Описание
mtr through 0.95, in certain privileged contexts, mishandles execution of a program specified by the MTR_PACKET environment variable. NOTE: mtr on macOS may often have Sudo rules, as an indirect consequence of Homebrew not installing setuid binaries.
A possible privilege escalation flaw was found in the MTR networking tool. This issue occurs in rare cases when the package is configured to run with sudo rules instead of setuid and stems from its improper handling in the execution of a program specified by the MTR_PACKET environment variable.
Отчет
The condition to exploit this vulnerability is not the default behavior on Linux systems and should rarely occur. In Red Hat Enterprise Linux (RHEL), mtr does not rely on sudo or setuid for privilege elevation. Instead, RHEL uses file system capabilities (cap_net_raw+ep) on the mtr-packet binary to grant the necessary privileges securely without requiring full root access. As a result, the vulnerable execution path (such as /etc/mtr.is.run.under.sudo) is not used in RHEL, rendering the exploit path non-functional in this environment. There is no need for custom sudo rules for mtr, which is the only configuration impacted by the reported issue. For more details see discussion upstream, https://github.com/traviscross/mtr/issues/541.
Меры по смягчению последствий
No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | mtr | Not affected | ||
| Red Hat Enterprise Linux 6 | mtr | Out of support scope | ||
| Red Hat Enterprise Linux 7 | mtr | Out of support scope | ||
| Red Hat Enterprise Linux 8 | mtr | Not affected | ||
| Red Hat Enterprise Linux 9 | mtr | Not affected |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
7.8 High
CVSS3
Связанные уязвимости
mtr through 0.95, in certain privileged contexts, mishandles execution of a program specified by the MTR_PACKET environment variable. NOTE: mtr on macOS may often have Sudo rules, as an indirect consequence of Homebrew not installing setuid binaries.
mtr through 0.95, in certain privileged contexts, mishandles execution of a program specified by the MTR_PACKET environment variable. NOTE: mtr on macOS may often have Sudo rules, as an indirect consequence of Homebrew not installing setuid binaries.
mtr through 0.95, in certain privileged contexts, mishandles execution of a program specified by the MTR_PACKET environment variable. NOTE: mtr on macOS may often have Sudo rules, as an indirect consequence of Homebrew not installing setuid binaries.
mtr through 0.95, in certain privileged contexts, mishandles execution ...
EPSS
7.8 High
CVSS3