|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: [RHSA-2000:087-02] Potential security problems in ping fixed.
From: antirez (antirez
LINUXCARE.COM)Date: Thu Oct 19 2000 - 04:27:09 CDT
- Next message: Cris Bailiff: "Re: IIS %c1%1c remote command execution"
- Previous message: Luiz Lima: "Re: Microsoft Security Bulletin (MS00-078)"
- In reply to: bugzillaREDHAT.COM: "[RHSA-2000:087-02] Potential security problems in ping fixed."
- Next in thread: Joseph Gernandez: "Re: [RHSA-2000:087-02] Potential security problems in ping fixed."
- Reply: antirez: "Re: [RHSA-2000:087-02] Potential security problems in ping fixed."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Wed, Oct 18, 2000 at 12:03:00PM -0400, bugzillaREDHAT.COM wrote:
> 3. Problem description:
>
> Several problems in ping are fixed:
>
> 1) Root privileges are dropped after acquiring a raw socket.
> 2) An 8 byte overflow of a static buffer "outpack" is prevented.
> 3) An overflow of a static buffer "buf" is prevented.
>
> A non-exploitable root only segfault is fixed as well.
Do you also fixed the SIGALRM bombing bug?
It allows unprivileged users to sent
packets as fast as possible.
antirez
-- Salvatore Sanfilippo, Open Source Developer, Linuxcare Italia spa +39.049.80 43 411 tel, +39.049.80 43 412 fax antirez
- Next message: Cris Bailiff: "Re: IIS %c1%1c remote command execution"
- Previous message: Luiz Lima: "Re: Microsoft Security Bulletin (MS00-078)"
- In reply to: bugzillaREDHAT.COM: "[RHSA-2000:087-02] Potential security problems in ping fixed."
- Next in thread: Joseph Gernandez: "Re: [RHSA-2000:087-02] Potential security problems in ping fixed."
- Reply: antirez: "Re: [RHSA-2000:087-02] Potential security problems in ping fixed."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]