Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 332527 (CVE-2010-2529) - <net-misc/iputils-20100418: Denial of Service Vulnerability in ping (CVE-2010-2529)
Summary: <net-misc/iputils-20100418: Denial of Service Vulnerability in ping (CVE-2010...
Status: RESOLVED FIXED
Alias: CVE-2010-2529
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2010-08-12 19:23 UTC by Tim Sammut (RETIRED)
Modified: 2014-12-12 00:34 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Tim Sammut (RETIRED) gentoo-dev 2010-08-12 19:23:37 UTC
http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045280.html

The weakness is caused due to an error within the "ping" utility when processing certain echo reply packets. This can be exploited to e.g. cause a high CPU usage by tricking a user into pinging a malicious server.

Red Hat bug: https://bugzilla.redhat.com/show_bug.cgi?id=613819
Comment 1 SpanKY gentoo-dev 2010-08-14 05:41:52 UTC
added the patch with iputils-20100418
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2010-08-28 20:59:50 UTC
Arches, please test and mark stable:
=net-misc/iputils-20100418
Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"
Comment 3 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2010-08-28 23:30:51 UTC
x86 stable
Comment 4 Markos Chandras (RETIRED) gentoo-dev 2010-08-29 07:56:55 UTC
amd64 done
Comment 5 Jeroen Roovers (RETIRED) gentoo-dev 2010-08-30 11:57:23 UTC
Stable for HPPA PPC.
Comment 6 Stefan Behte (RETIRED) gentoo-dev Security 2010-09-03 21:49:32 UTC
CVE-2010-2529 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2529):
  Unspecified vulnerability in ping.c in iputils 20020927, 20070202,
  20071127, and 20100214 on Mandriva Linux allows remote attackers to
  cause a denial of service (hang) via a crafted echo response.

Comment 7 Raúl Porcel (RETIRED) gentoo-dev 2010-09-04 18:17:00 UTC
alpha/arm/ia64/m68k/s390/sh/sparc stable
Comment 8 Brent Baude (RETIRED) gentoo-dev 2010-09-06 20:11:32 UTC
ppc64 done
Comment 9 Tim Sammut (RETIRED) gentoo-dev 2010-10-01 04:16:45 UTC
GLSA request filed.
Comment 10 David Heidelberg (okias) 2014-03-08 22:24:06 UTC
close, not in portage anymore.
Comment 11 Sean Amoss (RETIRED) gentoo-dev Security 2014-12-12 00:34:49 UTC
This issue was resolved and addressed in
 GLSA 201412-08 at http://security.gentoo.org/glsa/glsa-201412-08.xml
by GLSA coordinator Sean Amoss (ackle).