Support / Security / Advisories / Corporate Server 4.0 / MDVSA-2008:176

Package name: mtr
Date: 2008-08-20
Advisory ID: MDVSA-2008:176
Affected versions: CS4.0 x86_64 , CS4.0 i586

Problem description

A stack-based buffer overflow was found in mtr prior to version 0.73
that allowed remote attackers to execute arbitrary code via a crafted
DNS PTR record, when called with the --split option (CVE-2008-2357).

The updated packages provide mtr 0.73 which corrects this issue.

Updated packages

CS4.0 x86_64

 740038eccdac13acd2bedb4469ecbbfc  corporate/4.0/x86_64/mtr-0.73-0.1.20060mlcs4.x86_64.rpm
 402ab38bff420a063010b88593e0fc5f  corporate/4.0/x86_64/mtr-gtk-0.73-0.1.20060mlcs4.x86_64.rpm 
 b7167d193a2deb8fdd9b95d3bcaf4675  corporate/4.0/SRPMS/mtr-0.73-0.1.20060mlcs4.src.rpm

CS4.0 i586

 c98d0d2dd309c5e2c682f9856fc4a3f4  corporate/4.0/i586/mtr-0.73-0.1.20060mlcs4.i586.rpm
 30ec5571b686d8cca39b298ce4e2bf85  corporate/4.0/i586/mtr-gtk-0.73-0.1.20060mlcs4.i586.rpm 
 b7167d193a2deb8fdd9b95d3bcaf4675  corporate/4.0/SRPMS/mtr-0.73-0.1.20060mlcs4.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2357