Re: traceroute vulnerability?

Subject: Re: traceroute vulnerability?
From: Charles Stevenson (csteven@terraplex.com)
Date: Mon Oct 23 2000 - 17:29:57 MDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Pete Peters: "RE: Distribution Comparison"
• Previous message: F. C.: "FTP Secret"
• In reply to: Nathaniel Irons: "traceroute vulnerability?"
• Reply: Charles Stevenson: "Re: traceroute vulnerability?"

You can `rpm --rebuild` the Red Hat 7 source rpm if you are concerned. Although
the likelyhood of a person having local access to your machine and enough
power pc assembly and buffer overflow knowledge to exploit it is probably zero
to none. It will be updated with YDL 2.0.

We do keep a good eye on securityfocus.com's bugtraq :)

Regards,
Chales

On this day, Mon, 23 Oct 2000, Nathaniel Irons wrote:
> LWN has been talking about a possible local root exploit for
> traceroute since early October.
>
> <http://lwn.net/2000/1019/security.php3#traceroute>
> <http://listserv.securityportal.com/SCRIPTS/WA-SECURITYPORTAL.EXE?A2=ind0009&L=LINUX-SECURITY&P=R5573>
>
> YDL's traceroute (1.4b5) appears to be vulnerable. Any word on an
> update?
>
> -nat

-- 
  Terra Soft Solutions, Inc.
  http://www.terrasoftsolutions.com
  Yellow Dog Linux
  http://www.yellowdoglinux.com
  Black Lab Linux
  http://www.blacklablinux.com

• Next message: Pete Peters: "RE: Distribution Comparison"
• Previous message: F. C.: "FTP Secret"
• In reply to: Nathaniel Irons: "traceroute vulnerability?"
• Reply: Charles Stevenson: "Re: traceroute vulnerability?"

This archive was generated by hypermail 2a24 : Mon Oct 23 2000 - 17:45:28 MDT