[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
- read forum
- new topic
- search

- meetings list
- recent additions
- add your info
 top 100 sites
- visit top sites
- sign up now
- members

- add your url
- add domain
- search box
- link to us

- our projects
- free email
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : Vulnerability in the dip program

Title: Vulnerability in the dip program
Released by: CERT
Date: 9th July 1996
Printable version: Click here

Hash: SHA1


CERT(*) Advisory CA-96.13

Original issue date: July 9, 1996

Last Revised: September 24, 1997

              Updated copyright statement

              A complete revision history is at the end of this file.

Topic: Vulnerability in the dip program

- -----------------------------------------------------------------------------

The CERT Coordination Center has received several reports of exploitations of

a vulnerability in the dip program on Linux systems. The dip program is

shipped with most versions of the Linux system; and versions up to and

including version 3.3.7n are vulnerable. An exploitation script for Linux

running on X86-based hardware is publicly available. Although exploitation

scripts for other architectures and operating systems have not yet been found,

we believe that they could be easily developed.

The CERT Coordination Center recommends that you disable dip and re-enable it

only after you have installed a new version. Section III below describes how

to do that.

We will update this advisory as we receive additional information.

Please check advisory files regularly for updates that relate to your site.

- -----------------------------------------------------------------------------

I.   Description

     dip is a freely available program that is included in most distributions

     of Linux. It is possible to build it for and use it on other UNIX systems.

     The dip program manages the connections needed for dial-up links such

     as SLIP and PPP. It can handle both incoming and outgoing connections.

     To gain access to resources it needs to establish these IP connections,

     the dip program must be installed as set-user-id root.

     A vulnerability in dip makes it possible to overflow an internal buffer

     whose value is under the control of the user of the dip program. If this

     buffer is overflowed with the appropriate data, a program such as a

     shell can be started. This program then runs with root permissions on the

     local machine.

     Exploitation scripts for dip have been found running on Linux systems for

     X86 hardware. Although exploitation scripts for other architectures

     and operating systems have not yet been found, we believe that they could

     be easily developed.

II.  Impact

     On a system that has dip installed as set-user-id root, anyone with

     access to an account on that system can gain root access.

III. Solution

     Follow the steps in Section A to disable your currently installed version

     of dip. Then, if you need the functionality that dip provides, follow the

     steps given in Section B.

     A.  Disable the presently installed version of dip.

         As root,

                chmod 0755 /usr/sbin/dip

         By default, dip is installed in the /usr/sbin directory. Note that it

         may be installed elsewhere on your system.

     B.  Install a new version of dip.

         If you need the functionality that dip provides, retrieve and install

         the following version of the source code for dip, which fixes this

         vulnerability. dip is available from



         MD5   (dip337o-uri.tgz) = 45fc2a9abbcb3892648933cadf7ba090

         SHash (dip337o-uri.tgz) = 6e3848b9b5f9d5b308bbac104eaf858be4dc51dc

- ---------------------------------------------------------------------------

The CERT Coordination Center staff thanks Uri Blumenthal for his solution to

the problem and Linux for their support in the development of this advisory.

- ---------------------------------------------------------------------------

If you believe that your system has been compromised, contact the CERT

Coordination Center or your representative in the Forum of Incident

Response and Security Teams (FIRST).

We strongly urge you to encrypt any sensitive information you send by email.

The CERT Coordination Center can support a shared DES key and PGP. Contact

the CERT staff for more information.

Location of CERT PGP key


CERT Contact Information

- ------------------------

Email    cert@cert.org

Phone    +1 412-268-7090 (24-hour hotline)

                CERT personnel answer 8:30-5:00 p.m. EST

                (GMT-5)/EDT(GMT-4), and are on call for

                emergencies during other hours.

Fax      +1 412-268-6989

Postal address

        CERT Coordination Center

        Software Engineering Institute

        Carnegie Mellon University

        Pittsburgh PA 15213-3890


CERT publications, information about FIRST representatives, and other

security-related information are available for anonymous FTP from



CERT advisories and bulletins are also posted on the USENET newsgroup


To be added to our mailing list for CERT advisories and bulletins, send your

email address to


- ------------------------------------------------------------------------------

Copyright 1996 Carnegie Mellon University. Conditions for use, disclaimers,

and sponsorship information can be found in

http://www.cert.org/legal_stuff.html and http://ftp.cert.org/pub/legal_stuff .

If you do not have FTP or web access, send mail to cert@cert.org with

"copyright" in the subject line.

CERT is registered in the U.S. Patent and Trademark Office.

This file: http://info.cert.org/pub/cert_advisories/CA-96.13.dip_vul


               click on "CERT Advisories"


Revision history

Sep. 24, 1997  Updated copyright statement

Aug. 30, 1996  Removed references to CA-96.13.README.


Version: PGP for Personal Privacy 5.0

Charset: noconv





(C) 1999-2000 All rights reserved.