CVE-2008-2357
Publication date 21 May 2008
Last updated 24 July 2024
Ubuntu priority
Stack-based buffer overflow in the split_redraw function in split.c in mtr before 0.73, when invoked with the -p (aka --split) option, allows remote attackers to execute arbitrary code via a crafted DNS PTR record. NOTE: it could be argued that this is a vulnerability in the ns_name_ntop function in resolv/ns_name.c in glibc and the proper fix should be in glibc; if so, then this should not be treated as a vulnerability in mtr.
Status
Package | Ubuntu Release | Status |
---|---|---|
mtr | 11.04 natty |
Not affected
|
10.10 maverick |
Not affected
|
|
10.04 LTS lucid |
Not affected
|
|
9.10 karmic |
Not affected
|
|
9.04 jaunty |
Not affected
|
|
8.10 intrepid |
Not affected
|
|
8.04 LTS hardy |
Not affected
|
|
7.10 gutsy | Ignored end of life, was needed | |
7.04 feisty | Ignored end of life, was needed | |
6.06 LTS dapper | Ignored end of life |