{"vuid":"VU#946652","idnumber":"946652","name":"pWhois Layer Four Traceroute 3.x vulnerability","keywords":["suid","root binary","layer four traceroute","pwhois.org","segmentation fault"],"overview":"Given a specific set of command line arguments, Layer Four Traceroute (lft) will produce a segmentation fault leading to a possible privilege escalation vulnerability.","clean_desc":"pWhois Layer Four Traceroute 3.x contains a vulnerability when parsing command line arguments. Earlier versions of Layer Four Traceroute  may also be vulnerable. Some distributions that package Layer Four Traceroute are not vulnerable because they do not install the 'lft' binary SETUID root.","impact":"If Layer Four Traceroute is installed SETUID root, a local attacker may be able to exploit the vulnerability for privilege escalation.","resolution":"Apply an Update\nUpgrade to Layer Four Traceroute 3.3 or later.","workarounds":"Workaround If upgrading to the latest version is not possible, do not install Layer Four Traceroute SETUID root. This will limit the application functionality for unprivileged users.","sysaffected":"","thanks":"Thanks to Markus Gothe for reporting this vulnerability.","author":"This document was written by Jared Allar.","public":["h","t","t","p",":","/","/","p","w","h","o","i","s",".","o","r","g","/","l","f","t","/"],"cveids":["CVE-2011-0765"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2011-01-18T19:34:10Z","publicdate":"2011-04-04T00:00:00Z","datefirstpublished":"2011-04-04T13:48:36Z","dateupdated":"2011-04-04T14:16:06Z","revision":18,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":0.0,"vulnote":null}