diff mbox series

[meta-networking,kirkstone,1/8] mtr: patch CVE-2025-49809

Message ID 20251225125139.2436941-1-skandigraun@gmail.com
State New
Headers show
Series [meta-networking,kirkstone,1/8] mtr: patch CVE-2025-49809 | expand

Commit Message

Gyorgy Sarvari Dec. 25, 2025, 12:51 p.m. UTC 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-49809

Pick the patch mentioned in the NVD report.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 .../mtr/mtr/CVE-2025-49809.patch              | 38 +++++++++++++++++++
 .../recipes-support/mtr/mtr_0.95.bb           |  4 +-
 2 files changed, 41 insertions(+), 1 deletion(-)
 create mode 100644 meta-networking/recipes-support/mtr/mtr/CVE-2025-49809.patch
diff mbox series

Patch

diff --git a/meta-networking/recipes-support/mtr/mtr/CVE-2025-49809.patch b/meta-networking/recipes-support/mtr/mtr/CVE-2025-49809.patch
new file mode 100644
index 0000000000..1f8ac4aeb9
--- /dev/null
+++ b/meta-networking/recipes-support/mtr/mtr/CVE-2025-49809.patch
@@ -0,0 +1,38 @@ 
+From 5eefb172ef1ab9e46d79c6bae60dbe7983c9f704 Mon Sep 17 00:00:00 2001
+From: "R.E. Wolff" <R.E.Wolff@BitWizard.nl>
+Date: Sun, 29 Jun 2025 14:06:00 +0200
+Subject: [PATCH] Added protection against use of MTR_PACKET under special
+ circumstances
+
+CVE: CVE-2025-49809
+Upstream-Status: Backport [https://github.com/traviscross/mtr/commit/5226f105f087c29d3cfad9f28000e7536af91ac6]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ ui/cmdpipe.c | 13 ++++++++++---
+ 1 file changed, 10 insertions(+), 3 deletions(-)
+
+diff --git a/ui/cmdpipe.c b/ui/cmdpipe.c
+index d22b236..1a66293 100644
+--- a/ui/cmdpipe.c
++++ b/ui/cmdpipe.c
+@@ -220,10 +220,17 @@ void execute_packet_child(
+        the path to the mtr-packet executable.  This is necessary
+        for debugging changes for mtr-packet.
+      */
+-    char *mtr_packet_path = getenv("MTR_PACKET");
+-    if (mtr_packet_path == NULL) {
++    char * mtr_packet_path = NULL; 
++
++    // In the rare case that mtr-packet is not setuid-root, 
++    // and a select group of users has sudo privileges to run 
++    // mtr and not much else, THEN create /etc/mtr.is.run.under.sudo
++    // to prevent a privilege escalation when one of those accounts
++    // is compromised.  CVE-2025-49809
++    if (access ("/etc/mtr.is.run.under.sudo", F_OK) != 0)
++        mtr_packet_path = getenv("MTR_PACKET");
++    if (mtr_packet_path == NULL)
+         mtr_packet_path = "mtr-packet";
+-    }
+ 
+     /*
+        First, try to execute mtr-packet from PATH
diff --git a/meta-networking/recipes-support/mtr/mtr_0.95.bb b/meta-networking/recipes-support/mtr/mtr_0.95.bb
index 92f9c4bfc0..8c385ae46a 100644
--- a/meta-networking/recipes-support/mtr/mtr_0.95.bb
+++ b/meta-networking/recipes-support/mtr/mtr_0.95.bb
@@ -9,7 +9,9 @@  LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
                     file://ui/mtr.c;beginline=5;endline=16;md5=00a894a39d53726a27386534d1c4e468"
 
 SRCREV = "852e5617fbf331cf292723702161f0ac9afe257c"
-SRC_URI = "git://github.com/traviscross/mtr;branch=master;protocol=https"
+SRC_URI = "git://github.com/traviscross/mtr;branch=master;protocol=https \
+           file://CVE-2025-49809.patch \
+           "
 
 S = "${WORKDIR}/git"