The mtr program only uses a seteuid call when attempting to drop privileges, which could allow local users to gain root privileges.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| turbolinux | turbolinux | 6.0.2 |
| matt_kimball_and_roger_wolff | mtr | 0.41 |
| turbolinux | turbolinux | 4.4 |
| turbolinux | turbolinux | 3.5b2 |
| matt_kimball_and_roger_wolff | mtr | 0.28 |
| turbolinux | turbolinux | 4.2 |