Vulnerability Development mailing list archives
dip3.7.7p overflow still not patched on SuSE 7.0 ?
From: sebi hegi <hegenbart () aon at>
Date: Sat, 7 Jul 2001 01:11:03 +0200
Hi! After doing a suid check on my SuSE linux 7.0 x86 i found something interesting: hegi@faust:~ > ls -la /usr/sbin/dip -rwsr-xr-- 1 root dialout 62056 Jul 29 2000 /usr/sbin/dip DIP: Dialup IP Protocol Driver version 3.3.7p-uri (25 Dec 96) Written by Fred N. van Kempen, MicroWalt Corporation. I considered this as a sort of old version and did some searching and found something on insecure.org. Description: Standard overflow (in the -l option processing). Author: Goran Gajic <ggajic () AFRODITA RCUB BG AC YU> Compromise: root (local) Vulnerable Systems: Slackware Linux 3.4, presumably any other system using dip-3.3.7o or earlier suid root. Date: 5 May 1998 Referring to a bugtraq post from may 5. 1998 I did this: hegi@faust:~ > /usr/sbin/dip -k -l `perl -e 'print "a" x 20000'` DIP: Dialup IP Protocol Driver version 3.3.7p-uri (25 Dec 96) Written by Fred N. van Kempen, MicroWalt Corporation. DIP: cannot open /var/lock/LCK..aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa: Datei oder Verzeichnis nicht gefunden Speicherzugriffsfehler Looks like this version is still vulnerable. Although it´s not world executable it´s a security risk. And I´m wondering why SuSE just didn´t bother with providing a patched version in on of their new distributions. SuSE 7.0 wasn´t released in 1998. Have a nice day. Sebastian Hegenbart
Current thread:
- dip3.7.7p overflow still not patched on SuSE 7.0 ? sebi hegi (Jul 07)
- Re: dip3.7.7p overflow still not patched on SuSE 7.0 ? sebi hegi (Jul 08)