[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
 
 discussions
- read forum
- new topic
- search
 

 meetings
- meetings list
- recent additions
- add your info
 
 top 100 sites
- visit top sites
- sign up now
- members
 
 webmasters

- add your url
- add domain
- search box
- link to us

 
 projects
- our projects
- free email
 
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : Vulnerability in the dip program

Title: Vulnerability in the dip program
Released by: CERT
Date: 9th July 1996
Printable version: Click here
-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1







=============================================================================

CERT(*) Advisory CA-96.13

Original issue date: July 9, 1996

Last Revised: September 24, 1997

              Updated copyright statement



              A complete revision history is at the end of this file.





Topic: Vulnerability in the dip program

- -----------------------------------------------------------------------------



The CERT Coordination Center has received several reports of exploitations of

a vulnerability in the dip program on Linux systems. The dip program is

shipped with most versions of the Linux system; and versions up to and

including version 3.3.7n are vulnerable. An exploitation script for Linux

running on X86-based hardware is publicly available. Although exploitation

scripts for other architectures and operating systems have not yet been found,

we believe that they could be easily developed.



The CERT Coordination Center recommends that you disable dip and re-enable it

only after you have installed a new version. Section III below describes how

to do that.



We will update this advisory as we receive additional information.

Please check advisory files regularly for updates that relate to your site.



- -----------------------------------------------------------------------------



I.   Description



     dip is a freely available program that is included in most distributions

     of Linux. It is possible to build it for and use it on other UNIX systems.



     The dip program manages the connections needed for dial-up links such

     as SLIP and PPP. It can handle both incoming and outgoing connections.

     To gain access to resources it needs to establish these IP connections,

     the dip program must be installed as set-user-id root.



     A vulnerability in dip makes it possible to overflow an internal buffer

     whose value is under the control of the user of the dip program. If this

     buffer is overflowed with the appropriate data, a program such as a

     shell can be started. This program then runs with root permissions on the

     local machine.



     Exploitation scripts for dip have been found running on Linux systems for

     X86 hardware. Although exploitation scripts for other architectures

     and operating systems have not yet been found, we believe that they could

     be easily developed.



II.  Impact



     On a system that has dip installed as set-user-id root, anyone with

     access to an account on that system can gain root access.



III. Solution



     Follow the steps in Section A to disable your currently installed version

     of dip. Then, if you need the functionality that dip provides, follow the

     steps given in Section B.



     A.  Disable the presently installed version of dip.

         As root,

                chmod 0755 /usr/sbin/dip



         By default, dip is installed in the /usr/sbin directory. Note that it

         may be installed elsewhere on your system.





     B.  Install a new version of dip.

         If you need the functionality that dip provides, retrieve and install

         the following version of the source code for dip, which fixes this

         vulnerability. dip is available from



http://sunsite.unc.edu/pub/Linux/system/Network/serial/dip/dip337o-uri.tgz

http://sunsite.unc.edu/pub/Linux/system/Network/serial/dip/dip337o-uri.tgz.sig



         MD5   (dip337o-uri.tgz) = 45fc2a9abbcb3892648933cadf7ba090

         SHash (dip337o-uri.tgz) = 6e3848b9b5f9d5b308bbac104eaf858be4dc51dc





- ---------------------------------------------------------------------------

The CERT Coordination Center staff thanks Uri Blumenthal for his solution to

the problem and Linux for their support in the development of this advisory.

- ---------------------------------------------------------------------------



If you believe that your system has been compromised, contact the CERT

Coordination Center or your representative in the Forum of Incident

Response and Security Teams (FIRST).



We strongly urge you to encrypt any sensitive information you send by email.

The CERT Coordination Center can support a shared DES key and PGP. Contact

the CERT staff for more information.



Location of CERT PGP key

         http://info.cert.org/pub/CERT_PGP.key



CERT Contact Information

- ------------------------

Email    cert@cert.org



Phone    +1 412-268-7090 (24-hour hotline)

                CERT personnel answer 8:30-5:00 p.m. EST

                (GMT-5)/EDT(GMT-4), and are on call for

                emergencies during other hours.



Fax      +1 412-268-6989



Postal address

        CERT Coordination Center

        Software Engineering Institute

        Carnegie Mellon University

        Pittsburgh PA 15213-3890

        USA



CERT publications, information about FIRST representatives, and other

security-related information are available for anonymous FTP from

        http://www.cert.org/

        http://info.cert.org/pub/



CERT advisories and bulletins are also posted on the USENET newsgroup

        comp.security.announce



To be added to our mailing list for CERT advisories and bulletins, send your

email address to

        cert-advisory-request@cert.org





- ------------------------------------------------------------------------------



Copyright 1996 Carnegie Mellon University. Conditions for use, disclaimers,

and sponsorship information can be found in

http://www.cert.org/legal_stuff.html and http://ftp.cert.org/pub/legal_stuff .

If you do not have FTP or web access, send mail to cert@cert.org with

"copyright" in the subject line.



CERT is registered in the U.S. Patent and Trademark Office.







This file: http://info.cert.org/pub/cert_advisories/CA-96.13.dip_vul

           http://www.cert.org

               click on "CERT Advisories"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Revision history



Sep. 24, 1997  Updated copyright statement

Aug. 30, 1996  Removed references to CA-96.13.README.









-----BEGIN PGP SIGNATURE-----

Version: PGP for Personal Privacy 5.0

Charset: noconv



iQA/AwUBOBTBaFr9kb5qlZHQEQKgewCg3b//4uPyw7rGtZC4lY6a+zqxMXYAn1ix

zbIrhoerW9hGquB/FoNWNgh/

=p4H7

-----END PGP SIGNATURE-----








(C) 1999-2000 All rights reserved.