CVE Vulnerabilities

CVE-2004-1224

Published: Jan 10, 2005 | Modified: Jul 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.6 MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Off-by-one error in the mtr_curses_keyaction function for mtr 0.55 through 0.65 allows local users to hijack raw sockets, as demonstrated using the s keybinding, which leaves a buffer without a NULL terminator.

Affected Software

Name Vendor Start Version End Version
Mtr Mtr 0.55 0.55
Mtr Mtr 0.56 0.56
Mtr Mtr 0.57 0.57
Mtr Mtr 0.58 0.58
Mtr Mtr 0.59 0.59
Mtr Mtr 0.60 0.60
Mtr Mtr 0.61 0.61
Mtr Mtr 0.62 0.62
Mtr Mtr 0.63 0.63
Mtr Mtr 0.64 0.64
Mtr Mtr 0.65 0.65

References