Re: Potential security problem with mtr - fixed

From: Jeff Dafoe (jeffdat_private)
Date: Mon Mar 06 2000 - 07:24:56 PST

Next message: Peter Heath: "NT Roaming Profiles blocked by NAV 7.x for Corp. Edition"

Previous message: Kuji: "Pocsag remote access to client can't be disabled."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> The mtr developers have been contacted on the address supplied with
> the code, but no reply has been received.
>
> The remedy to this problem is very simple: the call to seteuid()
> should be replaced with a call to setuid(). Apply the following
> diff to mtr.c
> in the mtr distribution.


>From /usr/doc/mtr/changelog.Debian.gz:

mtr (0.28-1) stable; urgency=high

  * Security fix for theoretical stack-smash-and-fork attack -
    s/seteuid/setuid/ in mtr.c

Next message: Peter Heath: "NT Roaming Profiles blocked by NAV 7.x for Corp. Edition"
Previous message: Kuji: "Pocsag remote access to client can't be disabled."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:38:55 PDT