Bugtraq mailing list archives
Re: [RHSA-2000:087-02] Potential security problems in ping fixed.
From: Tim Robbins <fyre () BOX3N GUMBYNET ORG>
Date: Sat, 21 Oct 2000 11:44:01 +1100
On Sat, 21 Oct 2000, Vanja Hrustic wrote: *snip*
[root@prod bin]# ping -c 1 -s 65690 localhost WARNING: packet size 65690 is too large. Maximum is 65507 Segmentation fault (core dumped) [root@prod bin]#
The code responsible for this, from iputils-current (snapshot): if (datalen > 0xFFFF - 8 - optlen - 20) { if (uid) { fprintf(stderr, "Error: packet size %d is too large. Maximum is %d\n", datalen, 0xFFFF-8-20-optlen); exit(2); } fprintf(stderr, "WARNING: packet size %d is too large. Maximum is %d\n", datalen, 0xFFFF-8-20-optlen); } Excuse the bad formatting. I'm not sure why ping allows the superuser to specify packet sizes larger than allowed by IP, in my opinion this is a bug. As far as I can tell, a large value for `datalen' causes outpack[] to overflow. This is not a security problem, simply a programming error. I suggest removing the "if (uid)" check and exiting regardless of the uid. Tim
Current thread:
- [RHSA-2000:087-02] Potential security problems in ping fixed. bugzilla (Oct 18)
- Re: [RHSA-2000:087-02] Potential security problems in ping fixed. Joe Laffey (Oct 19)
- Re: [RHSA-2000:087-02] Potential security problems in ping fixed. van der Kooij, Hugo (Oct 20)
- Re: [RHSA-2000:087-02] Potential security problems in ping fixed. Vanja Hrustic (Oct 20)
- Re: [RHSA-2000:087-02] Potential security problems in ping fixed. Tim Robbins (Oct 24)
- Re: [RHSA-2000:087-02] Potential security problems in ping fixed. Pekka Savola (Oct 20)
- Re: [RHSA-2000:087-02] Potential security problems in ping fixed. van der Kooij, Hugo (Oct 20)
- Re: [RHSA-2000:087-02] Potential security problems in ping fixed. Joe Laffey (Oct 19)
- Re: [RHSA-2000:087-02] Potential security problems in ping fixed. antirez (Oct 19)
- <Possible follow-ups>
- Re: [RHSA-2000:087-02] Potential security problems in ping fixed. Joseph Gernandez (Oct 24)
- Re: [RHSA-2000:087-02] Potential security problems in ping fixed. Ryan W. Maple (Oct 24)