Local Flooding Vulnerability in Traceroute on NetBSD and Linux Systems
CVE-2000-0314

Currently unrated

Key Information:

Vendor: Netbsd
Status: Netbsd; Slackware Linux; Unix; Debian Linux
Vendor: CVE Published:; 12 March 2001

What is CVE-2000-0314?

A vulnerability in the traceroute utility on NetBSD 1.3.3 and certain Linux systems allows local users to exploit the waittime option. By providing a large waittime value, the utility fails to properly parse this input, inadvertently setting the packet sending delay to zero. This misconfiguration can lead to excessive flooding of other systems, posing a risk to network stability and performance.

References

http://marc.info/?l=bugtraq&m=91893782027835&w=2

mailing-listx_refsource_BUGTRAQ

http://www.osvdb.org/7574

vdb-entryx_refsource_OSVDB

ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/...

vendor-advisoryx_refsource_NETBSD

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 12, 2001
Vulnerability Reserved
May 11, 2000

CVE-2000-0314 Data

JSON

Netbsd

What is CVE-2000-0314?

References

Timeline