[原文]traceroute in NetBSD 1.3.3 and Linux systems allows local users to flood other systems by providing traceroute with a large waittime (-w) option, which is not parsed properly and sets the time delay for sending packets to zero.
The traceroute program in NetBSD, Linux, and Digital Unix contains a flaw that may allow a remote denial of service. The issue is triggered when the waittime option, -w, is passed to traceroute with a large value. This will cause the waittime to effectively be set to 0, causing a flood of packets which will result in loss of availability for the targeted machine.
Upgrade to NetBSD version 1.3.4 or higher, or the appropriate version from your vendor, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by applying the vendor-supplied patch.