> The mtr developers have been contacted on the address supplied with
> the code, but no reply has been received.
>
> The remedy to this problem is very simple: the call to seteuid()
> should be replaced with a call to setuid(). Apply the following
> diff to mtr.c
> in the mtr distribution.
>From /usr/doc/mtr/changelog.Debian.gz:
mtr (0.28-1) stable; urgency=high
* Security fix for theoretical stack-smash-and-fork attack -
s/seteuid/setuid/ in mtr.c
- Potential security problem with mtr Viktor Fougstedt
- Re: Potential security problem with mtr Jeff Dafoe
- Re: Potential security problem with mtr Rogier Wolff
- Re: Potential security problem with mtr Viktor Fougstedt
- Re: Potential security problem with mtr LaMont Jones
- Re: Potential security problem with mtr Viktor Fougstedt
