Bugtraq mailing list archives
Re: [linux-security] Minicom 1.75 Vulnerability
From: jhenders () BOGON COM (John Henders)
Date: Mon, 10 Feb 1997 06:15:18 -0800
On Feb 10, jason () redline ru (Dmitry E. Kim) wrote:
well, here is another standard buffer overrun vulnerability, which may sometimes lead to root compromise (not always. not in new distributions, fortunately). Current Slackware and current RedHat don't install minicom suid root, only sgid/uucp, which is not *that* dangerous. But when you build minicom from source, it asks you to do "chmod +s" on it. Summary: Vulnerability in minicom allows (certain) local users to obtain group "uucp" privileges and, in certain cases, root privileges.
Unless it's changed recently, minicom also requires you to be in a minicom.users file to use it at all, which alleviates the risk somewhat. The idea of allowing public users of a system unrestricted access to a dialout port is pretty scarey on it's own, so I would hope anyone using minicom would be pretty careful about who was in that file. -- Artificial Intelligence stands no chance against Natural Stupidity. GAT d- -p+(--) c++++ l++ u++ t- m--- W--- !v b+++ e* s-/+ n-(?) h++ f+g+ w+++ y*
Current thread:
- Minicom 1.75 Vulnerability Dmitry E. Kim (Feb 09)
- Re: [linux-security] Minicom 1.75 Vulnerability John Henders (Feb 10)
- Re: [linux-security] Minicom 1.75 Vulnerability Miquel van Smoorenburg (Feb 10)
- Security hole in Solaris 2.X ffbconfig + exploit Cristian SCHIPOR (Feb 10)
- Re: [linux-security] Minicom 1.75 Vulnerability John Henders (Feb 10)