Bug 613819 - (CVE-2010-2529) CVE-2010-2529 iputils: denial of service vulnerability in ping
CVE-2010-2529 iputils: denial of service vulnerability in ping
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On: 617612 617613
  Show dependency treegraph
Reported: 2010-07-12 17:22 EDT by Vincent Danen
Modified: 2015-08-19 04:50 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2015-03-02 14:21:15 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
proposed patch to fix the issue (520 bytes, patch)
2010-07-12 17:26 EDT, Vincent Danen
no flags Details | Diff

  None (edit)
Description Vincent Danen 2010-07-12 17:22:14 EDT
Ovidiu Mara discovered a flaw in ping (part of iputils).  If a user were to ping a malicious system able to send back a crafted echo reply packet, ping would hang and consume 100% CPU, which could have adverse effect on the usability of the local system.
Comment 2 Vincent Danen 2010-07-12 17:26:05 EDT
Created attachment 431280 [details]
proposed patch to fix the issue

Proposed patch to fix the issue provided by Mandriva.
Comment 10 Vincent Danen 2010-07-15 17:58:14 EDT
This issue has been assigned the name CVE-2010-2529.
Comment 12 Vincent Danen 2010-07-23 10:35:35 EDT
This issue is now public:

Comment 14 Vincent Danen 2010-07-23 10:42:42 EDT
Created iputils tracking bugs for this issue

Affects: fedora-all [bug 617613]
Comment 15 Vincent Danen 2010-07-23 11:35:41 EDT

Comment 16 Fedora Update System 2010-08-10 17:31:49 EDT
iputils-20071127-12.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.