Potential security problems in ping fixed.

Advisory:	RHSA-2000:087-02
Type:	Security Advisory
Severity:	N/A
Issued on:	2000-10-18
Last updated on:	2000-10-18
Affected Products:	Red Hat Linux 6.2 Red Hat Linux 7.0
OVAL:	N/A
CVEs (cve.mitre.org):	CVE-2000-1213 CVE-2000-1214

Details

N/A

Several problems in ping are fixed:

1) Root privileges are dropped after acquiring a raw socket.
2) An 8 byte overflow of a static buffer "outpack" is prevented.
3) An overflow of a static buffer "buf" is prevented.

A non-exploitable root only segfault is fixed as well.

Solution

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

Updated packages

Red Hat Linux 6.2

alpha:
ftp://updates.redhat.com/6.2/alpha/iputils-20001010-1.6x.alpha.rpm Missing file	`6904ba7f8502fb009002cd96645f0539`

i386:
ftp://updates.redhat.com/6.2/i386/iputils-20001010-1.6x.i386.rpm Missing file	`ce5de156e02e5e8e010a344e8c0cdc34`

sparc:
ftp://updates.redhat.com/6.2/sparc/iputils-20001010-1.6x.sparc.rpm Missing file	`11c046097bfb8c3fa62635aa531edfeb`

Red Hat Linux 7.0

i386:
ftp://updates.redhat.com/7.0/i386/iputils-20001010-1.i386.rpm Missing file	`1973d87e9f0b685991ab4ffba1a7d257`

Bugs fixed (see bugzilla for more information)

16677 - "ping -c 1 -s 65690 localhost" segfaults

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1214
N/A

Keywords

overflows

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/