CVE-2008-2357 - Inconsumable Cubes


Stack-based buffer overflow in the split_redraw function in split.c in mtr before 0.73 when invoked with the -p (aka –split) option allows remote attackers to execute arbitrary code via a crafted DNS PTR record. NOTE: it could be argued that this is a vulnerability in the ns_name_ntop function in resolv/ns_name.c in glibc and the proper fix should be in glibc; if so then this should not be treated as a vulnerability in mtr.