From owner-freebsd-security Tue Aug 14 18: 9:27 2001 Delivered-To: freebsd-security@freebsd.org Received: from bifrost.agrknives.com (bifrost.hos.net [205.238.129.40]) by hub.freebsd.org (Postfix) with ESMTP id AFCEC37B401 for ; Tue, 14 Aug 2001 18:09:14 -0700 (PDT) (envelope-from arussell@bifrost.agrknives.com) Received: (from arussell@localhost) by bifrost.agrknives.com (8.9.3/8.9.3) id UAA09269; Tue, 14 Aug 2001 20:05:06 -0500 (CDT) From: "A.G. Russell IV" Message-Id: <200108150105.UAA09269@bifrost.agrknives.com> Subject: Re: Is minicom exploitable under FreeBSD? In-Reply-To: <20010814124717.B1870@sheol.localdomain> from D J Hawkey Jr at "Aug 14, 2001 12:47:17 pm" To: hawkeyd@visi.com Date: Tue, 14 Aug 2001 20:05:06 -0500 (CDT) Cc: freebsd-security@freebsd.org X-Mailer: ELM [version 2.4ME+ PL43 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Try "cu -l cuaa0 -s 9600" with cuaa0 = tty0 = com1 cuaa1 = tty1 = com2 cuaa2 = tty2 = com3 cuaa3 = tty3 = com4 I don't know about minicom, having never used it. A.G. "D J Hawkey Jr wrote ..." > I'm not certain this is "technical enough" for this group, but it seems > appropriate, none the less? > > Per the following synopsis, is minicom, as found in the packages collection, > vulnerable? > > ---8<--- > > *** {01.19.020} Cross - Format string vulnerabilities in minicom > > An advisory was released recently demonstrating format string > vulnerabilities in the upload/download functionality of minicom. If > minicom is set sgid uucp (which was recommended at one point in time), > it is possible to gain uucp group privileges and potentially use those > privileges to gain root privileges (the advisory details a potential > exploit path). > > No patches have been made available. This vulnerability has not been > confirmed. > > Source: SecurityFocus Bugtraq > > --->8--- > > Minicom installed on my system as: > > [sheol] /usr/local/bin$ ll mini* > -rwsr-xr-x 1 uucp dialer 132372 Nov 16 2000 minicom > > Not installed SGID, but it is SUID. > > I only use it to talk to my Cisco DSL modem over cuaa1; I can't figure out > how to get 'cu' to talk to it (which I would if I could). > > TIA, > Dave > > -- > > Windows: "Where do you want to go today?" > Linux: "Where do you want to go tomorrow?" > FreeBSD: "Are you guys coming, or what?" > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > _______________________________________________________________________________ A.G. Russell IV KC5KFD High Order Software e-mail: ag4@hos.net Phone 512-834-1145 These are my views, on anyone else they would look silly. ------------------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message