多个供应商mtr漏洞

漏洞信息详情

多个供应商mtr漏洞

• CNNVD编号：CNNVD-200003-009
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2000-0172
  
• 漏洞类型：
  
  
  边界条件错误
  
• 发布时间：
  
  2000-03-03
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2005-05-02
  
• 厂        商：
  
  matt_kimball_and_roger_wolff
• 漏洞来源：
  This vulnerability…

mtr程序在尝试放弃特权时只使用一个seteuid调用。本地用户利用此漏洞可以提升根特权。

Users of mtr should upgrade to version mtr-0.42 or later. An interim solution may be to remove the setuid bit. This will prevent non-root users from being able to gain any root privileges, although it will affect their use of mtr.
TurboLinux has issued a new package to fix this problem in versions 6.0.2 and prior.

来源: BID
名称: 1038
链接:http://www.securityfocus.com/bid/1038