====[ Description ]==== An integer overflow was found in iputils/ping_common.c main_loop() function which could lead to excessive CPU usage when triggered (could lead to DoS). This means that both ping and ping6 are vulnerable. ====[ Proof-Of-Concept ]==== Specify "big" interval (-i option) for ping/ping6 tool: {{{ $ ping -i 3600 google.com PING google.com (173.194.66.102) 56(84) bytes of data. 64 bytes from we-in-f102.1e100.net (173.194.66.102): icmp_req=1 ttl=50 time=11.4 ms [...] }}} And check your CPU usage (top, htop, etc.) ====[ Explanation ]==== Here, ping will loop in main_loop() loop in this section of code : {{{ /* from iputils-s20101006 source */ /* ping_common.c */ 546 void main_loop(int icmp_sock, __u8 *packet, int packlen) 547 { [...] 559 for (;;) { [...] 572 do { 573 next = pinger(); 574 next = schedule_exit(next); 575 } while (next <= 0); [...] 588 if ((options & (F_ADAPTIVE|F_FLOOD_POLL)) || next Hervé Schauer Consultants - _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/