|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
[tcptra-dev] tcptraceroute prior to 1.5beta4 did not properly drop root privileges
|
A bug in tcptraceroute through version 1.5beta3 has been discovered by Matt
Zimmerman <mdz@debian.org>, such that tcptraceroute did not properly drop
root privileges after opening a raw socket. The bug has been corrected in
tcptraceroute-1.5beta4, available on the tcptraceroute development website,
<http://michael.toren.net/code/tcptraceroute/beta.html>.
As there are currently no known exploitable portions of tcptraceroute,
versions through tcptraceroute-1.5beta3 are still believed to be safe even
without fully dropping privileges, however users are encouraged to upgrade
to provide a measure of containment in the event that an exploitable flaw
is discovered in the future. Users of tcptraceroute-1.4 who do not wish
to upgrade to a beta version may apply the one line patch included below.
The bug was first announced in Debian Security Advisory DSA 330-1 on June
23rd, <http://www.debian.org/security/2003/dsa-330>, and on June 27th also
appears to have been assigned an ID of CAN-2003-0489 by the Common
Vulnerability and Exposures list,
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0489>.
Any questions may be directed either to myself, or to the tcptraceroute
development mailing list, <tcptraceroute-dev@netisland.net>.
Thanks,
-mct
diff -ru tcptraceroute-1.4.orig/tcptraceroute.c tcptraceroute-1.4/tcptraceroute.c
--- tcptraceroute-1.4.orig/tcptraceroute.c Tue Jul 30 17:51:27 2002
+++ tcptraceroute-1.4/tcptraceroute.c Sun Jun 29 18:50:42 2003
@@ -2003,6 +2003,6 @@
defaults();
initcapture();
- seteuid(getuid());
+ setuid(getuid());
return trace();
}
|
|