Bug#2264: Security hole in dip
Package: netstd
Version: *
Please forget this bug report if it's already known, but there's a huge
security hole in the dip program. From linux-alert:
PROGRAM: dip 3.3.7n, and probably other variants
AFFECTED SYSTEMS: Linux - Slackware 3.0 and RedHat 2.1 verified,
others unknown.
IMPACT: Local users can get superuser privleges.
SYNOPSIS: Some Linux distributions come with dip setuid
root by default. There are multiple points in
dip where an unbounded buffer is used with user
supplied data making possible a stack overflow.
Functions in which this appears to be possible
include do_chatkey() and mdm_dial().
WORKAROUND: It is suggested that at least until the source
has been further scrutinized that dip not be
setuid unless necessary.
chmod 0755 dip
If you must have dip setuid, place it in a group
where it can only be executed by trusted users.
I know that the debian distribution does allow access to dip only from a dip
group, but I don't think all users in this group should be able to get root
access.
Michael
--
Michael Meskes
Lehrstuhl fuer angewandte Mathematik insb. Informatik
RWTH-Aachen, D-52056 Aachen, Germany
email: meskes@informatik.rwth-aachen.de
Reply to: