Bugtraq: Re: [RHSA-2000:087-02] Potential security problems in ping fixed.

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: [RHSA-2000:087-02] Potential security problems in ping fixed.

From: antirez <antirez () linuxcare com>
Date: Thu, 19 Oct 2000 11:27:09 +0200

On Wed, Oct 18, 2000 at 12:03:00PM -0400, bugzilla () REDHAT COM wrote:

3. Problem description:

Several problems in ping are fixed:

1) Root privileges are dropped after acquiring a raw socket.
2) An 8 byte overflow of a static buffer "outpack" is prevented.
3) An overflow of a static buffer "buf" is prevented.

A non-exploitable root only segfault is fixed as well.


Do you also fixed the SIGALRM bombing bug?
It allows unprivileged users to sent
packets as fast as possible.

antirez

--
Salvatore Sanfilippo, Open Source Developer, Linuxcare Italia spa
+39.049.80 43 411 tel, +39.049.80 43 412 fax
antirez () linuxcare com, http://www.linuxcare.com/
Linuxcare. Support for the revolution.

By Date By Thread

Current thread:

Re: [RHSA-2000:087-02] Potential security problems in ping fixed., (continued)
- Re: [RHSA-2000:087-02] Potential security problems in ping fixed. Joe Laffey (Oct 19)
  - Re: [RHSA-2000:087-02] Potential security problems in ping fixed. van der Kooij, Hugo (Oct 20)
    - Re: [RHSA-2000:087-02] Potential security problems in ping fixed. Vanja Hrustic (Oct 20)
    - Re: [RHSA-2000:087-02] Potential security problems in ping fixed. Tim Robbins (Oct 24)
    - Re: [RHSA-2000:087-02] Potential security problems in ping fixed. Pekka Savola (Oct 20)
- Re: [RHSA-2000:087-02] Potential security problems in ping fixed. antirez (Oct 19)
- Re: [RHSA-2000:087-02] Potential security problems in ping fixed. Joseph Gernandez (Oct 24)
  - Re: [RHSA-2000:087-02] Potential security problems in ping fixed. Ryan W. Maple (Oct 24)