Vulnerability Detail

dip allows any user to read any file

Date Discovered:
1 Jan 1997

Date Published:
8 Mar 2000

Last Updated:
18 Oct 2004

Threat Assessment

Overall Risk: Medium

Popularity : Low

Impact: Medium

Simplicity: Critical

Characteristics

Vulnerability ID: 334
Discovered By:

Exploitable Locally: Yes
Exploitable Remotely: No

Impact: Any user can read any file on the system.

Root Cause: Software Vulnerability

Description

Recommendations

Affected Technologies

References

Description

Dip, which is SUID root, allows any user to read any file on the system. The dip program controls connections needed for dial-up SLIP and PPP.

Recommendations

Remove the SUID bit from dip with 'chmod -s'. Change the group to modem. Remove user access to the program by modifying the permissions. Change all /dev/ttyS* and /dev/cua* files to the modem group.

Affected Technologies

Slackware Linux, Inc: Slackware Linux 2
Slackware Linux, Inc: Slackware Linux 2.0
Slackware Linux, Inc: Slackware Linux 2.1
Slackware Linux, Inc: Slackware Linux 2.2
Slackware Linux, Inc: Slackware Linux 2.3

References

Mitre CVE: CVE-2002-2270

CA Global Security Advisor

Current threat condition: Low

Documents and Tools

Find Threats

Viruses Spyware
Vulnerabilities All

Page Tools