Note: This is an archival copy of Security Sun Alert 228423 as previously published on
Latest version of this security advisory is available from as Sun Alert 1017359.1.
Article ID : 1017359.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2004-11-02
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerability in ping(1M)


Release Phase

Solaris 9 Operating System
Solaris 7 Operating System
Solaris 8 Operating System

Bug Id

Date of Resolved Release


There is a potential buffer overflow in ping(1M) which could result in a local unprivileged user gaining elevated privileges.

Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Solaris 7 without patch 118313-01
  • Solaris 8 without patch 116986-02
  • Solaris 9 without patch 116774-03

x86 Platform

  • Solaris 7 without patch 118314-01
  • Solaris 8 without patch 116987-02
  • Solaris 9 without patch 116775-03


There are no predictable symptoms that would show the described issue has been exploited.


To reduce the chances of the described issue from occurring, apply one of the following workarounds:

1. Remove the "set-user-ID" bit from the ping(1M) binary by issuing the following command:

    # chmod u-s /usr/sbin/ping

Note: Removing the "set-user-ID" bit from the ping(1M) utility will prevent unprivileged users from using the ping(1M) command.

2. Enable non-executable program stacks by adding the following lines to the "/etc/system" file and reboot the system:

    set noexec_user_stack = 1
set noexec_user_stack_log = 1

The above tunable parameters are described in the Solaris Tunable Parameters Reference Manual at:

Note: Although enabling non-executable user stacks makes the likelihood of a successful exploit much smaller, it does not provide 100 percent against exploitation of this vulnerability.

This workaround is only effective on sun4u, sun4m, and sun4d architectures (enter "uname -m" to display a systems architecture). This workaround will not work on x86 platforms.


This issue is addressed in the following releases:

SPARC Platform

  • Solaris 7 with patch 118313-01 or later
  • Solaris 8 with patch 116986-02 or later
  • Solaris 9 with patch 116774-03 or later

x86 Platform

  • Solaris 7 with patch 118314-01 or later
  • Solaris 8 with patch 116987-02 or later
  • Solaris 9 with patch 116775-03 or later

Modification History



This solution has no attachment