Info

Disclosure

Feb 23, 1999

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A local overflow exists in OpenBSD. The ping command fails to handle oversized ICMP packets resulting in a buffer overflow. With a specially crafted request, an attacker could cause unauthorized access resulting in a loss of confidentiality and/or integrity. No further details have been provided.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, OpenBSD has released a patch to address this vulnerability.

Products

OpenBSD

2.4

References

ISS X-Force ID: 1828
CVE ID: 1999-0484 (see also: NVD)
Vendor Specific Solution URL: ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.4/common/ping.patch
Vendor Specific Advisory URL: http://www.openbsd.com/errata24.html#ping

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/6130