[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Solaris 10 /usr/sbin/traceroute vulnerabilities

To: bugtraq@xxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Solaris 10 /usr/sbin/traceroute vulnerabilities
From: Przemyslaw Frasunek <venglin@xxxxxxxxxxxxxxxxx>
Date: Fri, 24 Jun 2005 17:44:18 +0200

Przemyslaw Frasunek napisał(a):
> Another vulnerability is heap corruption after malformed -s argument:

I've forgotten to provide an example:

atari:root:/home/venglin# traceroute -s 1.1.1.1. 127.0.0.1
traceroute: 4.0.0.0 is an invalid IPv4 source address
Segmentation fault (core dumped)

-- 
* Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NICHDL: PMF9-RIPE *
* JID: venglin@xxxxxxxxxxxxxxx ** PGP ID: 2578FCAD ** HAM-RADIO: SQ8JIV *
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Solaris 10 /usr/sbin/traceroute vulnerabilities
  - From: Przemyslaw Frasunek

Prev by Date: [Full-disclosure] Solaris 10 /usr/sbin/traceroute vulnerabilities
Next by Date: Re: [Full-disclosure] Solaris 10 /usr/sbin/traceroute vulnerabilities
Previous by thread: [Full-disclosure] Solaris 10 /usr/sbin/traceroute vulnerabilities
Next by thread: Re: [Full-disclosure] Solaris 10 /usr/sbin/traceroute vulnerabilities
Index(es):
- Date
- Thread