Description
The mtr program only uses a seteuid call when attempting to drop privileges, which could allow local users to gain root privileges.
Affected products
- matt_kimball_and_roger_wolff / mtr0.28 – 0.28
- matt_kimball_and_roger_wolff / mtr0.41 – 0.41
- turbolinux / turbolinux3.5b2 – 3.5b2
- turbolinux / turbolinux4.2 – 4.2
- turbolinux / turbolinux4.4 – 4.4
- turbolinux / turbolinux6.0.2 – 6.0.2