Potential security problems in ping fixed.
| Advisory: | RHSA-2000:087-02 |
|---|---|
| Type: | Security Advisory |
| Severity: | N/A |
| Issued on: | 2000-10-18 |
| Last updated on: | 2000-10-18 |
| Affected Products: | Red Hat Linux 6.2 Red Hat Linux 7.0 |
| CVEs (cve.mitre.org): |
CVE-2000-1213 CVE-2000-1214 |
Details
N/A
Several problems in ping are fixed:
1) Root privileges are dropped after acquiring a raw socket.
2) An 8 byte overflow of a static buffer "outpack" is prevented.
3) An overflow of a static buffer "buf" is prevented.
A non-exploitable root only segfault is fixed as well.
Solution
For each RPM for your particular architecture, run:
rpm -Fvh [filename]
where filename is the name of the RPM.
rpm -Fvh [filename]
where filename is the name of the RPM.
Updated packages
| Red Hat Linux 6.2 | |
| SRPMS: | |
| ftp://updates.redhat.com/rhn/repository/NULL/iputils/20001010-1.6x/SRPMS/iputils-20001010-1.6x.src.rpm Missing file |
MD5: e4b1ca9fbebe4dfa6e37eba5a48d307f |
| Alpha: | |
| ftp://updates.redhat.com/rhn/repository/NULL/iputils/20001010-1.6x/alpha/iputils-20001010-1.6x.alpha.rpm Missing file |
MD5: 6904ba7f8502fb009002cd96645f0539 |
| IA-32: | |
| ftp://updates.redhat.com/rhn/repository/NULL/iputils/20001010-1.6x/i386/iputils-20001010-1.6x.i386.rpm Missing file |
MD5: ce5de156e02e5e8e010a344e8c0cdc34 |
| Sparc: | |
| ftp://updates.redhat.com/rhn/repository/NULL/iputils/20001010-1.6x/sparc/iputils-20001010-1.6x.sparc.rpm Missing file |
MD5: 11c046097bfb8c3fa62635aa531edfeb |
| Red Hat Linux 7.0 | |
| SRPMS: | |
| ftp://updates.redhat.com/rhn/repository/NULL/iputils/20001010-1/SRPMS/iputils-20001010-1.src.rpm Missing file |
MD5: 7bb083f0624eafd1a3f2038ff740789a |
| IA-32: | |
| ftp://updates.redhat.com/rhn/repository/NULL/iputils/20001010-1/i386/iputils-20001010-1.i386.rpm Missing file |
MD5: 1973d87e9f0b685991ab4ffba1a7d257 |
Bugs fixed (see bugzilla for more information)
16677 - "ping -c 1 -s 65690 localhost" segfaults
References
https://www.redhat.com/security/data/cve/CVE-2000-1213.html
https://www.redhat.com/security/data/cve/CVE-2000-1214.html
N/A
https://www.redhat.com/security/data/cve/CVE-2000-1214.html
N/A
Keywords
overflows
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package
The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/
