Details of VAR-200212-0651

ID

VAR-200212-0651

CVE

CVE-2002-1364

TITLE

Traceroute-nanog Local Buffer Overflow Vulnerability

Trust: 0.9

sources: BID: 6166 // CNNVD: CNNVD-200212-046

DESCRIPTION

Buffer overflow in the get_origin function in traceroute-nanog allows attackers to execute arbitrary code via long WHOIS responses. A vulnerability has been discovered in Traceroute-nanog. It has been reported that Traceroute-nanog contains a buffer overflow condition. The overflow occurs in the 'get_origin()' function in the 'traceroute.c' file. Due to insufficient bounds checking performed by the whois parser, it may be possible to cause 'get_origin()' to corrupt memory on the system stack. This vulnerability can be exploited by an attacker to gain root privileges on a target host. Traceroute-nanog is an open source routing tracking information search program, which can perform DNS resolution on each hop, and obtain information such as the administrator's EMAIL address. The \'\'traceroute.c\'\' file in Traceroute-nanog's \'\'get_origin()\'\' function lacks proper bounds buffer checking, a local attacker can exploit this vulnerability for heap-based buffering Area overflow, careful construction of submitted data can obtain root user privileges. \'\'traceroute.c\'\' When the get_origin() function is called in the file, its stack status is as follows: char buf[256] tmp4[100] tmp3[100] tmp2[100] tmp1[100] EBP EIP [bbbbbbbbbbbbbbbbb44444444433333333332222222222111111111BBBBIIII] -> 0xbfffffff There is an 8K buffer named \'\'reply\'\' in the heap, which is used to store the response from the server. Through continuous read(2) calls, 256 The byte data is read into the buf[] array and connected to the \'\'reply[]\'\' buffer, but there is no sufficient boundary check when writing the buffer, and it is parsed by the get_origin() function When a buffer overflow is triggered, carefully constructed and submitted data can execute arbitrary instructions on the system with ROOT privileges

Trust: 1.26

sources: NVD: CVE-2002-1364 // BID: 6166 // VULHUB: VHN-5749

AFFECTED PRODUCTS

vendor:	ehud gavron	model:	tracesroute	scope:	eq	version:	6.1.1	Trust: 1.6
vendor:	ehud gavron	model:	tracesroute	scope:	eq	version:	6.0	Trust: 1.6
vendor:	nanog	model:	traceroute	scope:	eq	version:	6.1.1	Trust: 0.3
vendor:	nanog	model:	traceroute	scope:	eq	version:	6.0	Trust: 0.3
vendor:	ehud	model:	gavron tracesroute	scope:	eq	version:	6.1.1	Trust: 0.3
vendor:	ehud	model:	gavron tracesroute	scope:	eq	version:	6.0	Trust: 0.3

sources: BID: 6166 // CNNVD: CNNVD-200212-046 // NVD: CVE-2002-1364

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-1364
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200212-046
value:	HIGH
Trust: 0.6
VULHUB:	VHN-5749
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2002-1364
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-5749
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-5749 // CNNVD: CNNVD-200212-046 // NVD: CVE-2002-1364

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-1364

THREAT TYPE

local

Trust: 0.9

sources: BID: 6166 // CNNVD: CNNVD-200212-046

TYPE

Boundary Condition Error

Trust: 0.9

sources: BID: 6166 // CNNVD: CNNVD-200212-046

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-5749

EXTERNAL IDS

db:	NVD	id:	CVE-2002-1364	Trust: 2.0
db:	BID	id:	6166	Trust: 2.0
db:	CNNVD	id:	CNNVD-200212-046	Trust: 0.7
db:	DEBIAN	id:	DSA-254	Trust: 0.6
db:	SUSE	id:	SUSE-SA:2002:043	Trust: 0.6
db:	XF	id:	10778	Trust: 0.6
db:	BUGTRAQ	id:	20021129 EXPLOIT FOR TRACEROUTE-NANOG OVERFLOW	Trust: 0.6
db:	EXPLOIT-DB	id:	22014	Trust: 0.1
db:	SEEBUG	id:	SSVID-75827	Trust: 0.1
db:	VULHUB	id:	VHN-5749	Trust: 0.1

sources: VULHUB: VHN-5749 // BID: 6166 // CNNVD: CNNVD-200212-046 // NVD: CVE-2002-1364

REFERENCES

url:	http://www.securityfocus.com/bid/6166	Trust: 1.7
url:	http://www.debian.org/security/2003/dsa-254	Trust: 1.7
url:	http://www.novell.com/linux/security/advisories/2002_043_traceroute_nanog_nkitb.html	Trust: 1.7
url:	http://marc.info/?l=bugtraq&m=103858895600963&w=2	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/10778	Trust: 1.1
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=103858895600963&w=2	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/10778	Trust: 0.6
url:	http://www.gnu.org/directory/sysadmin/hookup/traceroute.html	Trust: 0.3
url:	/archive/1/301650	Trust: 0.3
url:	/archive/1/301848	Trust: 0.3

sources: VULHUB: VHN-5749 // BID: 6166 // CNNVD: CNNVD-200212-046 // NVD: CVE-2002-1364

CREDITS

Carl Livitt※ carl@learningshophull.co.uk

Trust: 0.6

sources: CNNVD: CNNVD-200212-046

SOURCES

db:	VULHUB	id:	VHN-5749
db:	BID	id:	6166
db:	CNNVD	id:	CNNVD-200212-046
db:	NVD	id:	CVE-2002-1364

LAST UPDATE DATE

2024-08-14T14:09:07.062000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-5749	date:	2017-10-10T00:00:00
db:	BID	id:	6166	date:	2009-07-11T19:16:00
db:	CNNVD	id:	CNNVD-200212-046	date:	2005-05-13T00:00:00
db:	NVD	id:	CVE-2002-1364	date:	2017-10-10T01:30:11.423

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-5749	date:	2002-12-23T00:00:00
db:	BID	id:	6166	date:	2002-11-12T00:00:00
db:	CNNVD	id:	CNNVD-200212-046	date:	2002-12-23T00:00:00
db:	NVD	id:	CVE-2002-1364	date:	2002-12-23T05:00:00