LBNL Traceroute Heap Corruption Vulnerability
BID:1739
Info
LBNL Traceroute Heap Corruption Vulnerability
| Bugtraq ID: | 1739 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Sep 28 2000 12:00AM |
| Updated: | Sep 28 2000 12:00AM |
| Credit: | Discovered by Pekka Savola <[email protected]>. First posted to Bugtraq by Chris Evans <[email protected]> on September 28, 2000. Followups with exploit code posted to Bugtraq by W.H.J.Pinckaers <[email protected]> and Perry Harrin |
| Vulnerable: |
Sun Solaris 2.5.1 LBL traceroute 1.4 a5 |
| Not Vulnerable: |
LBL traceroute 1.4 a7 |
Discussion
LBNL Traceroute Heap Corruption Vulnerability
Traceroute is a well-known network diagnostic tool used for analyzing the path on a network between two hosts. On unix systems, traceroute is typically installed setuid root because of its use of raw sockets. Certain versions of LBNL traceroute are vulnerable to an interesting attack involving freeing of pointers pointing to unallocated memory.
When traceroute is executed with the arguments "-g x -g x", the function "savestr()" is called twice. savestr() does what strdup() does without the extra malloc() call and is used when parsing the hostname or "dotted quad notation" ip address argument to the -g parameter. It uses a block of pre-allocated memory instead of allocating memory itself. After the first instance of "-g" is parsed and savestr() is called, the pointer to the block used by savestr() is unallocated via free(). When the next gateway parameter (-g) is interpreted, savestr() is called again and the user data argument is written to the block of unallocated memory. Like in the first instance, free() is called on the pointer to where the data begins inside the old-buffer of unallocated memory. When free() doesn't find a valid malloc header before the pointer it is passed, traceroute crashes.
What makes this possibly exploitable is that the region of memory to which the pointer points is user-controlled and can be written to with (somewhat) arbitrary data before free() is called. An attacker may be able to construct a malicious malloc() header and carefully stuff it into the first savestr() buffer, so that is there when free() looks for it after the second savestr(). What complicates exploitation of this issue are the functions involved with savestr(), inet_addr() and gethostbyname(), which limit the type of user data that can be put into the buffer (which would need to be binary). If pulled off, however, it may be possible to overwrite aribitrary locations in the heap (such as a function pointer) with arbitrary data.
If successfully exploited this would yield local root access for the attacker.
Traceroute is a well-known network diagnostic tool used for analyzing the path on a network between two hosts. On unix systems, traceroute is typically installed setuid root because of its use of raw sockets. Certain versions of LBNL traceroute are vulnerable to an interesting attack involving freeing of pointers pointing to unallocated memory.
When traceroute is executed with the arguments "-g x -g x", the function "savestr()" is called twice. savestr() does what strdup() does without the extra malloc() call and is used when parsing the hostname or "dotted quad notation" ip address argument to the -g parameter. It uses a block of pre-allocated memory instead of allocating memory itself. After the first instance of "-g" is parsed and savestr() is called, the pointer to the block used by savestr() is unallocated via free(). When the next gateway parameter (-g) is interpreted, savestr() is called again and the user data argument is written to the block of unallocated memory. Like in the first instance, free() is called on the pointer to where the data begins inside the old-buffer of unallocated memory. When free() doesn't find a valid malloc header before the pointer it is passed, traceroute crashes.
What makes this possibly exploitable is that the region of memory to which the pointer points is user-controlled and can be written to with (somewhat) arbitrary data before free() is called. An attacker may be able to construct a malicious malloc() header and carefully stuff it into the first savestr() buffer, so that is there when free() looks for it after the second savestr(). What complicates exploitation of this issue are the functions involved with savestr(), inet_addr() and gethostbyname(), which limit the type of user data that can be put into the buffer (which would need to be binary). If pulled off, however, it may be possible to overwrite aribitrary locations in the heap (such as a function pointer) with arbitrary data.
If successfully exploited this would yield local root access for the attacker.
Exploit / POC
LBNL Traceroute Heap Corruption Vulnerability
dvorak <[email protected]> wrote a working exploit and a detailed description of how it works.
Perry Harrington <[email protected]> also sent proof of concept code to Bugtraq on October 5, 2000.
Michel Kaempf <[email protected]> posted an exploit to Bugtraq on November 6, 2000.
dvorak <[email protected]> wrote a working exploit and a detailed description of how it works.
Perry Harrington <[email protected]> also sent proof of concept code to Bugtraq on October 5, 2000.
Michel Kaempf <[email protected]> posted an exploit to Bugtraq on November 6, 2000.
Solution / Fix
LBNL Traceroute Heap Corruption Vulnerability
Solution:
Mandrake:
You can download the updates directly from:
ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates
ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates
Linux-Mandrake 6.0:
1a4fa31d17673a14a19cc314109fea6f 6.0/RPMS/traceroute-1.4a5-12mdk.i586.rpm
fb516b9873feb5603e50a50575d4044f 6.0/SRPMS/traceroute-1.4a5-12mdk.src.rpm
Linux-Mandrake 6.1:
ff46d392fa729585f04ac4e00e9c55aa 6.1/RPMS/traceroute-1.4a5-12mdk.i586.rpm
fb516b9873feb5603e50a50575d4044f 6.1/SRPMS/traceroute-1.4a5-12mdk.src.rpm
Linux-Mandrake 7.0:
016b778a737cc26eab3b6c59757e135c 7.0/RPMS/traceroute-1.4a5-12mdk.i586.rpm
fb516b9873feb5603e50a50575d4044f 7.0/SRPMS/traceroute-1.4a5-12mdk.src.rpm
Linux-Mandrake 7.1:
956f739b513e353683f7a923ea716d06 7.1/RPMS/traceroute-1.4a5-12mdk.i586.rpm
fb516b9873feb5603e50a50575d4044f 7.1/SRPMS/traceroute-1.4a5-12mdk.src.rpm
Connectiva:
DIRECT DOWNLOAD LINKS TO THE UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/4.0/SRPMS/traceroute-1.4a7-2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.0/i386/traceroute-1.4a7-2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/SRPMS/traceroute-1.4a7-2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/i386/traceroute-1.4a7-2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.1/SRPMS/traceroute-1.4a7-2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.1/i386/traceroute-1.4a7-2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/SRPMS/traceroute-1.4a7-2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/traceroute-1.4a7-2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/traceroute-1.4a7-2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/traceroute-1.4a7-2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/traceroute-1.4a7-2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/traceroute-1.4a7-2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/traceroute-1.4a7-2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/traceroute-1.4a7-2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/traceroute-1.4a7-2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/traceroute-1.4a7-2cl.i386.rpm
Caldera:
OpenLinux Desktop 2.3
Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/
The corresponding source code package can be found at:
ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/SRPMS
Verification
10a0865014f9a7adde15b1273a613672 RPMS/traceroute-1.4a5-9.i386.rpm
9bccc641518d1e2726b61911913006ba SRPMS/traceroute-1.4a5-9.src.rpm
OpenLinux eServer 2.3 and OpenLinux eBuilder for ECential 3.0
Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/
The corresponding source code package can be found at:
ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS
Verification
8f65446f8da688c94d7a1090579b987c RPMS/traceroute-1.4a5-9.i386.rpm
9bccc641518d1e2726b61911913006ba SRPMS/traceroute-1.4a5-9.src.rpm
OpenLinux eDesktop 2.4
Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/
The corresponding source code package can be found at:
ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS
Verification
45cd9ac95771a444ace0e2275789ba11 RPMS/traceroute-1.4a5-9.i386.rpm
9bccc641518d1e2726b61911913006ba SRPMS/traceroute-1.4a5-9.src.rpm
Debian:
Apt: deb http://http.us.debian.org/debian dists/proposed-updates/
Http: http://http.us.debian.org/debian/dists/proposed-updates
fa0c426fa84bf54ec33093bae90c1fdf traceroute_1.4a5-3.diff.gz
4bd7bc9ec1894c75e7ccba51e6a91cc6 traceroute_1.4a5-3.dsc
6b3f20ecb08276c15715ae54ef8be0c7 traceroute_1.4a5-3_alpha.deb
feba02e20848bdfafa6bf7dd9c594eba traceroute_1.4a5-3_i386.deb
fdc5a6ed3cd97067c4b7e1ddf7945287 traceroute_1.4a5-3_m68k.deb
Trustix Secure Linux 1.1 (1.0 users should upgrade to 1.1):
The new packages can be found at:
http://www.trustix.net/download/Trustix/updates/1.1/RPMS/
or:
ftp://ftp.trustix.com/pub/Trustix/updates/1.1/RPMS/
Packages:
* traceroute-1.4a5-18tr.i586.rpm
- Fixes local exploit recently discussed on bugtraq.
Immunix has released security updates for Immunix 6.2:
http://www.immunix.org:8080/ImmunixOS/6.2/updates/RPMS/traceroute-1.4a5-24.6x_StackGuard.i386.rpm
or
http://www.immunix.org:8080/ImmunixOS/6.2/updates/SRPMS/traceroute-1.4a5-24.6x_StackGuard.src.rpm
md5sums of the packages:
cb497c4c15ca728056d5e20d4378a3f0 traceroute-1.4a5-24.6x_StackGuard.i386.rpm
28e3976fde67394f7703d329aedfbe4a traceroute-1.4a5-24.6x_StackGuard.src.rpm
Debian:
Debian GNU/Linux 2.2 (stable) alias potato
- ------------------------------------------
Fixes are currently available for the Alpha, ARM, Intel ia32, Motorola 680x0,
PowerPC and Sun SPARC architectures, and will be included in 2.2r1.
Source archives:
http://security.debian.org/dists/potato/updates/main/source/traceroute_1.4a5-3.diff.gz
MD5 checksum: fa0c426fa84bf54ec33093bae90c1fdf
http://security.debian.org/dists/potato/updates/main/source/traceroute_1.4a5-3.dsc
MD5 checksum: 4bd7bc9ec1894c75e7ccba51e6a91cc6
http://security.debian.org/dists/potato/updates/main/source/traceroute_1.4a5.orig.tar.gz
MD5 checksum: db5724df8d01b6c75aefe704e06e8160
Alpha architecture:
http://security.debian.org/dists/potato/updates/main/binary-alpha/traceroute_1.4a5-3_alpha.deb
MD5 checksum: 6b3f20ecb08276c15715ae54ef8be0c7
ARM architecture:
http://security.debian.org/dists/potato/updates/main/binary-arm/traceroute_1.4a5-3_arm.deb
MD5 checksum: 3e92eb865b388769da00a5cb3297a862
Intel ia32 architecture:
http://security.debian.org/dists/potato/updates/main/binary-i386/traceroute_1.4a5-3_i386.deb
MD5 checksum: feba02e20848bdfafa6bf7dd9c594eba
Motorola 680x0 architecture:
http://security.debian.org/dists/potato/updates/main/binary-m68k/traceroute_1.4a5-3_m68k.deb
MD5 checksum: fdc5a6ed3cd97067c4b7e1ddf7945287
PowerPC architecture:
http://security.debian.org/dists/potato/updates/main/binary-powerpc/traceroute_1.4a5-3_powerpc.deb
MD5 checksum: 3cb1524fccc1eb0e011ec17d2d2a1407
Sun Sparc architecture:
http://security.debian.org/dists/potato/updates/main/binary-sparc/traceroute_1.4a5-3_sparc.deb
MD5 checksum: a9f078c807e52ab1a68bdeba0d364be1
S.u.S.E. Linux:
i386 Intel Platform:
SuSE-7.0
ftp://ftp.suse.com/pub/suse/i386/update/7.0/a1/nkitb-2000.10.4-0.i386.rpm
6c8f713a071a96c287942f880cd5919c
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/nkitb-2000.10.4-0.src.rpm
c01db9ee70a9ac01cba1bace93cfdd16
SuSE-6.4
ftp://ftp.suse.com/pub/suse/i386/update/6.4/a1/nkitb-2000.10.4-0.i386.rpm
321b78de11928a3361edf0a044721383
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/nkitb-2000.10.4-0.src.rpm
61aa9e2e4272606d2bd70828a72c957c
SuSE-6.3
ftp://ftp.suse.com/pub/suse/i386/update/6.3/n1/nkita-2000.10.4-0.i386.rpm
6c5932e4083de6f499e4c77fcadbffc1
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/6.3/zq1/nkita-2000.10.4-0.src.rpm
9debb8804293384057d69254614a1496
SuSE-6.2
ftp://ftp.suse.com/pub/suse/i386/update/6.2/n1/nkita-2000.10.4-0.i386.rpm
49269283c6d39a234f61303b2e918413
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/6.2/zq1/nkita-2000.10.4-0.src.rpm
1cc00eb9b37b37a51fc249db3b51f6e1
SuSE-6.1
ftp://ftp.suse.com/pub/suse/i386/update/6.1/n1/nkita-2000.10.4-0.i386.rpm
2fe1c6d70fcf1272da95f33ad7ad1010
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/6.1/zq1/nkita-2000.10.4-0.src.rpm
74d6f2e623b7fcac1b0881b1bfbe0880
SuSE-6.0
Please use the update packages from the 6.1 distribution.
Sparc Platform:
SuSE-7.0
ftp://ftp.suse.com/pub/suse/sparc/update/7.0/a1/nkitb-2000.10.4-0.sparc.rpm
e9bc3512b6182f540e74308c02d81f65
source rpm:
ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/nkitb-2000.10.4-0.src.rpm
8fba03e9cef63ae076b10fb61c800e39
AXP Alpha Platform:
SuSE-6.4
ftp://ftp.suse.com/pub/suse/axp/update/6.4/a1/nkitb-2000.10.4-0.alpha.rpm
7850969c7b3beaf3fd1ce8b2a9246be0
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/nkitb-2000.10.4-0.src.rpm
6e5a964177b6cf87524119c747f0220b
SuSE-6.3
ftp://ftp.suse.com/pub/suse/axp/update/6.3/n1/nkita-2000.10.4-0.alpha.rpm
6440a6a7da903829cff57a5f8c7cda91
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/6.3/zq1/nkita-2000.10.4-0.src.rpm
53bf05462378c384e8a46f3c6c368c67
PPC Power PC Platform:
SuSE-7.0
ftp://ftp.suse.com/pub/suse/ppc/update/7.0/a1/nkitb-2000.10.5-0.ppc.rpm
407d1c6731228f5d3e9addd108d31224
ftp://ftp.suse.com/pub/suse/ppc/update/7.0/zq1/nkitb-2000.10.5-0.src.rpm
8fba03e9cef63ae076b10fb61c800e39
SuSE-6.4
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/a1/nkitb-2000.10.4-0.ppc.rpm
c432a5b8d37640be6e325ef9603f9cba
source rpm:
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/nkitb-2000.10.4-0.src.rpm
edf24c1989c85616d1caf53872e61f17
TurboLinux:
6.0:
ftp://ftp.turbolinux.com/pub/updates/6.0/traceroute-1.4a7-2.i386.rpm
Solution:
Mandrake:
You can download the updates directly from:
ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates
ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates
Linux-Mandrake 6.0:
1a4fa31d17673a14a19cc314109fea6f 6.0/RPMS/traceroute-1.4a5-12mdk.i586.rpm
fb516b9873feb5603e50a50575d4044f 6.0/SRPMS/traceroute-1.4a5-12mdk.src.rpm
Linux-Mandrake 6.1:
ff46d392fa729585f04ac4e00e9c55aa 6.1/RPMS/traceroute-1.4a5-12mdk.i586.rpm
fb516b9873feb5603e50a50575d4044f 6.1/SRPMS/traceroute-1.4a5-12mdk.src.rpm
Linux-Mandrake 7.0:
016b778a737cc26eab3b6c59757e135c 7.0/RPMS/traceroute-1.4a5-12mdk.i586.rpm
fb516b9873feb5603e50a50575d4044f 7.0/SRPMS/traceroute-1.4a5-12mdk.src.rpm
Linux-Mandrake 7.1:
956f739b513e353683f7a923ea716d06 7.1/RPMS/traceroute-1.4a5-12mdk.i586.rpm
fb516b9873feb5603e50a50575d4044f 7.1/SRPMS/traceroute-1.4a5-12mdk.src.rpm
Connectiva:
DIRECT DOWNLOAD LINKS TO THE UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/4.0/SRPMS/traceroute-1.4a7-2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.0/i386/traceroute-1.4a7-2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/SRPMS/traceroute-1.4a7-2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.0es/i386/traceroute-1.4a7-2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.1/SRPMS/traceroute-1.4a7-2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.1/i386/traceroute-1.4a7-2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/SRPMS/traceroute-1.4a7-2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/traceroute-1.4a7-2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/traceroute-1.4a7-2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/traceroute-1.4a7-2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/traceroute-1.4a7-2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/traceroute-1.4a7-2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/traceroute-1.4a7-2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/traceroute-1.4a7-2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/traceroute-1.4a7-2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/traceroute-1.4a7-2cl.i386.rpm
Caldera:
OpenLinux Desktop 2.3
Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/
The corresponding source code package can be found at:
ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/SRPMS
Verification
10a0865014f9a7adde15b1273a613672 RPMS/traceroute-1.4a5-9.i386.rpm
9bccc641518d1e2726b61911913006ba SRPMS/traceroute-1.4a5-9.src.rpm
OpenLinux eServer 2.3 and OpenLinux eBuilder for ECential 3.0
Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/
The corresponding source code package can be found at:
ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS
Verification
8f65446f8da688c94d7a1090579b987c RPMS/traceroute-1.4a5-9.i386.rpm
9bccc641518d1e2726b61911913006ba SRPMS/traceroute-1.4a5-9.src.rpm
OpenLinux eDesktop 2.4
Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/
The corresponding source code package can be found at:
ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS
Verification
45cd9ac95771a444ace0e2275789ba11 RPMS/traceroute-1.4a5-9.i386.rpm
9bccc641518d1e2726b61911913006ba SRPMS/traceroute-1.4a5-9.src.rpm
Debian:
Apt: deb http://http.us.debian.org/debian dists/proposed-updates/
Http: http://http.us.debian.org/debian/dists/proposed-updates
fa0c426fa84bf54ec33093bae90c1fdf traceroute_1.4a5-3.diff.gz
4bd7bc9ec1894c75e7ccba51e6a91cc6 traceroute_1.4a5-3.dsc
6b3f20ecb08276c15715ae54ef8be0c7 traceroute_1.4a5-3_alpha.deb
feba02e20848bdfafa6bf7dd9c594eba traceroute_1.4a5-3_i386.deb
fdc5a6ed3cd97067c4b7e1ddf7945287 traceroute_1.4a5-3_m68k.deb
Trustix Secure Linux 1.1 (1.0 users should upgrade to 1.1):
The new packages can be found at:
http://www.trustix.net/download/Trustix/updates/1.1/RPMS/
or:
ftp://ftp.trustix.com/pub/Trustix/updates/1.1/RPMS/
Packages:
* traceroute-1.4a5-18tr.i586.rpm
- Fixes local exploit recently discussed on bugtraq.
Immunix has released security updates for Immunix 6.2:
http://www.immunix.org:8080/ImmunixOS/6.2/updates/RPMS/traceroute-1.4a5-24.6x_StackGuard.i386.rpm
or
http://www.immunix.org:8080/ImmunixOS/6.2/updates/SRPMS/traceroute-1.4a5-24.6x_StackGuard.src.rpm
md5sums of the packages:
cb497c4c15ca728056d5e20d4378a3f0 traceroute-1.4a5-24.6x_StackGuard.i386.rpm
28e3976fde67394f7703d329aedfbe4a traceroute-1.4a5-24.6x_StackGuard.src.rpm
Debian:
Debian GNU/Linux 2.2 (stable) alias potato
- ------------------------------------------
Fixes are currently available for the Alpha, ARM, Intel ia32, Motorola 680x0,
PowerPC and Sun SPARC architectures, and will be included in 2.2r1.
Source archives:
http://security.debian.org/dists/potato/updates/main/source/traceroute_1.4a5-3.diff.gz
MD5 checksum: fa0c426fa84bf54ec33093bae90c1fdf
http://security.debian.org/dists/potato/updates/main/source/traceroute_1.4a5-3.dsc
MD5 checksum: 4bd7bc9ec1894c75e7ccba51e6a91cc6
http://security.debian.org/dists/potato/updates/main/source/traceroute_1.4a5.orig.tar.gz
MD5 checksum: db5724df8d01b6c75aefe704e06e8160
Alpha architecture:
http://security.debian.org/dists/potato/updates/main/binary-alpha/traceroute_1.4a5-3_alpha.deb
MD5 checksum: 6b3f20ecb08276c15715ae54ef8be0c7
ARM architecture:
http://security.debian.org/dists/potato/updates/main/binary-arm/traceroute_1.4a5-3_arm.deb
MD5 checksum: 3e92eb865b388769da00a5cb3297a862
Intel ia32 architecture:
http://security.debian.org/dists/potato/updates/main/binary-i386/traceroute_1.4a5-3_i386.deb
MD5 checksum: feba02e20848bdfafa6bf7dd9c594eba
Motorola 680x0 architecture:
http://security.debian.org/dists/potato/updates/main/binary-m68k/traceroute_1.4a5-3_m68k.deb
MD5 checksum: fdc5a6ed3cd97067c4b7e1ddf7945287
PowerPC architecture:
http://security.debian.org/dists/potato/updates/main/binary-powerpc/traceroute_1.4a5-3_powerpc.deb
MD5 checksum: 3cb1524fccc1eb0e011ec17d2d2a1407
Sun Sparc architecture:
http://security.debian.org/dists/potato/updates/main/binary-sparc/traceroute_1.4a5-3_sparc.deb
MD5 checksum: a9f078c807e52ab1a68bdeba0d364be1
S.u.S.E. Linux:
i386 Intel Platform:
SuSE-7.0
ftp://ftp.suse.com/pub/suse/i386/update/7.0/a1/nkitb-2000.10.4-0.i386.rpm
6c8f713a071a96c287942f880cd5919c
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/nkitb-2000.10.4-0.src.rpm
c01db9ee70a9ac01cba1bace93cfdd16
SuSE-6.4
ftp://ftp.suse.com/pub/suse/i386/update/6.4/a1/nkitb-2000.10.4-0.i386.rpm
321b78de11928a3361edf0a044721383
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/nkitb-2000.10.4-0.src.rpm
61aa9e2e4272606d2bd70828a72c957c
SuSE-6.3
ftp://ftp.suse.com/pub/suse/i386/update/6.3/n1/nkita-2000.10.4-0.i386.rpm
6c5932e4083de6f499e4c77fcadbffc1
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/6.3/zq1/nkita-2000.10.4-0.src.rpm
9debb8804293384057d69254614a1496
SuSE-6.2
ftp://ftp.suse.com/pub/suse/i386/update/6.2/n1/nkita-2000.10.4-0.i386.rpm
49269283c6d39a234f61303b2e918413
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/6.2/zq1/nkita-2000.10.4-0.src.rpm
1cc00eb9b37b37a51fc249db3b51f6e1
SuSE-6.1
ftp://ftp.suse.com/pub/suse/i386/update/6.1/n1/nkita-2000.10.4-0.i386.rpm
2fe1c6d70fcf1272da95f33ad7ad1010
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/6.1/zq1/nkita-2000.10.4-0.src.rpm
74d6f2e623b7fcac1b0881b1bfbe0880
SuSE-6.0
Please use the update packages from the 6.1 distribution.
Sparc Platform:
SuSE-7.0
ftp://ftp.suse.com/pub/suse/sparc/update/7.0/a1/nkitb-2000.10.4-0.sparc.rpm
e9bc3512b6182f540e74308c02d81f65
source rpm:
ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/nkitb-2000.10.4-0.src.rpm
8fba03e9cef63ae076b10fb61c800e39
AXP Alpha Platform:
SuSE-6.4
ftp://ftp.suse.com/pub/suse/axp/update/6.4/a1/nkitb-2000.10.4-0.alpha.rpm
7850969c7b3beaf3fd1ce8b2a9246be0
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/nkitb-2000.10.4-0.src.rpm
6e5a964177b6cf87524119c747f0220b
SuSE-6.3
ftp://ftp.suse.com/pub/suse/axp/update/6.3/n1/nkita-2000.10.4-0.alpha.rpm
6440a6a7da903829cff57a5f8c7cda91
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/6.3/zq1/nkita-2000.10.4-0.src.rpm
53bf05462378c384e8a46f3c6c368c67
PPC Power PC Platform:
SuSE-7.0
ftp://ftp.suse.com/pub/suse/ppc/update/7.0/a1/nkitb-2000.10.5-0.ppc.rpm
407d1c6731228f5d3e9addd108d31224
ftp://ftp.suse.com/pub/suse/ppc/update/7.0/zq1/nkitb-2000.10.5-0.src.rpm
8fba03e9cef63ae076b10fb61c800e39
SuSE-6.4
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/a1/nkitb-2000.10.4-0.ppc.rpm
c432a5b8d37640be6e325ef9603f9cba
source rpm:
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/nkitb-2000.10.4-0.src.rpm
edf24c1989c85616d1caf53872e61f17
TurboLinux:
6.0:
ftp://ftp.turbolinux.com/pub/updates/6.0/traceroute-1.4a7-2.i386.rpm
References
LBNL Traceroute Heap Corruption Vulnerability
References:
References:
- LBNL's Network Research Group (Lawrence Berkeley Laboratory)