Summary
This host is installed with Tcptrack and is prone to heap based buffer overflow vulnerability.
Impact
Successful exploitation allows attackers to execute arbitrary code via a long command line argument in the LWRES dissector when processing malformed data or packets.
Impact Level: System/Application
Solution
Upgrade to Tcptrack 1.4.2 or later,
For updates refer to http://www.rhythm.cx/~steve/devel/tcptrack/#gettingit
Insight
The flaw is caused due to error in command line parsing, it is not properly handling long command line argument.
Affected
Tcptrack version prior to 1.4.2
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2011-2903 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities