Debian Security Advisory

mtr -- possible local exploit in mtr

Date Reported:

09 Mar 2000

Affected Packages:

mtr

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2000-0172.

More information:

The version of mtr as distributed in Debian GNU/Linux 2.1 (aka slink) did not drop root privileges correctly. While there are no known exploits it is conceivable that a weakness in gtk or ncurses could be used to exploit this. This has been fixed in version 0.28-1, and we recommend that you upgrade your mtr package.

Fixed in:

Source:: http://security.debian.org/dists/slink/updates/source/mtr_0.28-1.diff.gz; http://security.debian.org/dists/slink/updates/source/mtr_0.28-1.dsc; http://security.debian.org/dists/slink/updates/source/mtr_0.28.orig.tar.gz
alpha:: http://security.debian.org/dists/slink/updates/binary-alpha/mtr_0.28-1_alpha.deb
i386:: http://security.debian.org/dists/slink/updates/binary-i386/mtr_0.28-1_i386.deb
m68k:: http://security.debian.org/dists/slink/updates/binary-m68k/mtr_0.28-1_m68k.deb
sparc:: http://security.debian.org/dists/slink/updates/binary-sparc/mtr_0.28-1_sparc.deb