[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Overflows in minicom

To: BUGTRAQ@NETSPACE.ORG
Subject: Re: Overflows in minicom
From: Tiago F P Rodrigues <11108496@LIS.ULUSIADA.PT>
Date: Mon, 11 May 1998 12:32:02 +0200
Approved-By: aleph1@NATIONWIDE.NET
In-Reply-To: <19980510174903.08997@fan.nb.ca>
Reply-To: Tiago F P Rodrigues <11108496@LIS.ULUSIADA.PT>
Sender: Bugtraq List <BUGTRAQ@NETSPACE.ORG>

On Sun, 10 May 1998, William Burrow wrote:

> On Sat, May 09, 1998 at 09:48:55PM +0200, Tiago F P Rodrigues wrote:
> >  It seems minicom(distributed with slak3.4) have some overflow
> > vulnerabilities, namely in the '-p' switch and when you pick a config
> > file on the arguments. (a strcpy and a sprintf)
> ...
> >  If this is new, I may post an exploit if prompted to.
>
> What kind of exploit will you be able to get?  Minicom is setgid uucp on
> my system, the worst you can do is upset UUCP operations, which don't happen
> here anyway, or possibly change the permissions on the dev file.  System
> is Slack 3.2.
>

 True enough, minicom is only sgid uucp in latest RedHat & Slakware
releases, though keep in mind if you rebuild minicom from source it will
install it setuid root by default.

Prev by Date: Re: Bay Networks Security Hole
Next by Date: Microsoft FrontPage Bulletin - May Edition
Prev by thread: Re: Overflows in minicom
Next by thread: MICO: security problem: Privileges of micod for everybody!
Index(es):
- Date
- Thread