COMMAND

    ping

SYSTEMS AFFECTED

    RedHat 6.2...7.0(J)

PROBLEM

    Foollowing  is  based  on  a  Advisory RHSA-2000:087-02 by RedHat.
    Several problems in ping are fixed:

        1) Root privileges are dropped after acquiring a raw socket.
        2) An 8 byte overflow of a static buffer "outpack" is prevented.
        3) An overflow of a static buffer "buf" is prevented.

    A non-exploitable root only segfault is fixed as well.

SOLUTION

    RPMs required:

        ftp://updates.redhat.com/6.2/alpha/iputils-20001010-1.6x.alpha.rpm
        ftp://updates.redhat.com/6.2/sparc/iputils-20001010-1.6x.sparc.rpm
        ftp://updates.redhat.com/6.2/i386/iputils-20001010-1.6x.i386.rpm
        ftp://updates.redhat.com/6.2/SRPMS/iputils-20001010-1.6x.src.rpm
        ftp://updates.redhat.com/7.0/i386/iputils-20001010-1.i386.rpm
        ftp://updates.redhat.com/7.0/SRPMS/iputils-20001010-1.src.rpm

    Update for  Immunix OS  6.2 (StackGuarded  versions of  the RedHat
    packages) can be found at:

        http://www.immunix.org:8080/ImmunixOS/6.2/updates/RPMS/iputils-20001010-1.6x_StackGuard.i386.rpm
        http://www.immunix.org:8080/ImmunixOS/6.2/updates/SRPMS/iputils-20001010-1.6x_StackGuard.src.rpm