Author: JT Smith
The advisory is at LWN.net: “The security problem in the traceroute program as shipped with SuSE
Linux distributions is completely different from the one reported on
security mailing lists a few days ago (`traceroute -g 1 -g 1′) by
Pekka Savola. SuSE distributions do not contain
this particular traceroute implementation.
The problem in our traceroute was discovered independently and reported
to us by H D Moore. The problem in the
implementation of traceroute that we ship is a format string parsing
bug in a routine that can be used to terminate a line in traceroute’s
output to easily embed the program in cgi scripts as used for web
frontends for traceroute.” Here’s an update.
Linux distributions is completely different from the one reported on
security mailing lists a few days ago (`traceroute -g 1 -g 1′) by
Pekka Savola
this particular traceroute implementation.
The problem in our traceroute was discovered independently and reported
to us by H D Moore
implementation of traceroute that we ship is a format string parsing
bug in a routine that can be used to terminate a line in traceroute’s
output to easily embed the program in cgi scripts as used for web
frontends for traceroute.” Here’s an update.
Category:
- Linux
