[Full-disclosure] [iputils] Integer overflow in iputils ping/ping6 tools

[Frankie Cutlass]

Incorrect. Ping is setuid root but it drops privs before reaching this
code path. Even if you could exploit that for root (you cant) all you
would end up with is a shell as your uid and a raw socket..


>Fork bombs do not run privileged, but /bin/ping is setuid root.
>
>Cheers, Paul
>
>Paul Szabo   psz () maths usyd edu au   http://www.maths.usyd.edu.au/u/psz/
>School of Mathematics and Statistics   University of Sydney    Australia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20120314/1da2e60d/attachment.html