Bug 18611
Summary: | Unfortunate regression in "ping" security | ||
---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | Chris Evans <chris> |
Component: | iputils | Assignee: | Crutcher Dunnavant <crutcher> |
Status: | CLOSED ERRATA | QA Contact: | Aaron Brown <abrown> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 7.0 | CC: | dr, notting, pbrown |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2000-10-10 19:12:38 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Chris Evans
2000-10-07 17:16:14 UTC
Update! Update! Read all about it.. Turns out many of these issues are already fixed in the recently released: iputils-ss000928.tar.gz (RH7.0 is based off iputils-ss000418.tar.gz which to be fair was the most recent at freeze time!) The most recent iputils still has a couple of minor overflows, though (although they will of course yield a raw socket to an attacker rather than full blown access!) Patches to most recent iputils to appear.. An update.. a new upstream iputils package with all known ping security bugs will probably be out soon. I'll update this bug with its location when it's out. New version of iputils with all known ping security bugs fixed: ftp://ftp.inr.ac.ru/ip-routing/iputils-ss001010.tar.gz Your call as to whether to do an update or not guys. I don't think any of the bugs can lead to root compromise. However this is only due to luck. It all depends on how the compiler lays out the static variables in the BSS. There are a few statics that, if overwritten, could easily lead to a compromise. In the current x86 binary, I believe things are safe.. but.. :-) I'd be tempted to do an update. Better safe than sorry? Fixed in iputils-20001010-1. Making this readable by everyone, as it is referenced in our errata advisory. |