Date: Wed, 15 Aug 2001 03:40:10 +0200 From: =?iso-8859-1?Q?Geir_R=E5ness?= <geir@dropzone.as> To: <freebsd-security@freebsd.org> Subject: Re: Is minicom exploitable under FreeBSD? Message-ID: <002401c1252b$38cb8d10$3704fea9@PULZ> References: <20010814124717.B1870@sheol.localdomain>
next in thread | previous in thread | raw e-mail | index | archive | help
About a month ago it was noticed an bug in the minicom drivers, that can = lead to root.... I aint sure if this ust linux or if it is FreeBSD to, but from what i = know about it, it affects all the systems using minicom. ----- Original Message -----=20 From: "D J Hawkey Jr" <hawkeyd@visi.com> To: <freebsd-security@freebsd.org> Sent: Tuesday, August 14, 2001 7:47 PM Subject: Is minicom exploitable under FreeBSD? > I'm not certain this is "technical enough" for this group, but it = seems > appropriate, none the less? >=20 > Per the following synopsis, is minicom, as found in the packages = collection, > vulnerable? >=20 > ---8<--- > =20 > *** {01.19.020} Cross - Format string vulnerabilities in minicom >=20 > An advisory was released recently demonstrating format string > vulnerabilities in the upload/download functionality of minicom. If > minicom is set sgid uucp (which was recommended at one point in time), > it is possible to gain uucp group privileges and potentially use those > privileges to gain root privileges (the advisory details a potential > exploit path). >=20 > No patches have been made available. This vulnerability has not been > confirmed. >=20 > Source: SecurityFocus Bugtraq >=20 > --->8--- >=20 > Minicom installed on my system as: >=20 > [sheol] /usr/local/bin$ ll mini* > -rwsr-xr-x 1 uucp dialer 132372 Nov 16 2000 minicom >=20 > Not installed SGID, but it is SUID. >=20 > I only use it to talk to my Cisco DSL modem over cuaa1; I can't figure = out > how to get 'cu' to talk to it (which I would if I could). >=20 > TIA, > Dave >=20 > --=20 >=20 > Windows: "Where do you want to go today?" > Linux: "Where do you want to go tomorrow?" > FreeBSD: "Are you guys coming, or what?" >=20 >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message >=20 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002401c1252b$38cb8d10$3704fea9>