OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: About: [BUGTRAQ] [RHSA-2000:087-02] Potential security problems in pingfixed.
From: Jason Bradley Nance (jbnanceTRESGEEK.NET)
Date: Sat Oct 21 2000 - 08:55:11 CDT

> I think you must have been using RedHat version 6.1 or below.
> Take note that the problem is for people who is using Redhat 6.2
> and RedHat 7.0.

I think the problem effects 6.1 as well. Check this out:

[rootcartman bin]# rpm -qf /bin/ping
netkit-base-0.10-37
[rootcartman bin]# cat /etc/redhat-release
Red Hat Linux release 6.1 (Cartman)
[rootcartman bin]#

[rootzoot bin]# rpm -qf /bin/ping
iputils-20001010-1.6x
[rootzoot bin]# cat /etc/redhat-release
Red Hat Linux release 6.2 (Zoot)
[rootzoot bin]#

Ping is not the part of the same package in these 2 releases.
You might be able to --force it, but who knows what that might break.

Now check this out.
RH 6.1:

[rootcartman bin]# ping -c 1 -s 65690 localhost
WARNING: packet size 65690 is too large. Maximum is 65507
Segmentation fault (core dumped)
[rootcartman bin]#