|
 |
CERT® Advisory CA-1996-13 Vulnerability in the dip programOriginal issue date: July 9, 1996Last revised: September 24, 1997 Updated copyright statement A complete revision history is at the end of this file. The CERT Coordination Center has received several reports of exploitations of a vulnerability in the dip program on Linux systems. The dip program is shipped with most versions of the Linux system; and versions up to and including version 3.3.7n are vulnerable. An exploitation script for Linux running on X86-based hardware is publicly available. Although exploitation scripts for other architectures and operating systems have not yet been found, we believe that they could be easily developed. The CERT Coordination Center recommends that you disable dip and re-enable it only after you have installed a new version. Section III below describes how to do that. We will update this advisory as we receive additional information. Please check advisory files regularly for updates that relate to your site. I. Descriptiondip is a freely available program that is included in most distributions of Linux. It is possible to build it for and use it on other UNIX systems.The dip program manages the connections needed for dial-up links such as SLIP and PPP. It can handle both incoming and outgoing connections. To gain access to resources it needs to establish these IP connections, the dip program must be installed as set-user-id root. A vulnerability in dip makes it possible to overflow an internal buffer whose value is under the control of the user of the dip program. If this buffer is overflowed with the appropriate data, a program such as a shell can be started. This program then runs with root permissions on the local machine. Exploitation scripts for dip have been found running on Linux systems for X86 hardware. Although exploitation scripts for other architectures and operating systems have not yet been found, we believe that they could be easily developed. II. ImpactOn a system that has dip installed as set-user-id root, anyone with access to an account on that system can gain root access.III. SolutionFollow the steps in Section A to disable your currently installed version of dip. Then, if you need the functionality that dip provides, follow the steps given in Section B.A. Disable the presently installed version of dip.As root,
B. Install a new version of dip.If you need the functionality that dip provides, retrieve and install the following version of the source code for dip, which fixes this vulnerability. dip is available fromftp://sunsite.unc.edu/pub/Linux/system/Network/serial/dip/dip337o-uri.tgz
The CERT Coordination Center staff thanks Uri Blumenthal for his solution to the problem and Linux for their support in the development of this advisory. This document is available from: http://www.cert.org/advisories/CA-1996-13.html CERT/CC Contact Information
Phone: +1 412-268-7090 (24-hour hotline) Fax: +1 412-268-6989 Postal address: CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) / EDT(GMT-4) Monday through Friday; they are on call for emergencies during other hours, on U.S. holidays, and on weekends. Using encryptionWe strongly urge you to encrypt sensitive information sent by email. Our public PGP key is available from If you prefer to use DES, please call the CERT hotline for more information. Getting security informationCERT publications and other security information are available from our web site
* "CERT" and "CERT Coordination Center" are registered in the U.S. Patent and Trademark Office.
NO WARRANTY Conditions for use, disclaimers, and sponsorship information
Copyright 1996 Carnegie Mellon University. Revision History Sep. 24, 1997 Updated copyright statement Aug. 30, 1996 Removed references to CA-96.13.README. |
