Matt Kimball And Roger Wolff » MTR : Security Vulnerabilities, CVEs,
Stack-based buffer overflow in the split_redraw function in split.c in mtr before 0.73, when invoked with the -p (aka --split) option, allows remote attackers to execute arbitrary code via a crafted DNS PTR record. NOTE: it could be argued that this is a vulnerability in the ns_name_ntop function in resolv/ns_name.c in glibc and the proper fix should be in glibc; if so, then this should not be treated as a vulnerability in mtr.
Max CVSS
6.8
EPSS Score
12.79%
Published
2008-05-21
Updated
2018-10-11
The mtr program only uses a seteuid call when attempting to drop privileges, which could allow local users to gain root privileges.
Max CVSS
7.2
EPSS Score
0.04%
Published
2000-03-03
Updated
2008-09-10
2 vulnerabilities found