Format string vulnerability in TrACESroute 6.0 GOLD (aka NANOG traceroute) allows local users to execute arbitrary code via the -T (terminator) command line argument.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Tracesroute | Ehud_gavron | 6.0 (including) | 6.0 (including) |
| Tracesroute | Ehud_gavron | 6.1 (including) | 6.1 (including) |
| Tracesroute | Ehud_gavron | 6.1.1 (including) | 6.1.1 (including) |
References
- http://archives.neohapsis.com/archives/bugtraq/2002-06/0040.html
- http://archives.neohapsis.com/archives/bugtraq/2002-07/0254.html
- http://marc.info/?l=bugtraq\u0026m=102737546927749\u0026w=2
- http://marc.info/?l=bugtraq\u0026m=102753136231920\u0026w=2
- http://www.iss.net/security_center/static/9291.php
- http://www.novell.com/linux/security/advisories/2000_041_traceroute_txt.html
- http://www.securityfocus.com/bid/4956
- http://archives.neohapsis.com/archives/bugtraq/2002-06/0040.html
- http://archives.neohapsis.com/archives/bugtraq/2002-07/0254.html
- http://marc.info/?l=bugtraq\u0026m=102737546927749\u0026w=2
- http://marc.info/?l=bugtraq\u0026m=102753136231920\u0026w=2
- http://www.iss.net/security_center/static/9291.php
- http://www.novell.com/linux/security/advisories/2000_041_traceroute_txt.html
- http://www.securityfocus.com/bid/4956