Show plain JSON{"id": "CVE-2008-2357", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2008-05-21T13:24:00.000", "references": [{"url": "ftp://ftp.bitwizard.nl/mtr/mtr-0.73.diff", "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html", "source": "cve@mitre.org"}, {"url": "http://seclists.org/fulldisclosure/2008/May/0488.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/30312", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/30340", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/30359", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/30522", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/30967", "source": "cve@mitre.org"}, {"url": "http://security.gentoo.org/glsa/glsa-200806-01.xml", "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/3903", "source": "cve@mitre.org"}, {"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0175", "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2008/dsa-1587", "source": "cve@mitre.org"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:176", "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2008/05/21/1", "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2008/05/21/3", "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2008/05/21/4", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/492260/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/29290", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1020046", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42535", "source": "cve@mitre.org"}, {"url": "https://issues.rpath.com/browse/RPL-2558", "source": "cve@mitre.org"}, {"url": "ftp://ftp.bitwizard.nl/mtr/mtr-0.73.diff", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/fulldisclosure/2008/May/0488.html", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/30312", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/30340", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/30359", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/30522", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/30967", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://security.gentoo.org/glsa/glsa-200806-01.xml", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securityreason.com/securityalert/3903", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0175", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.debian.org/security/2008/dsa-1587", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:176", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2008/05/21/1", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2008/05/21/3", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2008/05/21/4", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/492260/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/29290", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id?1020046", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42535", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://issues.rpath.com/browse/RPL-2558", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the split_redraw function in split.c in mtr before 0.73, when invoked with the -p (aka --split) option, allows remote attackers to execute arbitrary code via a crafted DNS PTR record. NOTE: it could be argued that this is a vulnerability in the ns_name_ntop function in resolv/ns_name.c in glibc and the proper fix should be in glibc; if so, then this should not be treated as a vulnerability in mtr."}, {"lang": "es", "value": "Desbordamiento de B\u00fafer basado en pila de la funci\u00f3n spot_redraw en split.c de mtr versiones anteriores a la 0.73, cuando se realiza una llamada a la funci\u00f3n con la opci\u00f3n \u2013p (tambi\u00e9n conocida como --split), permite a atacantes remotos ejecutar c\u00f3digo arbitrariamente a trav\u00e9s de registros DNS PTR manipulados. NOTA: es discutible que esta es una vulnerabilidad de la funci\u00f3n _name_ntop en resolv/ns_name.c de glibc cuyo parche correspondiente estar\u00eda en glibc; si as\u00ed fuera, entonces esto no deber\u00eda tratarse como una vulnerabilidad de mtr."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03F4DF3D-5E0D-4D68-B462-30308E5E13A1", "versionEndIncluding": "0.72"}, {"criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.21:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F7853B18-8111-4D6E-9A80-AB7AAB1D66AC"}, {"criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.22:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E9ED651-D6AC-4948-9F02-D5E20F00F0B6"}, {"criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.23:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D1F6687-B716-4858-BE73-026BE69A0BFA"}, {"criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.24:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1FA88B7-0254-463D-8F53-06E3D0F94019"}, {"criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.25:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B06FCDB-68D7-4A90-9B9D-E68C1988AE65"}, {"criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.26:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "71958EE1-4E50-4D48-A44A-9BBDBC51BCFA"}, {"criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.27:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20EA1E63-4547-4341-8823-2150F1BDA9C2"}, {"criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.28:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "374B0A57-7231-403F-B339-1F0E8051E62E"}, {"criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.29:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42F67AEF-6500-4C93-94AA-996AAB9D7A85"}, {"criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.30:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8024A2B3-3F77-4090-91F7-F3D1F36C07B4"}, {"criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.31:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0171C37E-345A-4934-92FB-7527AAF0F737"}, {"criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.32:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2645AD6F-4219-42A1-AF41-D3DF3E00EC3D"}, {"criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.33:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ECBB8635-988E-4C10-B48D-F01DD480D2EA"}, {"criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.34:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C505F066-86C8-433D-BCEE-FBCC420F6B45"}, {"criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.35:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12E9959F-11DD-4AA2-960A-505486E313A1"}, {"criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.36:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "102D8451-F90A-4DCF-BD67-D80EECBF6204"}, {"criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.37:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "04EE1273-A619-4101-8998-5B93B89D0E04"}, {"criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.38:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0AF1F3A1-6078-413A-BCE1-6586AE39D0BE"}, {"criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.39:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EFE66E77-0054-44C5-93F8-F156C02F32C6"}, {"criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.40:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "15895BE3-0E68-4BDD-9F91-E5CD0F889AAF"}, {"criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.41:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CED7EB1A-43A1-40C8-BA1C-AE826986E89A"}, {"criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.42:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC8D031C-EF4D-4909-AFB2-B388B463234D"}, {"criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.43:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3CCD558-3EB8-4541-8854-CFFE1BCE4A61"}, {"criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.44:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "246C99CD-B83C-4918-8283-840CE0930ED6"}, {"criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.45:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F65329B-2CA9-483E-BD78-EF0EFEF6FBE0"}, {"criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.46:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "167DDB18-E0FF-4FE0-9070-CBEEF4D00AF6"}, {"criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.47:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6585D8B7-3BD9-4577-878D-5140C6EAD16D"}, {"criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.48:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F2B7CF7-11D0-42EC-908E-3AD686F918BF"}, {"criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.49:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE6AFE6B-BAE2-43A0-A969-08A0D19CA3C3"}, {"criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.50:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9E93793-1883-4562-90AC-F054FC71F7E0"}, {"criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.51:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A1624E70-8A0F-423A-8205-7C27260C9278"}, {"criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.52:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E7AEC9D-210E-45D5-92E9-76502A4088F0"}, {"criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.53:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "378C925D-E6B2-4569-825F-1F02A1C53E17"}, {"criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.54:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BFBDD8C1-A741-479F-A521-B5E990C83C93"}, {"criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.55:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A36351D6-635F-470C-B32A-AC0D81E4F6A5"}, {"criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.56:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11C682D2-8708-449C-A195-72D609B55462"}, {"criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.57:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7EA9A3EE-3CC8-4154-AC61-DC92B2213C6C"}, {"criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.58:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44DFA818-A31A-4D1F-8583-3BF9A8DBDE5D"}, {"criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.59:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D99B8176-7A2D-4DF6-B9EF-9F6A681BCE66"}, {"criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.60:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE1F33CC-1F45-439A-B082-639A1E4F8EC9"}, {"criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.61:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88E62548-9BC1-48B4-A6DC-CAF5E5802298"}, {"criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.62:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3D7D899-02F5-4D56-875D-56252BA6228B"}, {"criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.63:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5322BE5-43B4-48DA-826A-C82F78F4DE07"}, {"criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.64:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "34BAFF2F-A106-47A6-8C9D-A5E0AB0F9320"}, {"criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.65:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6AA9702E-52A5-4AC3-B30B-CACEED6456F6"}, {"criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.66:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BFADC518-86EB-45EB-A65A-5065CF2984BE"}, {"criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.67:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD3AA825-EC60-4B24-92B8-E5CB47460E94"}, {"criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.68:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9FE1CCC-214B-421D-8A10-039BDDFB36CF"}, {"criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.69:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D480960D-56DF-4CD9-B088-54F5AD2EC3BA"}, {"criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.70:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D5570E29-C4CE-4161-A91B-98D3CE63BA40"}, {"criteria": "cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.71:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2CBB23A6-F7D8-482E-9411-BF152F68CBFF"}], "operator": "OR"}]}], "vendorComments": [{"comment": "This issue does not affect the versions of mtr as shipped with Red Hat Enterprise Linux 4 or 5.\n\nFor Red Hat Enterprise Linux 2.1 and 3, this issue can only be exploited if an attacker can convince victim to use mtr to trace path to or via the IP, for which an attacker controls PTR DNS records. Additionally, the victim must run mtr in "split mode" by providing -p or --split\ncommand line options. The Red Hat Security Response Team has therefore rated this issue as having low security impact, a future update may address this flaw.", "lastModified": "2008-06-25T00:00:00", "organization": "Red Hat"}], "sourceIdentifier": "cve@mitre.org"}