Red Hat Security Advisory: traceroute setuid root exploit with multiple -g options | Linux Today

Red Hat Security Advisory: traceroute setuid root exploit with multiple -g options

Written By
Web Webster
Web Webster
Oct 7, 2000

Date: Fri, 6 Oct 2000 17:21 -0400
From: bugzilla@redhat.com
To: redhat-watch-list@redhat.com
Subject: [RHSA-2000:078-02] traceroute setuid root exploit with
multiple -g options


                   Red Hat, Inc. Security Advisory

Synopsis:          traceroute setuid root exploit with multiple -g options
Advisory ID:       RHSA-2000:078-02
Issue date:        2000-10-06
Updated on:        2000-10-06
Product:           Red Hat Linux
Keywords:          traceroute setuid root exploit
Cross references:  N/A

1. Topic:

a root exploit and several additional bugs in traceroute have
been corrected.

2. Relevant releases/architectures:

Red Hat Linux 5.0 – i386, alpha, sparc
Red Hat Linux 5.1 – i386, alpha, sparc
Red Hat Linux 5.2 – i386, alpha, sparc
Red Hat Linux 6.0 – i386, alpha, sparc
Red Hat Linux 6.1 – i386, alpha, sparc
Red Hat Linux 6.2 – i386, alpha, sparc

3. Problem description:

A root exploit due to a segfault when using multiple -g options
is fixed for Red Hat Linux 6.x and Red Hat Linux 5.x.

A potential denial-of-service attack is alleviated by enforcing
a maximum buffer size of 64Kb.

On Red Hat Linux 6.x, loose source routing (LSRR) now works
correctly.

4. Solution:

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla
for more info):

18466 – traceroute: local root exploit now exists
13466 – segfault while parsing multiple -g arguments
15917 – Maksimum packetlength checked badly (Local DoS)
16281 – traceroute LSRR broken

6. RPMs required:

Red Hat Linux 5.x:

alpha:

ftp://updates.redhat.com/5.2/alpha/traceroute-1.4a5-24.5x.alpha.rpm

sparc:

ftp://updates.redhat.com/5.2/sparc/traceroute-1.4a5-24.5x.sparc.rpm

i386:

ftp://updates.redhat.com/5.2/i386/traceroute-1.4a5-24.5x.i386.rpm

sources:

ftp://updates.redhat.com/5.2/SRPMS/traceroute-1.4a5-24.5x.src.rpm

Red Hat Linux 6.x:

alpha:

ftp://updates.redhat.com/6.2/alpha/traceroute-1.4a5-24.6x.alpha.rpm

sparc:

ftp://updates.redhat.com/6.2/sparc/traceroute-1.4a5-24.6x.sparc.rpm

i386:

ftp://updates.redhat.com/6.2/i386/traceroute-1.4a5-24.6x.i386.rpm

sources:

ftp://updates.redhat.com/6.2/SRPMS/traceroute-1.4a5-24.6x.src.rpm

7. Verification:

MD5 sum                           Package Name

1fe1fb918271526d5d4e22046f1da776 5.2/SRPMS/traceroute-1.4a5-24.5x.src.rpm
25a92211082e65df9f89fd71ac7a6888 5.2/alpha/traceroute-1.4a5-24.5x.alpha.rpm
2fc1c66152f3fbd723b695472aadc0a6 5.2/i386/traceroute-1.4a5-24.5x.i386.rpm
d60c337c3fa3d23ba2c1cde082c8fee5 5.2/sparc/traceroute-1.4a5-24.5x.sparc.rpm
9fc2151d7cca01185add0ed085efcde0 6.2/SRPMS/traceroute-1.4a5-24.6x.src.rpm
f279d9e415a7d806daae86e8112fe8c6 6.2/alpha/traceroute-1.4a5-24.6x.alpha.rpm
49bd824f9f4784ce9c45fa54285c7aa0 6.2/i386/traceroute-1.4a5-24.6x.i386.rpm
498a1e08221e1d9e0115edb7f34ecef9 6.2/sparc/traceroute-1.4a5-24.6x.sparc.rpm

These packages are GPG signed by Red Hat, Inc. for security. Our
key is available at:
http://www.redhat.com/corp/contact.html

You can verify each package with the following command:
rpm –checksig <filename>

If you only wish to verify that each package has not been
corrupted or tampered with, examine only the md5sum with the
following command:
rpm –checksig –nogpg <filename>

8. References:

Thanks to Pekka Savola for discovering the flaw.

See http://www.securityfocus.com/archive/1/136215
for a complete summary of the flaw.

Copyright(c) 2000 Red Hat, Inc.

Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.