Bugtraq mailing list archives
Re: Nanog traceroute format string exploit.
From: Olaf Kirch <okir () suse de>
Date: Wed, 24 Jul 2002 14:43:11 +0200
On Sun, Jul 21, 2002 at 02:09:24PM +0200, SpaceWalker wrote:
-This exploit will never be used to haxor something because I never saw this traceroute used by default
Well, SuSE has been using Nanog traceroute for ages; at least since 7.0 but probably longer. OTOH, the bug isn't very new either. The nktib package in SuSE Linux 7.0 has a patch for this vulnerability dated 2000/10/03 14:12:43. Finally, let me remark that your exploit has a minor bug in detecting vulnerable versions. Using the attached patch it will properly recognize patched versions of traceroute :) Cheers Olaf -- Olaf Kirch | Anyone who has had to work with X.509 has probably okir () suse de | experienced what can best be described as ---------------+ ISO water torture. -- Peter Gutmann
Attachment:
exp.fix
Description:
Current thread:
- Nanog traceroute format string exploit. SpaceWalker (Jul 22)
- Re: Nanog traceroute format string exploit. Ryan Mansager (Jul 23)
- Re: Nanog traceroute format string exploit. Olaf Kirch (Jul 24)