[17266] in bugtraq
Re: [RHSA-2000:087-02] Potential security problems in ping fixed.
daemon@ATHENA.MIT.EDU (antirez)
Thu Oct 19 13:05:02 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-Id: <20001019112709.C24645@antiz.marmoc.net>
Date: Thu, 19 Oct 2000 11:27:09 +0200
Reply-To: antirez@linuxcare.com
From: antirez <antirez@LINUXCARE.COM>
X-To: bugzilla@REDHAT.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <200010181603.e9IG3XZ10992@porkchop.redhat.com>; from
bugzilla@REDHAT.COM on Wed, Oct 18, 2000 at 12:03:00PM -0400
On Wed, Oct 18, 2000 at 12:03:00PM -0400, bugzilla@REDHAT.COM wrote:
> 3. Problem description:
>
> Several problems in ping are fixed:
>
> 1) Root privileges are dropped after acquiring a raw socket.
> 2) An 8 byte overflow of a static buffer "outpack" is prevented.
> 3) An overflow of a static buffer "buf" is prevented.
>
> A non-exploitable root only segfault is fixed as well.
Do you also fixed the SIGALRM bombing bug?
It allows unprivileged users to sent
packets as fast as possible.
antirez
--
Salvatore Sanfilippo, Open Source Developer, Linuxcare Italia spa
+39.049.80 43 411 tel, +39.049.80 43 412 fax
antirez@linuxcare.com, http://www.linuxcare.com/
Linuxcare. Support for the revolution.
