CVE-2008-2357
published 2008-05-21CVE-2008-2357: Stack-based buffer overflow in the split_redraw function in split.c in mtr before 0.73, when invoked with the -p (aka --split) option, allows remote attackers…
PriorityP340medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
4.71%
90.7th percentile
Stack-based buffer overflow in the split_redraw function in split.c in mtr before 0.73, when invoked with the -p (aka --split) option, allows remote attackers to execute arbitrary code via a crafted DNS PTR record. NOTE: it could be argued that this is a vulnerability in the ns_name_ntop function in resolv/ns_name.c in glibc and the proper fix should be in glibc; if so, then this should not be treated as a vulnerability in mtr.
Affected
57 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | mtr | < mtr 0.73-1 (bookworm) | mtr 0.73-1 (bookworm) |
| matt_kimball_and_roger_wolff | mtr | <= 0.72 | — |
| matt_kimball_and_roger_wolff | mtr | — | — |
| matt_kimball_and_roger_wolff | mtr | — | — |
| matt_kimball_and_roger_wolff | mtr | — | — |
| matt_kimball_and_roger_wolff | mtr | — | — |
| matt_kimball_and_roger_wolff | mtr | — | — |
| matt_kimball_and_roger_wolff | mtr | — | — |
| matt_kimball_and_roger_wolff | mtr | — | — |
| matt_kimball_and_roger_wolff | mtr | — | — |
| matt_kimball_and_roger_wolff | mtr | — | — |
| matt_kimball_and_roger_wolff | mtr | — | — |
| matt_kimball_and_roger_wolff | mtr | — | — |
| matt_kimball_and_roger_wolff | mtr | — | — |
| matt_kimball_and_roger_wolff | mtr | — | — |
| matt_kimball_and_roger_wolff | mtr | — | — |
| matt_kimball_and_roger_wolff | mtr | — | — |
| matt_kimball_and_roger_wolff | mtr | — | — |
| matt_kimball_and_roger_wolff | mtr | — | — |
| matt_kimball_and_roger_wolff | mtr | — | — |
| matt_kimball_and_roger_wolff | mtr | — | — |
| matt_kimball_and_roger_wolff | mtr | — | — |
| matt_kimball_and_roger_wolff | mtr | — | — |
| matt_kimball_and_roger_wolff | mtr | — | — |
| matt_kimball_and_roger_wolff | mtr | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8MEDIUM
vendor_redhat6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7mph-p784-2x2p: Stack-based buffer overflow in the split_redraw function in split
ghsa_unreviewed·2022-05-03
CVE-2008-2357 [MEDIUM] CWE-119 GHSA-7mph-p784-2x2p: Stack-based buffer overflow in the split_redraw function in split
Stack-based buffer overflow in the split_redraw function in split.c in mtr before 0.73, when invoked with the -p (aka --split) option, allows remote attackers to execute arbitrary code via a crafted DNS PTR record. NOTE: it could be argued that this is a vulnerability in the ns_name_ntop function in resolv/ns_name.c in glibc and the proper fix should be in glibc; if so, then this should not be treated as a vulnerability in mtr.
OSV
CVE-2008-2357: Stack-based buffer overflow in the split_redraw function in split
osv·2008-05-21·CVSS 6.8
CVE-2008-2357 [MEDIUM] CVE-2008-2357: Stack-based buffer overflow in the split_redraw function in split
Stack-based buffer overflow in the split_redraw function in split.c in mtr before 0.73, when invoked with the -p (aka --split) option, allows remote attackers to execute arbitrary code via a crafted DNS PTR record. NOTE: it could be argued that this is a vulnerability in the ns_name_ntop function in resolv/ns_name.c in glibc and the proper fix should be in glibc; if so, then this should not be treated as a vulnerability in mtr.
Red Hat
mtr: stack buffer overflow triggerable by long DNS name
vendor_redhat·2008-05-19·CVSS 6.8
CVE-2008-2357 [MEDIUM] CWE-121 mtr: stack buffer overflow triggerable by long DNS name
mtr: stack buffer overflow triggerable by long DNS name
Stack-based buffer overflow in the split_redraw function in split.c in mtr before 0.73, when invoked with the -p (aka --split) option, allows remote attackers to execute arbitrary code via a crafted DNS PTR record. NOTE: it could be argued that this is a vulnerability in the ns_name_ntop function in resolv/ns_name.c in glibc and the proper fix should be in glibc; if so, then this should not be treated as a vulnerability in mtr.
Statement: This issue does not affect the versions of mtr as shipped with Red Hat Enterprise Linux 4 or 5.
For Red Hat Enterprise Linux 2.1 and 3, this issue can only be exploited if an attacker can convince victim to use mtr to trace path to or via the IP, for which an attacker controls PTR DNS records. Addi
Debian
CVE-2008-2357: mtr - Stack-based buffer overflow in the split_redraw function in split.c in mtr befor...
vendor_debian·2008·CVSS 6.8
CVE-2008-2357 [MEDIUM] CVE-2008-2357: mtr - Stack-based buffer overflow in the split_redraw function in split.c in mtr befor...
Stack-based buffer overflow in the split_redraw function in split.c in mtr before 0.73, when invoked with the -p (aka --split) option, allows remote attackers to execute arbitrary code via a crafted DNS PTR record. NOTE: it could be argued that this is a vulnerability in the ns_name_ntop function in resolv/ns_name.c in glibc and the proper fix should be in glibc; if so, then this should not be treated as a vulnerability in mtr.
Scope: local
bookworm: resolved (fixed in 0.73-1)
bullseye: resolved (fixed in 0.73-1)
forky: resolved (fixed in 0.73-1)
sid: resolved (fixed in 0.73-1)
trixie: resolved (fixed in 0.73-1)
No detection rules found.
No public exploits indexed.
ftp://ftp.bitwizard.nl/mtr/mtr-0.73.diffhttp://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.htmlhttp://seclists.org/fulldisclosure/2008/May/0488.htmlhttp://secunia.com/advisories/30312http://secunia.com/advisories/30340http://secunia.com/advisories/30359http://secunia.com/advisories/30522http://secunia.com/advisories/30967http://security.gentoo.org/glsa/glsa-200806-01.xmlhttp://securityreason.com/securityalert/3903http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0175http://www.debian.org/security/2008/dsa-1587http://www.mandriva.com/security/advisories?name=MDVSA-2008:176http://www.openwall.com/lists/oss-security/2008/05/21/1http://www.openwall.com/lists/oss-security/2008/05/21/3http://www.openwall.com/lists/oss-security/2008/05/21/4http://www.securityfocus.com/archive/1/492260/100/0/threadedhttp://www.securityfocus.com/bid/29290http://www.securitytracker.com/id?1020046https://exchange.xforce.ibmcloud.com/vulnerabilities/42535https://issues.rpath.com/browse/RPL-2558ftp://ftp.bitwizard.nl/mtr/mtr-0.73.diffhttp://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.htmlhttp://seclists.org/fulldisclosure/2008/May/0488.htmlhttp://secunia.com/advisories/30312http://secunia.com/advisories/30340http://secunia.com/advisories/30359http://secunia.com/advisories/30522http://secunia.com/advisories/30967http://security.gentoo.org/glsa/glsa-200806-01.xmlhttp://securityreason.com/securityalert/3903http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0175http://www.debian.org/security/2008/dsa-1587http://www.mandriva.com/security/advisories?name=MDVSA-2008:176http://www.openwall.com/lists/oss-security/2008/05/21/1http://www.openwall.com/lists/oss-security/2008/05/21/3http://www.openwall.com/lists/oss-security/2008/05/21/4http://www.securityfocus.com/archive/1/492260/100/0/threadedhttp://www.securityfocus.com/bid/29290http://www.securitytracker.com/id?1020046https://exchange.xforce.ibmcloud.com/vulnerabilities/42535https://issues.rpath.com/browse/RPL-2558
2008-05-21
Published