An integer overflow was found in iputils/ping_common.c main_loop() function which could lead to excessive CPU usage when triggered (could lead to DoS). This means that both ping and ping6 are vulnerable. Affected versions: Tested on Fedora/Debian/Gentoo Linux system (2.6.x x86_32 and x86_64) on iputils version 20101006. ping6 seems also to be affected since it's relying on same ping_common.c functions. Since iputils is not maintained any longer (http://www.spinics.net/lists/netdev/msg191346.html), patch must be applied from source. Proposed Patch: Quick'n dirty patch (full patch in appendix) is to cast test result as long long: {{{ 593 if (((long long)1000*next) <= (long long)1000000/(int)HZ) { }}} per: * Christophe Alladoum (HSC) * Romain Coltel (HSC)
upstream fixed this in 70e20add49fad5e99b8727cd69addf2d91fa64f6 it's included in iputils-20121221 which is now in the tree
(In reply to comment #1) > upstream fixed this in 70e20add49fad5e99b8727cd69addf2d91fa64f6 > > it's included in iputils-20121221 which is now in the tree Thank you. Arches, please test and mark stable.
Arch teams, please test and mark stable: =net-misc/iputils-20121221 Stable KEYWORDS : alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86
amd64 stable
arm stable
Stable for HPPA.
ia64 stable
x86 stable
ppc64 stable
ppc stable
sparc stable
sh stable
s390 stable
alpha stable
Added to existing draft.
m68k -> ~ only, removing from CC. @maintainers: cleanup please.
Maintainer(s), please drop the vulnerable version so we can proceed with closing this bug cleanup has been around since 2013-09-22
Maintainer timeout, cleanup done.
No GLSA draft or request exists for this as previously mentioned. Unable to locate a previously released GLSA regarding this vulnerability.
GLSA Request: d4c1202de
Vulnerable versions purged from tree almost 2 years ago. No CVE was released due to upstream not maintaining this package anymore.
