bug-inetutils
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Unchecked setuid in Ping


From: Jayakrishna Vadayath
Subject: Unchecked setuid in Ping
Date: Tue, 2 Jun 2020 22:15:05 -0700

Dear Maintainer,

As a part of an academic project, we have discovered situations 
inside the ping6 and ping binaries where the setuid function is 
invoked to drop privileges, however the program does not check 
if setuid has correctly dropped the privileges.

This can lead to a situation where the program might execute
code with the privileges of a higher privileged user rather than
as a lower privileged user.

The vulnerabilities lie in main @ ping/ping6.c : 255 and
main @ ping/ping.c : 296.

The documentation of setuid states
"Note:  there  are cases where setuid() can fail even when the 
caller is UID 0; it is a grave security error to omit checking for a 
failure return from setuid()."

Therefore, we feel that this is a vulnerability that must be patched.

We have attached a patch file that fixes these two occurrences.
Please fix these issues as soon as possible.

--
Regards
Jayakrishna Menon

Attachment: 0001-patching-unchecked-setuid-in-ping.c-and-ping6.c.patch
Description: Text Data


reply via email to

[Prev in Thread] Current Thread [Next in Thread]