Showing 1 - 4 of 4

CVE-2023-46316

Status Candidate

Overview

In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines.

Red Hat Security Advisory 2024-3211-03: Posted May 23, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-3211-03 - An update for traceroute is now available for Red Hat Enterprise Linux 8.; tags | advisory; systems | linux, redhat; advisories | CVE-2023-46316; SHA-256 | a0e742323a4c2891547276b1c38e19cff81bbafbe90338a81bc755fe6b4c8553; Download | Favorite | View

Red Hat Security Advisory 2024-2483-03: Posted Apr 30, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-2483-03 - An update for traceroute is now available for Red Hat Enterprise Linux 9.; tags | advisory; systems | linux, redhat; advisories | CVE-2023-46316; SHA-256 | 951bf24a953cbd3ecf0024db056d9ef69269d38b3117598eb04e129fe43159b4; Download | Favorite | View

Traceroute 2.1.2 Privilege Escalation: Posted Jan 22, 2024; Authored by g30ff1rl; In Traceroute versions 2.0.12 through to 2.1.2, the wrapper scripts mishandle shell metacharacters, which can lead to privilege escalation if the wrapper scripts are executed via sudo. The affected wrapper scripts include tcptraceroute, tracepath, traceproto, and traceroute-nanog. Version 2.1.3 addresses this issue.; tags | exploit, shell; advisories | CVE-2023-46316; SHA-256 | eee3332e9c084609d76f6804cef55683b3ac0269232445ffe0616c2e821e1a45; Download | Favorite | View

Ubuntu Security Notice USN-6478-1: Posted Nov 14, 2023; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6478-1 - It was discovered that Traceroute did not properly parse command line arguments. An attacker could possibly use this issue to execute arbitrary commands.; tags | advisory, arbitrary; systems | linux, ubuntu; advisories | CVE-2023-46316; SHA-256 | dd99a6298d132065b4d99e95d56c68353d9677408f3eb93a4159c7b70daf4b0b; Download | Favorite | View

Page 1 of 1 Back 1 Next