A
CPE: a:traceroute-nanog:traceroute-nanog:6.1.1
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: SuSE 7.1, 7.2, 7.3 & 8.0
2002
Traceroute-nanog Buffer Overflow Vulnerability
A vulnerability has been discovered in Traceroute-nanog. It has been reported that Traceroute-nanog contains a buffer overflow condition. The overflow occurs in the 'get_origin()' function in the 'traceroute.c' file. Due to insufficient bounds checking performed by the whois parser, it may be possible to cause 'get_origin()' to corrupt memory on the system stack. This vulnerability can be exploited by an attacker to gain root privileges on a target host.
Mitigation:
Apply the latest security patches and updates to the Traceroute-nanog application.
