Summary
The remote host is missing an update to mtr
announced via advisory DSA 124-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20124-1
Insight
The authors of mtr released a new upstream version, noting a non-exploitable buffer overflow in their ChangeLog. Przemyslaw Frasunek, however, found an easy way to exploit this bug, which allows an attacker to gain access to the raw socket, which makes IP spoofing and other malicious network activity possible.
The problem has been fixed by the Debian maintainer in version 0.41-6 for the stable distribution of Debian by backporting the upstream fix and in version 0.48-1 for the testing/unstable distribution.
We recommend that you upgrade your mtr package immediately.
Severity
Classification
-
CVE CVE-2002-0497 -
CVSS Base Score: 2.1
AV:L/AC:L/Au:N/C:N/I:P/A:N
Related Vulnerabilities