USN-6478-1: Traceroute vulnerability
14 November 2023
Traceroute could be made to execute arbitrary commands.
- traceroute - Traces the route taken by packets over an IPv4/IPv6 network
It was discovered that Traceroute did not properly parse command
line arguments. An attacker could possibly use this issue to
execute arbitrary commands.
The problem can be corrected by updating your system to the following package versions:
- traceroute - 1:2.1.0-2ubuntu0.22.04.1~esm1
- traceroute - 1:2.1.0-2ubuntu0.20.04.1~esm1
- traceroute - 1:2.1.0-2ubuntu0.18.04.1~esm1
- traceroute - 1:2.0.21-1ubuntu0.1~esm1
- traceroute - 1:2.0.20-0ubuntu0.1+esm1
In general, a standard system update will make all the necessary changes.