Bug 19470

Summary: ping buffer problems: netkit-base shares iputils code base
Product: [Retired] Red Hat Linux Reporter: Pekka Savola <pekkas>
Component: netkit-baseAssignee: Jeff Johnson <jbj>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: high    
Version: 6.0CC: chris, dr
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2000-10-21 15:30:56 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Pekka Savola 2000-10-20 17:07:12 UTC
A. Kuznetsov's iputils is based on netkit-base.  A quick glance at netkit-base source
would seem to indicate that static buffer problems (and naturally root dropping) are
still there in netkit-base.

Perhaps there should be an errata release which would tell people to move to inetd + iputils?

IF this is done, this would be a good place to fix the close-wait DoS issue if daytime server
is being used (#16729) -- a patch is available.

Comment 1 Chris Evans 2000-10-21 15:30:54 UTC
Hmm - I believe RedHat6.0 shipped with a patch closing the static buffer
overflow issue.
It is called "ping-overflow.patch".

In summary: I think RH6.0 ping is safe as shipped.