Bugtraq mailing list archives
Re: [RHSA-2000:087-02] Potential security problems in ping fixed.
From: "Ryan W. Maple" <ryan () GUARDIANDIGITAL COM>
Date: Mon, 23 Oct 2000 13:39:07 -0400
On Sun, 22 Oct 2000, Joseph Gernandez wrote:
Something else to note about the ping bug everyone is raving about.. The program does not give a seg fault unless run as root, as far as I can see.
<example>
This was on RedHat 6.2, with the default ping package. Perhaps it's not as big a security problem as people have this far thought it was.
This was outlined in Redhat advisory RHSA-2000:087-02, "Potential security problems in ping fixed.": <QUOTE> 3. Problem description: Several problems in ping are fixed: 1) Root privileges are dropped after acquiring a raw socket. 2) An 8 byte overflow of a static buffer "outpack" is prevented. 3) An overflow of a static buffer "buf" is prevented. A non-exploitable root only segfault is fixed as well. </QUOTE> Ryan W. Maple Guardian Digital, Inc. ryan () guardiandigital com
Current thread:
- [RHSA-2000:087-02] Potential security problems in ping fixed. bugzilla (Oct 18)
- Re: [RHSA-2000:087-02] Potential security problems in ping fixed. Joe Laffey (Oct 19)
- Re: [RHSA-2000:087-02] Potential security problems in ping fixed. van der Kooij, Hugo (Oct 20)
- Re: [RHSA-2000:087-02] Potential security problems in ping fixed. Vanja Hrustic (Oct 20)
- Re: [RHSA-2000:087-02] Potential security problems in ping fixed. Tim Robbins (Oct 24)
- Re: [RHSA-2000:087-02] Potential security problems in ping fixed. Pekka Savola (Oct 20)
- Re: [RHSA-2000:087-02] Potential security problems in ping fixed. van der Kooij, Hugo (Oct 20)
- Re: [RHSA-2000:087-02] Potential security problems in ping fixed. Joe Laffey (Oct 19)
- Re: [RHSA-2000:087-02] Potential security problems in ping fixed. antirez (Oct 19)
- <Possible follow-ups>
- Re: [RHSA-2000:087-02] Potential security problems in ping fixed. Joseph Gernandez (Oct 24)
- Re: [RHSA-2000:087-02] Potential security problems in ping fixed. Ryan W. Maple (Oct 24)