Bug 129386 - [PATCH] CVE-2002-0497 at mtr possible, but not per default
[PATCH] CVE-2002-0497 at mtr possible, but not per default
Product: Fedora
Classification: Fedora
Component: mtr (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Phil Knirsch
: Patch
Depends On:
Blocks: 134540
  Show dependency treegraph
Reported: 2004-08-07 10:55 EDT by Robert Scheck
Modified: 2015-03-04 20:14 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-10-06 10:45:43 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
mtr-0.54-CVE-2002-0497.patch (12.51 KB, patch)
2004-08-07 10:56 EDT, Robert Scheck
no flags Details | Diff

  None (edit)
Description Robert Scheck 2004-08-07 10:55:31 EDT
Description of problem:
mtr is vulnerable against CVE-2002-0497, but not per default, only 
if mtr has 4755/setuid permissions, what is not the Fedora Core 
default (that's 0755). But we should also apply that patch, because 
maybe admins/users change the permissions of mtr to setuid and then, 
mtr is vulnerable for CVE-2002-0497.

CVE-2002-0497: Buffer overflow in mtr 0.46 and earlier, when installed setuid root, allows local users to access a raw socket via 
a long MTR_OPTIONS environment variable. 

Version-Release number of selected component (if applicable):

Actual results:
I updated a initial patch by SuSE, which is also currently used there
and at PLD.

Expected results:
Use of the patch ;-)
Comment 1 Robert Scheck 2004-08-07 10:56:10 EDT
Created attachment 102498 [details]
Comment 2 Daniel Roesen 2004-10-04 09:15:10 EDT
Well, most users will chmod u+s as like with ping and traceroute,
normal users want to use it. :-)

Please apply the patch and make mtr setuid as ping and traceroute...
Comment 3 Robert Scheck 2004-10-05 03:24:56 EDT
Agree with you Daniel, chmod u+s for mtr would be fine, I dunno why it 
was removed....
Comment 4 Phil Knirsch 2004-10-06 10:45:43 EDT
It is a general rule that we only set suid for a very limited set of
binaries and only if absolutely required and necessary.

And as this example clearly shows, suid is dangerous. ;-)

I'll still apply this patch at least for our development version for
FC3, but suid change won't be done, sorry.

Read ya, Phil

Note You need to log in before you can comment on or make changes to this bug.