Dear Maintainer,
As a part of an academic project, we have discovered situations
inside the ping6 and ping binaries where the setuid function is
invoked to drop privileges, however the program does not check
if setuid has correctly dropped the privileges.
This can lead to a situation where the program might execute
code with the privileges of a higher privileged user rather than
as a lower privileged user.
The vulnerabilities lie in main @ ping/ping6.c : 255 and
main @ ping/ping.c : 296.
The documentation of setuid states
"Note: there are cases where setuid() can fail even when the
caller is UID 0; it is a grave security error to omit checking for a
failure return from setuid()."
Therefore, we feel that this is a vulnerability that must be patched.
We have attached a patch file that fixes these two occurrences.
Please fix these issues as soon as possible.
--