Multiple Vendor mtr Vulnerability

BID:1038

Info

Multiple Vendor mtr Vulnerability

Bugtraq ID: 1038
Class: Boundary Condition Error
CVE:
Remote: No
Local: Yes
Published: Mar 03 2000 12:00AM
Updated: Mar 03 2000 12:00AM
Credit: This vulnerability was posted to the Bugtraq mailing list on March 3, 2000 by Viktor Fougstedt <[email protected]>
Vulnerable: Turbolinux Turbolinux 6.0.2
Turbolinux Turbolinux 4.4
Turbolinux Turbolinux 4.2
Turbolinux Turbolinux 3.5 b2
Matt Kimball and Roger Wolff mtr 0.41
Matt Kimball and Roger Wolff mtr 0.28
Not Vulnerable: Matt Kimball and Roger Wolff mtr 0.42

Discussion

Multiple Vendor mtr Vulnerability

A potential vulnerability exists in the 'mtr' program, by Matt Kimball and Roger Wolff. Versions prior to 0.42 incorrectly dropped privileges on all Unix variants except HPUX. By calling a seteuid(getuid()) call, the authors hoped to drop permissions to prevent the obtaining of root privilege should there be potential vulnerabilities in mtr or a library it depends on. However, due to saved uid semantics, the uid of 0 can be recovered simply by doing a setuid(0). An attacker would only need to find an overflow in one of the libraries mtr uses, such as gtk or curses. In patched versions, the seteuid() call has been changed to setuid(). This will eliminate this potential problem.

It has been suggested that most Linux distributions which include mtr utilize version 0.28. This version is vulnerable. Please consult your distribution website for more information.

Exploit / POC

Multiple Vendor mtr Vulnerability

Exploit available:

Solution / Fix

Multiple Vendor mtr Vulnerability

Solution:
Users of mtr should upgrade to version mtr-0.42 or later. An interim solution may be to remove the setuid bit. This will prevent non-root users from being able to gain any root privileges, although it will affect their use of mtr.

TurboLinux has issued a new package to fix this problem in versions 6.0.2 and prior.

References

Multiple Vendor mtr Vulnerability

References:
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report