VAR-200212-0651
Vulnerability from variot - Updated: 2025-04-03 22:14Buffer overflow in the get_origin function in traceroute-nanog allows attackers to execute arbitrary code via long WHOIS responses. A vulnerability has been discovered in Traceroute-nanog. It has been reported that Traceroute-nanog contains a buffer overflow condition. The overflow occurs in the 'get_origin()' function in the 'traceroute.c' file. Due to insufficient bounds checking performed by the whois parser, it may be possible to cause 'get_origin()' to corrupt memory on the system stack. This vulnerability can be exploited by an attacker to gain root privileges on a target host. Traceroute-nanog is an open source routing tracking information search program, which can perform DNS resolution on each hop, and obtain information such as the administrator's EMAIL address. The \'\'traceroute.c\'\' file in Traceroute-nanog's \'\'get_origin()\'\' function lacks proper bounds buffer checking, a local attacker can exploit this vulnerability for heap-based buffering Area overflow, careful construction of submitted data can obtain root user privileges. \'\'traceroute.c\'\' When the get_origin() function is called in the file, its stack status is as follows: char buf[256] tmp4[100] tmp3[100] tmp2[100] tmp1[100] EBP EIP [bbbbbbbbbbbbbbbbb44444444433333333332222222222111111111BBBBIIII] -> 0xbfffffff There is an 8K buffer named \'\'reply\'\' in the heap, which is used to store the response from the server. Through continuous read(2) calls, 256 The byte data is read into the buf[] array and connected to the \'\'reply[]\'\' buffer, but there is no sufficient boundary check when writing the buffer, and it is parsed by the get_origin() function When a buffer overflow is triggered, carefully constructed and submitted data can execute arbitrary instructions on the system with ROOT privileges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200212-0651",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tracesroute",
"scope": "eq",
"trust": 1.6,
"vendor": "ehud gavron",
"version": "6.1.1"
},
{
"model": "tracesroute",
"scope": "eq",
"trust": 1.6,
"vendor": "ehud gavron",
"version": "6.0"
},
{
"model": "traceroute",
"scope": "eq",
"trust": 0.3,
"vendor": "nanog",
"version": "6.1.1"
},
{
"model": "traceroute",
"scope": "eq",
"trust": 0.3,
"vendor": "nanog",
"version": "6.0"
},
{
"model": "gavron tracesroute",
"scope": "eq",
"trust": 0.3,
"vendor": "ehud",
"version": "6.1.1"
},
{
"model": "gavron tracesroute",
"scope": "eq",
"trust": 0.3,
"vendor": "ehud",
"version": "6.0"
}
],
"sources": [
{
"db": "BID",
"id": "6166"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-046"
},
{
"db": "NVD",
"id": "CVE-2002-1364"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Carl Livitt\u203b carl@learningshophull.co.uk",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-046"
}
],
"trust": 0.6
},
"cve": "CVE-2002-1364",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2002-1364",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-5749",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2002-1364",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200212-046",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-5749",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5749"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-046"
},
{
"db": "NVD",
"id": "CVE-2002-1364"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in the get_origin function in traceroute-nanog allows attackers to execute arbitrary code via long WHOIS responses. A vulnerability has been discovered in Traceroute-nanog. It has been reported that Traceroute-nanog contains a buffer overflow condition. \nThe overflow occurs in the \u0027get_origin()\u0027 function in the \u0027traceroute.c\u0027 file. Due to insufficient bounds checking performed by the whois parser, it may be possible to cause \u0027get_origin()\u0027 to corrupt memory on the system stack. \nThis vulnerability can be exploited by an attacker to gain root privileges on a target host. Traceroute-nanog is an open source routing tracking information search program, which can perform DNS resolution on each hop, and obtain information such as the administrator\u0027s EMAIL address. The \\\u0027\\\u0027traceroute.c\\\u0027\\\u0027 file in Traceroute-nanog\u0027s \\\u0027\\\u0027get_origin()\\\u0027\\\u0027 function lacks proper bounds buffer checking, a local attacker can exploit this vulnerability for heap-based buffering Area overflow, careful construction of submitted data can obtain root user privileges. \\\u0027\\\u0027traceroute.c\\\u0027\\\u0027 When the get_origin() function is called in the file, its stack status is as follows: char buf[256] tmp4[100] tmp3[100] tmp2[100] tmp1[100] EBP EIP [bbbbbbbbbbbbbbbbb44444444433333333332222222222111111111BBBBIIII] -\u003e 0xbfffffff There is an 8K buffer named \\\u0027\\\u0027reply\\\u0027\\\u0027 in the heap, which is used to store the response from the server. Through continuous read(2) calls, 256 The byte data is read into the buf[] array and connected to the \\\u0027\\\u0027reply[]\\\u0027\\\u0027 buffer, but there is no sufficient boundary check when writing the buffer, and it is parsed by the get_origin() function When a buffer overflow is triggered, carefully constructed and submitted data can execute arbitrary instructions on the system with ROOT privileges",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1364"
},
{
"db": "BID",
"id": "6166"
},
{
"db": "VULHUB",
"id": "VHN-5749"
}
],
"trust": 1.26
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-5749",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5749"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2002-1364",
"trust": 2.0
},
{
"db": "BID",
"id": "6166",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200212-046",
"trust": 0.7
},
{
"db": "DEBIAN",
"id": "DSA-254",
"trust": 0.6
},
{
"db": "SUSE",
"id": "SUSE-SA:2002:043",
"trust": 0.6
},
{
"db": "XF",
"id": "10778",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20021129 EXPLOIT FOR TRACEROUTE-NANOG OVERFLOW",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "22014",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-75827",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-5749",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5749"
},
{
"db": "BID",
"id": "6166"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-046"
},
{
"db": "NVD",
"id": "CVE-2002-1364"
}
]
},
"id": "VAR-200212-0651",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-5749"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:14:09.685000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1364"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/6166"
},
{
"trust": 1.7,
"url": "http://www.debian.org/security/2003/dsa-254"
},
{
"trust": 1.7,
"url": "http://www.novell.com/linux/security/advisories/2002_043_traceroute_nanog_nkitb.html"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=103858895600963\u0026w=2"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10778"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=103858895600963\u0026w=2"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/10778"
},
{
"trust": 0.3,
"url": "http://www.gnu.org/directory/sysadmin/hookup/traceroute.html"
},
{
"trust": 0.3,
"url": "/archive/1/301650"
},
{
"trust": 0.3,
"url": "/archive/1/301848"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5749"
},
{
"db": "BID",
"id": "6166"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-046"
},
{
"db": "NVD",
"id": "CVE-2002-1364"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-5749"
},
{
"db": "BID",
"id": "6166"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-046"
},
{
"db": "NVD",
"id": "CVE-2002-1364"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-12-23T00:00:00",
"db": "VULHUB",
"id": "VHN-5749"
},
{
"date": "2002-11-12T00:00:00",
"db": "BID",
"id": "6166"
},
{
"date": "2002-12-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200212-046"
},
{
"date": "2002-12-23T05:00:00",
"db": "NVD",
"id": "CVE-2002-1364"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-5749"
},
{
"date": "2009-07-11T19:16:00",
"db": "BID",
"id": "6166"
},
{
"date": "2005-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200212-046"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2002-1364"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "6166"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-046"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Traceroute-nanog Local Buffer Overflow Vulnerability",
"sources": [
{
"db": "BID",
"id": "6166"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-046"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "6166"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-046"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…