Vulnerability Name:

CVE-2000-0949 (CCN-5311)

Assigned:2000-09-28
Published:2000-09-28
Updated:2018-10-30
Summary:Heap overflow in savestr function in LBNL traceroute 1.4a5 and earlier allows a local user to execute arbitrary commands via the -g option.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Privileges
References:Source: CCN
Type: Caldera International, Inc. Security Advisory SA-1997.20
Vulnerability in traceroute package

Source: CCN
Type: Caldera International, Inc. Security Advisory CSSA-2000-034.0
security problem in traceroute

Source: BUGTRAQ
Type: UNKNOWN
20000928 Very interesting traceroute flaw

Source: CCN
Type: BugTraq Mailing List, Thu Sep 28 2000 - 17:33:28 CDT
Very interesting traceroute flaw

Source: CCN
Type: BugTraq Mailing List, Fri Sep 29 2000 - 05:47:43 CDT
Re: Very interesting traceroute flaw

Source: BUGTRAQ
Type: UNKNOWN
20000930 Conectiva Linux Security Announcement - traceroute

Source: CCN
Type: Conectiva Linux Announcement CLSA-2000:319
traceroute: Traceroute local root exploit

Source: CCN
Type: Debian Security Advisory 00-029
New versions of Debian traceroute packages

Source: MITRE
Type: CNA
CVE-2000-0949

Source: CCN
Type: RHSA-2000-078
traceroute setuid root exploit with multiple -g options

Source: CCN
Type: TurboLinux Security Announcement TLSA2000023-1
traceroute-1.4a5 and earlier

Source: CALDERA
Type: UNKNOWN
CSSA-2000-034.0

Source: DEBIAN
Type: UNKNOWN
20001013 traceroute: local root exploit

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2000:053

Source: CCN
Type: OSVDB ID: 1584
LBNL traceroute -g Option Local Overflow

Source: REDHAT
Type: UNKNOWN
RHSA-2000:078

Source: BID
Type: Exploit, Patch, Vendor Advisory
1739

Source: CCN
Type: BID-1739
LBNL Traceroute Heap Corruption Vulnerability

Source: TURBO
Type: UNKNOWN
TLSA2000023-1

Source: CCN
Type: MandrakeSoft Security Advisory MDKSA-2000:053
traceroute

Source: XF
Type: UNKNOWN
traceroute-heap-overflow(5311)

Source: XF
Type: UNKNOWN
traceroute-heap-overflow(5311)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:lbl:lbl_traceroute:1.4a5:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:sun:sunos:5.5.1:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:redhat:linux:5.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:5.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:5.0:*:*:*:*:*:*:*
  • OR cpe:/o:caldera:openlinux:2.3:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.2:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:2.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:caldera:openlinux:2.4:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:6.1:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:4.0es:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:4.1:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:4.2:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:5.0:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:5.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.2e:*:*:*:*:*:*:*
  • OR cpe:/a:caldera:network_desktop:1.0:*:*:*:*:*:*:*
  • OR cpe:/o:caldera:openlinux_lite:1.1:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:6.0.5:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    lbl lbl traceroute 1.4a5
    sun sunos 5.5.1
    redhat linux 5.2
    redhat linux 6.0
    redhat linux 6.1
    redhat linux 5.1
    redhat linux 5.0
    caldera openlinux 2.3
    redhat linux 6.2
    debian debian linux 2.2
    mandrakesoft mandrake linux 7.0
    caldera openlinux 2.4
    mandrakesoft mandrake linux 7.1
    mandrakesoft mandrake linux 6.0
    mandrakesoft mandrake linux 6.1
    conectiva linux 4.0
    conectiva linux 4.0es
    conectiva linux 4.1
    conectiva linux 4.2
    conectiva linux 5.0
    conectiva linux 5.1
    redhat linux 6.2e
    caldera network desktop 1.0
    caldera openlinux lite 1.1
    turbolinux turbolinux 6.0.5