Vulnerability Name:

CVE-2000-1213 (CCN-11090)

Assigned:2000-10-18
Published:2000-10-18
Updated:2016-10-18
Summary:ping in iputils before 20001010, as distributed on Red Hat Linux 6.2 through 7J and other operating systems, does not drop privileges after acquiring a raw socket, which increases ping's exposure to bugs that otherwise would occur at lower privileges.
CVSS v3 Severity:5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Privileges
References:Source: BUGTRAQ
Type: UNKNOWN
20001030 Trustix Security Advisory - ping gnupg ypbind

Source: MITRE
Type: CNA
CVE-2000-1213

Source: BUGTRAQ
Type: UNKNOWN
20001025 Immunix OS Security Update for ping package

Source: CCN
Type: BugTraq Mailing List, 2000-10-25 8:29:17
Immunix OS Security Update for ping package

Source: CCN
Type: BugTraq Mailing List, 2000-10-30 14:43:28
Trustix Security Advisory - ping gnupg ypbind

Source: CCN
Type: RHSA-2000-087
Potential security problems in ping fixed.

Source: CCN
Type: OSVDB ID: 13789
iputils ping Raw Socket Acquisition Privilege Drop Failure

Source: REDHAT
Type: Vendor Advisory
RHSA-2000:087

Source: XF
Type: UNKNOWN
iputils-ping-privileges(11090)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:immunix:immunix:6.2:*:*:*:*:*:*:*
  • OR cpe:/a:iputils:iputils:*:*:*:*:*:*:*:* (Version <= 2000-10-10)

    • Configuration 2:
  • cpe:/o:redhat:linux:6.2:*:alpha:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.2:*:i386:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.2:*:sparc:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:redhat:linux:6.2:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:1.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:1.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    immunix immunix 6.2
    iputils iputils *
    redhat linux 6.2
    redhat linux 6.2
    redhat linux 6.2
    redhat linux 7.0
    redhat linux 6.2
    trustix secure linux 1.1
    redhat linux 7
    trustix secure linux 1.0