ID
VAR-E-200311-0086
TITLE
Traceroute Detection Security Tool Remote Format String Vulnerability
Trust: 0.3
DESCRIPTION
A remote format string vulnerability has been discovered in the detecttr.c traceroute detection tool, initially released in Phrack magazine.
The problem occurs due to erroneous usage of the syslog() function, potentially making it prone to format string attacks via malformed hostnames.
Successful exploitation of this issue could allow an attacker to execute arbitrary code on a vulnerable system with the privileges of the user invoking detecttr.
Trust: 0.3
AFFECTED PRODUCTS
vendor: | baldor | model: | detecttr.c | scope: | - | version: | - | Trust: 0.3 |
EXPLOIT
The researchers who discovered this issue have stated that proof of concept code has been made available, however it has not been made publicly available.
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Input Validation Error
Trust: 0.3
CREDITS
This issue was discovered by SnoSoft.
Trust: 0.3
EXTERNAL IDS
db: | BID | id: | 9119 | Trust: 0.3 |
REFERENCES
url: | http://www.phrack.org/show.php?p=51&a=3 | Trust: 0.3 |
SOURCES
db: | BID | id: | 9119 |
LAST UPDATE DATE
2022-07-27T10:04:38.020000+00:00
SOURCES UPDATE DATE
db: | BID | id: | 9119 | date: | 2003-11-27T00:00:00 |
SOURCES RELEASE DATE
db: | BID | id: | 9119 | date: | 2003-11-27T00:00:00 |