Red Hat Bugzilla – Bug 129386
[PATCH] CVE-2002-0497 at mtr possible, but not per default
Last modified: 2015-03-04 20:14:10 EST
Description of problem:
mtr is vulnerable against CVE-2002-0497, but not per default, only
if mtr has 4755/setuid permissions, what is not the Fedora Core
default (that's 0755). But we should also apply that patch, because
maybe admins/users change the permissions of mtr to setuid and then,
mtr is vulnerable for CVE-2002-0497.
CVE-2002-0497: Buffer overflow in mtr 0.46 and earlier, when installed setuid root, allows local users to access a raw socket via
a long MTR_OPTIONS environment variable.
Version-Release number of selected component (if applicable):
I updated a initial patch by SuSE, which is also currently used there
and at PLD.
Use of the patch ;-)
Created attachment 102498 [details]
Well, most users will chmod u+s as like with ping and traceroute,
normal users want to use it. :-)
Please apply the patch and make mtr setuid as ping and traceroute...
Agree with you Daniel, chmod u+s for mtr would be fine, I dunno why it
It is a general rule that we only set suid for a very limited set of
binaries and only if absolutely required and necessary.
And as this example clearly shows, suid is dangerous. ;-)
I'll still apply this patch at least for our development version for
FC3, but suid change won't be done, sorry.
Read ya, Phil