Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 15 Aug 2001 03:40:10 +0200
From:      =?iso-8859-1?Q?Geir_R=E5ness?= <geir@dropzone.as>
To:        <freebsd-security@freebsd.org>
Subject:   Re: Is minicom exploitable under FreeBSD?
Message-ID:  <002401c1252b$38cb8d10$3704fea9@PULZ>
References:  <20010814124717.B1870@sheol.localdomain>
next in thread | previous in thread | raw e-mail | index | archive | help 

About a month ago it was noticed an bug in the minicom drivers, that can lead to root....

I aint sure if this ust linux or if it is FreeBSD to, but from what i know about it, it affects all the systems using minicom.


----- Original Message ----- 
From: "D J Hawkey Jr" <hawkeyd@visi.com>
To: <freebsd-security@freebsd.org>
Sent: Tuesday, August 14, 2001 7:47 PM
Subject: Is minicom exploitable under FreeBSD?


> I'm not certain this is "technical enough" for this group, but it seems
> appropriate, none the less?
> 
> Per the following synopsis, is minicom, as found in the packages collection,
> vulnerable?
> 
> ---8<---
>    
> *** {01.19.020} Cross - Format string vulnerabilities in minicom
> 
> An advisory was released recently demonstrating format string
> vulnerabilities in the upload/download functionality of minicom. If
> minicom is set sgid uucp (which was recommended at one point in time),
> it is possible to gain uucp group privileges and potentially use those
> privileges to gain root privileges (the advisory details a potential
> exploit path).
> 
> No patches have been made available. This vulnerability has not been
> confirmed.
> 
> Source: SecurityFocus Bugtraq
> 
> --->8---
> 
> Minicom installed on my system as:
> 
>   [sheol] /usr/local/bin$ ll mini*
>   -rwsr-xr-x  1 uucp  dialer  132372 Nov 16  2000 minicom
> 
> Not installed SGID, but it is SUID.
> 
> I only use it to talk to my Cisco DSL modem over cuaa1; I can't figure out
> how to get 'cu' to talk to it (which I would if I could).
> 
> TIA,
> Dave
> 
> -- 
> 
> Windows: "Where do you want to go today?"
> Linux: "Where do you want to go tomorrow?"
> FreeBSD: "Are you guys coming, or what?"
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002401c1252b$38cb8d10$3704fea9>