October 17, 2000

Security update to traceroute

Author: JT Smith

The advisory is at LWN.net: "The security problem in the traceroute program as shipped with SuSE
Linux distributions is completely different from the one reported on
security mailing lists a few days ago (`traceroute -g 1 -g 1') by
Pekka Savola . SuSE distributions do not contain
this particular traceroute implementation.
The problem in our traceroute was discovered independently and reported
to us by H D Moore . The problem in the
implementation of traceroute that we ship is a format string parsing
bug in a routine that can be used to terminate a line in traceroute's
output to easily embed the program in cgi scripts as used for web
frontends for traceroute." Here's an update.


  • Linux
Click Here!