|
Vulnerability Development
mailing list archives
Re: Local root through vulnerability in ping on linux.
From: Daniel Roesen <droesen () ENTIRE-SYSTEMS COM>
Date: Tue, 22 Aug 2000 14:20:24 +0200
On Mon, Aug 21, 2000 at 04:39:46AM -0700, mmurray () TAOS COM wrote:
I discovered this issue a while ago; IIRC, the ping program in RHL
segfaults at a certain number of bytes (256 over maximum ping length?).
Thanx for not reporting this bug :->
However, this is NOT EXPLOITABLE, as far as I could tell;
Right. See http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=16677
for discussion.
ping is not suid
It is by default.
This is not standard linux
??? What is "standard Linux" when it comes to userspace?
this is in the redhat version of ping only.
It's the ping version contained in the "iputils" package.
Best regards,
Daniel
--
----------------------------------------------------------------------
entire systems GmbH | droesen () entire-systems com
Internet Services | Phone: +49 2624 9550-55
Ferbachstrasse 12 | Fax: +49 2624 9550-20
D-56203 Hoehr-Grenzhausen | http://www.entire-systems.com/
----------------------------------------------------------------------
 By Date 
By Thread
Current thread:
- Re: Local root through vulnerability in ping on linux., (continued)
| 
Intro
