Debian alert: New NANOG traceroute packages fix buffer overflow

Posted by dave on Feb 27, 2003 5:45 AM EDT
Mailing list
Mail this story
Print this story

A vulnerability has been discovered in NANOG traceroute, an enhanced version of the Van Jacobson/BSD traceroute program. A buffer overflow occurs in the 'get_origin()' function. Due to insufficient bounds checking performed by the whois parser, it may be possible to corrupt memory on the system stack. This vulnerability can be exploited by a remote attacker to gain root privileges on a target host. Though, most probably not in Debian.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 254-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
February 27th, 2003                     http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : traceroute-nanog
Vulnerability  : buffer overflow
Problem-Type   : local, remote
Debian-specific: no
CVE Id         : CAN-2002-1051 CAN-2002-1364 CAN-2002-1386 CAN-2002-1387
BugTraq Id     : 4956 6166 6274 6275

A vulnerability has been discovered in NANOG traceroute, an enhanced
version of the Van Jacobson/BSD traceroute program.  A buffer overflow
occurs in the 'get_origin()' function.  Due to insufficient bounds
checking performed by the whois parser, it may be possible to corrupt
memory on the system stack.  This vulnerability can be exploited by a
remote attacker to gain root privileges on a target host.  Though,
most probably not in Debian.

The Common Vulnerabilities and Exposures (CVE) project additionally
identified the following vulnerabilities which were already fixed in
the Debian version in stable (woody) and oldstable (potato) and are
mentioned here for completeness (and since other distributions had to
release a separate advisory for them):

 * CAN-2002-1364 (BugTraq ID 6166) talks about a buffer overflow in
   the get_origin function which allows attackers to execute arbitrary
   code via long WHOIS responses.

 * CAN-2002-1051 (BugTraq ID 4956) talks about a format string
   vulnerability that allows local users to execute arbitrary code via
   the -T (terminator) command line argument.

 * CAN-2002-1386 talks about a buffer overflow that may allow local
   users to execute arbitrary code via a long hostname argument.

 * CAN-2002-1387 talks about the spray mode that may allow local users
   to overwrite arbitrary memory locations.

Fortunately, the Debian package drops privileges quite early after
startup, so those problems aer not likely to result in an exploit on a
Debian machine.

For the current stable distribution (woody) the above problem has been
fixed in version 6.1.1-1.2.

For the old stable distribution (potato) the above problem has been
fixed in version 6.0-2.2.

For the unstable distribution (sid) these problems have been fixed in
version 6.3.0-1.

We recommend that you upgrade your traceroute-nanog package.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 2.2 alias potato
- ---------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.0-2.2.dsc
      Size/MD5 checksum:      578 c0a65b3b527a4939ceb53195eb67078f
    http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.0-2.2.diff.gz
      Size/MD5 checksum:     6651 74ae0eb419bd8bcbcf3f0f591b1015aa
    http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.0.orig.tar.gz
      Size/MD5 checksum:    27020 39246e5b1d44d6276489d4801c4a7bfb

  Alpha architecture:

    http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.0-2.2_alpha.deb
      Size/MD5 checksum:    23168 67c44d189c1c2c8384e49fda6dc25df1

  ARM architecture:

    http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.0-2.2_arm.deb
      Size/MD5 checksum:    19872 4f9a429c9eb0623e02ebcf226dcfb20a

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.0-2.2_i386.deb
      Size/MD5 checksum:    18588 78445b5c9cbef332d14f22e40dce094b

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.0-2.2_m68k.deb
      Size/MD5 checksum:    17742 a797b9831aee1f5bdca3fa879a39fc34

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.0-2.2_powerpc.deb
      Size/MD5 checksum:    19550 66ccd20f5d062885425531ee141d0cf1

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.0-2.2_sparc.deb
      Size/MD5 checksum:    22154 623a8662411fd9a00fea53688237c60d


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2.dsc
      Size/MD5 checksum:      589 d7eb4bd225e4f2fc16c021776da0c081
    http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2.diff.gz
      Size/MD5 checksum:     6769 fbe2f9d877d77681846838bf7dea67f2
    http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1.orig.tar.gz
      Size/MD5 checksum:    27560 493e77d8cf0e86744668e3efd4622378

  Alpha architecture:

    http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2_alpha.deb
      Size/MD5 checksum:    23882 82ddf32182750bc2fa044a6cf9a85733

  ARM architecture:

    http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2_arm.deb
      Size/MD5 checksum:    20374 e23517c29047740b8d8b0ae7820e10f8

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2_i386.deb
      Size/MD5 checksum:    19068 2be7ec42cc04ffff294a53b3156126d2

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2_ia64.deb
      Size/MD5 checksum:    26644 6c77e2d0deca24c66840705f790bdb80

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2_hppa.deb
      Size/MD5 checksum:    21754 562203dd8680bc949e13af13665a5bf7

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2_m68k.deb
      Size/MD5 checksum:    18360 511b65c864403cdd3837a5f864349244

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2_mips.deb
      Size/MD5 checksum:    21370 67ea3bb02eae05d9036cacd9b2077a04

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2_mipsel.deb
      Size/MD5 checksum:    21414 4d3606016b222a566fc9b9221b1cf7e5

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2_powerpc.deb
      Size/MD5 checksum:    20320 378a7f4eaf2b14f30d8d1e97d5562bdc

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2_s390.deb
      Size/MD5 checksum:    20286 3433605f96800f3028330cac370018e8

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2_sparc.deb
      Size/MD5 checksum:    23038 2785266b4cd3c7c14ebd50be2095dcf4


  These files will probably be moved into the stable distribution on
  its next revision.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+XiSmW5ql+IAeqTIRAuBVAJ4wD49UQDjRvcjuOnzT55L+BnaNXwCfUPJy
YCOgofHyztNcLhtupoodmeM=
=Pj9M
-----END PGP SIGNATURE-----


  Nav
» Read more about: Story Type: Security; Groups: Debian

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.