Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2008-2357

Disclosure Date: May 21, 2008
CVE-2008-2357
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Stack-based buffer overflow in the split_redraw function in split.c in mtr before 0.73, when invoked with the -p (aka —split) option, allows remote attackers to execute arbitrary code via a crafted DNS PTR record. NOTE: it could be argued that this is a vulnerability in the ns_name_ntop function in resolv/ns_name.c in glibc and the proper fix should be in glibc; if so, then this should not be treated as a vulnerability in mtr.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • matt kimball and roger wolff

Products

  • mtr,
  • mtr 0.21,
  • mtr 0.22,
  • mtr 0.23,
  • mtr 0.24,
  • mtr 0.25,
  • mtr 0.26,
  • mtr 0.27,
  • mtr 0.28,
  • mtr 0.29,
  • mtr 0.30,
  • mtr 0.31,
  • mtr 0.32,
  • mtr 0.33,
  • mtr 0.34,
  • mtr 0.35,
  • mtr 0.36,
  • mtr 0.37,
  • mtr 0.38,
  • mtr 0.39,
  • mtr 0.40,
  • mtr 0.41,
  • mtr 0.42,
  • mtr 0.43,
  • mtr 0.44,
  • mtr 0.45,
  • mtr 0.46,
  • mtr 0.47,
  • mtr 0.48,
  • mtr 0.49,
  • mtr 0.50,
  • mtr 0.51,
  • mtr 0.52,
  • mtr 0.53,
  • mtr 0.54,
  • mtr 0.55,
  • mtr 0.56,
  • mtr 0.57,
  • mtr 0.58,
  • mtr 0.59,
  • mtr 0.60,
  • mtr 0.61,
  • mtr 0.62,
  • mtr 0.63,
  • mtr 0.64,
  • mtr 0.65,
  • mtr 0.66,
  • mtr 0.67,
  • mtr 0.68,
  • mtr 0.69,
  • mtr 0.70,
  • mtr 0.71

References

Canonical
CVE-2008-2357 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2357)
BID-29290 (http://www.securityfocus.com/bid/29290)
Advisory
SECUNIA-30340 (http://secunia.com/advisories/30340)
SECUNIA-30522 (http://secunia.com/advisories/30522)
20080519 Mtr - remote and local stack overflow - uncomment situation in libresolv. (http://www.securityfocus.com/archive/1/492260/100/0/threaded)
SECUNIA-30312 (http://secunia.com/advisories/30312)
http://www.mandriva.com/security/advisories?name=MDVSA-2008:176
GLSA-200806-01 (http://security.gentoo.org/glsa/glsa-200806-01.xml)
[oss-security] 20080521 Re: CVE request: mtr (http://www.openwall.com/lists/oss-security/2008/05/21/3)
SECUNIA-30967 (http://secunia.com/advisories/30967)
SECUNIA-30359 (http://secunia.com/advisories/30359)
XF-mtr-splitredraw-bo(42535) (https://exchange.xforce.ibmcloud.com/vulnerabilities/42535)
[oss-security] 20080521 Re: CVE request: mtr (http://www.openwall.com/lists/oss-security/2008/05/21/4)
SREASON-3903 (http://securityreason.com/securityalert/3903)
DSA-1587 (http://www.debian.org/security/2008/dsa-1587)
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0175
20080519 Mtr - remote and local stack overflow - uncomment situation in libresolv. (http://seclists.org/fulldisclosure/2008/May/0488.html)
[oss-security] 20080521 Re: CVE request: mtr (http://www.openwall.com/lists/oss-security/2008/05/21/1)
SECTRACK-1020046 (http://www.securitytracker.com/id?1020046)
https://issues.rpath.com/browse/RPL-2558

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis