Sun Solaris ping(1M) utility contains a flaw that may allow a malicious local user to gain access to unauthorized privileges. The issue is triggered when an unspecified buffer overflow condition occurs and may lead to a loss of integrity.
Classification
Location:
Local Access Required
Attack Type:
Input Manipulation
Impact:
Loss of Integrity
Exploit:
Exploit Unknown
Disclosure:
OSVDB Verified
Solution
This issue is addressed in the following releases:
SPARC Platform
Solaris 7 with patch 118313-01 or later Solaris 8 with patch 116986-02 or later Solaris 9 with patch 116774-03 or later
x86 Platform
Solaris 7 with patch 118314-01 or later Solaris 8 with patch 116987-02 or later Solaris 9 with patch 116775-03 or later
It is also possible to correct the flaw by implementing the following workaround(s): 1. Remove the "set-user-ID" bit from the ping(1M) utility will prevent unprivileged users from using the ping(1M) command
2. Enable non-executable program stacks will prevent buffer overflow condition occurs.
This product uses the Daylife API but is not endorsed or certified by Daylife.
This section lists the latest news and blogs found via the daylife API (and for older items, the technorati API), which mention or otherwise discuss this vulnerability.
