|
|
Info |
Last Modified |
| 10 months ago |
|
|
|
|
Description |
The traceroute program in NetBSD, Linux, and Digital Unix contains a flaw that may allow a remote denial of service. The issue is triggered when the waittime option, -w, is passed to traceroute with a large value. This will cause the waittime to effectively be set to 0, causing a flood of packets which will result in loss of availability for the targeted machine.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Denial of Service,
Misconfiguration
Impact:
Loss of Availability
Exploit:
Exploit Available
Disclosure:
OSVDB Verified
|
|
Technical |
The waittime argument in traceroute is not correctly sanity checked. When a very large value is passed to waittime (the limit value is never greater
than (1<<31)-1 or ((1<<(sizeof(int)*8)-1)-1) on tested systems where the size of an int is 4), it can cause select(2) to return immediately after sending out a packet instead of waiting for the reply. Since traceroute also allows non-root users to set the source address for these packets, this allows a flood of spoofed traffic to be generated.
|
|
Solution |
Upgrade to NetBSD version 1.3.4 or higher, or the appropriate version from your vendor, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by applying the vendor-supplied patch.
|
|
Products |
|
NetBSD
 |
1.3.3 |
NetBSD-current
|
19990217 |
|
Digital Unix
|
4.0 |
|
traceroute
|
Unknown or Unspecified |
|
traceroute
|
Unknown or Unspecified |
|
traceroute
|
Unknown or Unspecified |
|
|
|
|
Credit |
- Alfonso De Gregorio - dira
 speedcom.it -
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
