Title: RedHat Linux ping Buffer Overflow Vulnerability
Severity: MODERATE
Description:
ping is a network diagnostic tool shipped with almost every operating system. On unix/linux systems it is usually installed setuid root because it needs to open a raw socket (to send and recieve ICMP messages). The version of ping that ships with RedHat Linux (and quite possibly, though uncomfirmed, others) is vulnerable to a buffer overflow attack. The exact techincal details are not known at this time. It is reported that the overflow involves a static variable, 'buf', though it has not verified whether this this exploitable or not. It is likely that this is non-exploitable.
Affected Products:
- RedHat Linux 6.2.0
- RedHat Linux 6.2.0 alpha
- RedHat Linux 6.2.0 i386
- RedHat Linux 6.2.0 sparc
- RedHat Linux 7.0.0
- RedHat iputils-20000121-2.i386.rpm
- RedHat iputils-20000418-6.i386.rpm
- WireX Immunix OS 6.2.0
References:
- RedHat: Updates, Fixes, and Errata Page
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
