Bugtraq mailing list archives

Re: Buffer overflows in Minicom 1.80.1

From: tarreau () AEMIAIF LIP6 FR (Willy TARREAU)
Date: Mon, 31 Aug 1998 09:21:03 +0200


I have found some buffer overflows in Minicom 1.80.1 which comes setuid
root with Slackware 3.5.  I known that were discussed some overflows in
other versions of minicom ( no setuid root) but i think it's "new" and
more dangerous.


I've tested 1.75 which comes with RH5.0, and it also crashes when
TERM='aaaa....aaa'. Note that it seems to be only setgid uucp, but it's
vulnerable.

                                        Willy

--
+----------------------------------------------------------------------------+
| Willy Tarreau - tarreau () aemiaif lip6 fr - http://www-miaif.lip6.fr/willy/  |
| System and Network Engineer - NOVECOM - http://novworld.novecom.fr/        |
| Magistere d'Informatique Appliquee de l'Ile de France ( MIAIF ), Year 1997 |
+----------------------------------------------------------------------------+

Current thread:

Re: Buffer overflows in Minicom 1.80.1 Willy TARREAU (Aug 31)
- Re: Security Hole in Axent ESM Michael Shields (Aug 31)
- Re: Buffer overflows in Minicom 1.80.1 Alan Cox (Aug 31)