by Mtr
CVEs (4)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2000-0172 | 0.03 | — | 0.00 | Mar 3, 2000 | The mtr program only uses a seteuid call when attempting to drop privileges, which could allow local users to gain root privileges. | ||
| CVE-2008-2357 | 0.01 | — | 0.08 | May 21, 2008 | Stack-based buffer overflow in the split_redraw function in split.c in mtr before 0.73, when invoked with the -p (aka --split) option, allows remote attackers to execute arbitrary code via a crafted DNS PTR record. NOTE: it could be argued that this is a vulnerability in the ns_name_ntop function in resolv/ns_name.c in glibc and the proper fix should be in glibc; if so, then this should not be treated as a vulnerability in mtr. | ||
| CVE-2004-1224 | 0.00 | — | 0.00 | Jan 10, 2005 | Off-by-one error in the mtr_curses_keyaction function for mtr 0.55 through 0.65 allows local users to hijack raw sockets, as demonstrated using the "s" keybinding, which leaves a buffer without a NULL terminator. | ||
| CVE-2002-0497 | 0.00 | — | 0.00 | Aug 12, 2002 | Buffer overflow in mtr 0.46 and earlier, when installed setuid root, allows local users to access a raw socket via a long MTR_OPTIONS environment variable. |