Date: Tue, 14 Aug 2001 12:47:17 -0500 From: D J Hawkey Jr <hawkeyd@visi.com> To: freebsd-security@freebsd.org Subject: Is minicom exploitable under FreeBSD? Message-ID: <20010814124717.B1870@sheol.localdomain>
next in thread | raw e-mail | index | archive | help
I'm not certain this is "technical enough" for this group, but it seems appropriate, none the less? Per the following synopsis, is minicom, as found in the packages collection, vulnerable? ---8<--- *** {01.19.020} Cross - Format string vulnerabilities in minicom An advisory was released recently demonstrating format string vulnerabilities in the upload/download functionality of minicom. If minicom is set sgid uucp (which was recommended at one point in time), it is possible to gain uucp group privileges and potentially use those privileges to gain root privileges (the advisory details a potential exploit path). No patches have been made available. This vulnerability has not been confirmed. Source: SecurityFocus Bugtraq --->8--- Minicom installed on my system as: [sheol] /usr/local/bin$ ll mini* -rwsr-xr-x 1 uucp dialer 132372 Nov 16 2000 minicom Not installed SGID, but it is SUID. I only use it to talk to my Cisco DSL modem over cuaa1; I can't figure out how to get 'cu' to talk to it (which I would if I could). TIA, Dave -- Windows: "Where do you want to go today?" Linux: "Where do you want to go tomorrow?" FreeBSD: "Are you guys coming, or what?" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010814124717.B1870>