Details of VAR-200308-0086

ID

VAR-200308-0086

CVE

CVE-2003-0453

TITLE

Traceroute-Nanog Integer Overflow Memory Corruption Vulnerability

Trust: 0.9

sources: BID: 7994 // CNNVD: CNNVD-200308-039

DESCRIPTION

traceroute-nanog 6.1.1 allows local users to overwrite unauthorized memory and possibly execute arbitrary code via certain "nprobes" and "max_ttl" arguments that cause an integer overflow that is used when allocating memory, which leads to a buffer overflow. An integer overflow vulnerability has been reported for Traceroute-Nanog. It has been reported that when processing certain max_ttl and nprobes values from a traceroute invocation, some functions or utilities may fail to sufficiently handle the size of data returned. Because an attacker can control arbitrary memory corruption, although conjectured and unconfirmed, an attacker might exploit this condition to execute arbitrary instructions with elevated privileges. It should be noted that this vulnerability might only affect the Debian implementation of Traceroute-Nanog. There is a vulnerability in traceroute-nanog version 6.1.1

Trust: 1.26

sources: NVD: CVE-2003-0453 // BID: 7994 // VULHUB: VHN-7281

AFFECTED PRODUCTS

vendor:	ehud gavron	model:	traceroute-nanog	scope:	eq	version:	6.1.1	Trust: 1.6
vendor:	nanog	model:	traceroute	scope:	eq	version:	6.1.1	Trust: 0.3

sources: BID: 7994 // CNNVD: CNNVD-200308-039 // NVD: CVE-2003-0453

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2003-0453
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200308-039
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-7281
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2003-0453
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-7281
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-7281 // CNNVD: CNNVD-200308-039 // NVD: CVE-2003-0453

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2003-0453

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200308-039

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200308-039

EXTERNAL IDS

db:	NVD	id:	CVE-2003-0453	Trust: 2.0
db:	CNNVD	id:	CNNVD-200308-039	Trust: 0.7
db:	BUGTRAQ	id:	20030620 BAZARR FAREWELL	Trust: 0.6
db:	DEBIAN	id:	DSA-348	Trust: 0.6
db:	BID	id:	7994	Trust: 0.4
db:	VULHUB	id:	VHN-7281	Trust: 0.1

sources: VULHUB: VHN-7281 // BID: 7994 // CNNVD: CNNVD-200308-039 // NVD: CVE-2003-0453

REFERENCES

url:	http://www.debian.org/security/2003/dsa-348	Trust: 1.7
url:	http://marc.info/?l=bugtraq&m=105613905425563&w=2	Trust: 1.0
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=105613905425563&w=2	Trust: 0.6
url:	/archive/1/326097	Trust: 0.3
url:	http://marc.info/?l=bugtraq&m=105613905425563&w=2	Trust: 0.1

sources: VULHUB: VHN-7281 // BID: 7994 // CNNVD: CNNVD-200308-039 // NVD: CVE-2003-0453

CREDITS

Discovery of this vulnerability has been credited to "assasa sasasaaa" <bazrar@hotmail.com>.

Trust: 0.9

sources: BID: 7994 // CNNVD: CNNVD-200308-039

SOURCES

db:	VULHUB	id:	VHN-7281
db:	BID	id:	7994
db:	CNNVD	id:	CNNVD-200308-039
db:	NVD	id:	CVE-2003-0453

LAST UPDATE DATE

2024-08-14T14:29:30.353000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-7281	date:	2016-10-18T00:00:00
db:	BID	id:	7994	date:	2009-07-11T22:06:00
db:	CNNVD	id:	CNNVD-200308-039	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2003-0453	date:	2016-10-18T02:34:00.817

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-7281	date:	2003-08-07T00:00:00
db:	BID	id:	7994	date:	2003-06-20T00:00:00
db:	CNNVD	id:	CNNVD-200308-039	date:	2003-08-07T00:00:00
db:	NVD	id:	CVE-2003-0453	date:	2003-08-07T04:00:00