COMMAND

    net-tools

SYSTEMS AFFECTED

    RH 6.0

PROBLEM

    Following  is  based  on  Red  Hat  Security  Advisory.    Several
    potential buffer  overruns have  been found  and corrected  within
    the net-tools package.   It is beleived  that RedHat advisory  was
    based  on  David  Wagner  report.   There  is  a  number of buffer
    overruns.  To see  an example of one,  try grepping for strcpy  in
    lib/inet.c; if you see something like

        strcpy(name, hp->h_name);

    you  might  have  the  vulnerable  version;  if  you  see  lots of
    safe_strncpy()'s,  you  probably  have  the  safe  version.  These
    buffer overruns  were found  with the  help of  an automated  code
    auditing  tool  which  was  developed  in  collaboration with Jeff
    Foster, Eric Brewer, and Alex Aiken (at Berkeley).

SOLUTION

    Intel: ftp://updates.redhat.com/6.0/i386

        net-tools-1.52-2.i386.rpm

    Alpha: ftp://updates.redhat.com/6.0/alpha

        net-tools-1.52-2.alpha.rpm

    Sparc: ftp://updates.redhat.com/6.0/sparc

        net-tools-1.52-2.sparc.rpm