Family: Debian Local Security Checks --> Category: infos
[DSA124] DSA-124-1 mtr Vulnerability Scan
Vulnerability Scan Summary
Detailed Explanation for this Vulnerability Test
The authors of mtr released a new upstream version, noting a
non-exploitable buffer overflow in their ChangeLog. Przemyslaw
Frasunek, however, found an easy way to exploit this bug, which allows
a possible hacker to gain access to the raw socket, which makes IP spoofing
and other malicious network activity possible.
The problem has been fixed by the Debian maintainer in version 0.41-6
for the stable distribution of Debian by backporting the upstream fix
and in version 0.48-1 for the testing/unstable distribution.
We recommend that you upgrade your mtr package immediately.
Solution : http://www.debian.org/security/2002/dsa-124
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.