Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 620928 (CVE-2017-9430)

Summary: <net-analyzer/dnstracer-1.9-r2 : Stack-buffer overflow via a long name argument in command line
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: normal CC: netmon
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B2 [noglsa cve]
Package list:
Runtime testing required: No

Description Agostino Sarubbo gentoo-dev 2017-06-05 15:11:15 UTC
From ${URL} :

Stack-based buffer overflow in dnstracer through 1.9 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a command line with a long name 
argument that is mishandled in a strcpy call for argv[0]. An example threat model is a web application that launches dnstracer with an untrusted name string.


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Aaron Bauman (RETIRED) gentoo-dev 2018-02-07 23:27:31 UTC
@arches, please stabilize.
Comment 2 Agostino Sarubbo gentoo-dev 2018-02-09 08:39:50 UTC
amd64 stable
Comment 3 Thomas Deutschmann (RETIRED) gentoo-dev 2018-02-10 00:32:55 UTC
x86 stable
Comment 4 Sergei Trofimovich (RETIRED) gentoo-dev 2018-02-10 17:42:23 UTC
commit 949f332373007d13d147ceaa10863926f5e21a86
Author: Jeroen Roovers <>
Date:   Sat Feb 10 10:53:42 2018 +0100

    net-analyzer/dnstracer: Stable for HPPA too.
Comment 5 Sergei Trofimovich (RETIRED) gentoo-dev 2018-02-18 19:49:32 UTC
ia64 stable
Comment 6 Sergei Trofimovich (RETIRED) gentoo-dev 2018-03-08 21:26:47 UTC
ppc64 stable
Comment 7 Markus Meier gentoo-dev 2018-04-08 10:47:53 UTC
arm stable, all arches done.
Comment 8 Aaron Bauman (RETIRED) gentoo-dev 2018-04-08 13:26:46 UTC
CVE calls out a DoS.  No PoC for ACE/RCE found.


GLSA Vote: No
Comment 9 Larry the Git Cow gentoo-dev 2018-04-08 13:30:29 UTC
The bug has been referenced in the following commit(s):

commit 85f923455730d39bb7722b54b58a606cc8d2acd7
Author:     Aaron Bauman <>
AuthorDate: 2018-04-08 13:29:18 +0000
Commit:     Aaron Bauman <>
CommitDate: 2018-04-08 13:30:21 +0000

    net-analyzer/dnstracer: drop vulnerable
    Package-Manager: Portage-2.3.28, Repoman-2.3.9

 net-analyzer/dnstracer/dnstracer-1.9-r1.ebuild | 19 -------------------
 1 file changed, 19 deletions(-)}