[17316] in bugtraq
Re: [RHSA-2000:087-02] Potential security problems in ping fixed.
daemon@ATHENA.MIT.EDU (Ryan W. Maple)
Tue Oct 24 01:30:01 2000
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID: <Pine.LNX.4.10.10010231337290.13983-100000@mastermind.inside.guardiandigital.com>
Date: Mon, 23 Oct 2000 13:39:07 -0400
Reply-To: "Ryan W. Maple" <ryan@GUARDIANDIGITAL.COM>
From: "Ryan W. Maple" <ryan@GUARDIANDIGITAL.COM>
X-To: Joseph Gernandez <neo@ERASED.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20001022005417.7353.qmail@securityfocus.com>
On Sun, 22 Oct 2000, Joseph Gernandez wrote:
> Something else to note about the ping bug everyone
> is raving about.. The program does not give a seg
> fault unless run as root, as far as I can see.
<example>
> This was on RedHat 6.2, with the default ping
> package. Perhaps it's not as big a security problem
> as people have this far thought it was.
This was outlined in Redhat advisory RHSA-2000:087-02, "Potential security
problems in ping fixed.":
<QUOTE>
3. Problem description:
Several problems in ping are fixed:
1) Root privileges are dropped after acquiring a raw socket.
2) An 8 byte overflow of a static buffer "outpack" is prevented.
3) An overflow of a static buffer "buf" is prevented.
A non-exploitable root only segfault is fixed as well.
</QUOTE>
Ryan W. Maple
Guardian Digital, Inc.
ryan@guardiandigital.com
