Bugtraq mailing list archives
Re: RH 6.1 / 6.2 minicom vulnerability
From: Fred Souza <cseg () KRONUS COM BR>
Date: Mon, 21 Aug 2000 21:34:29 -0300
On RedHat 6.1 and RedHat 6.2 boxes (I haven't found other distributions
vulnerable):
@(#)Minicom V1.83.0 (compiled Mar 7 2000)(c) Miquel van Smoorenburg
[lcamtuf@nimue lcamtuf]$ minicom -C foo
minicom: there is no global configuration file /etc/minirc.dfl
Ask your sysadm to create one (with minicom -s).
[lcamtuf@nimue lcamtuf]$ ls -l foo
-rw-rw-r-- 1 lcamtuf uucp 0 Aug 18 12:21 foo
^^ ^^^^
Any file can be created anywhere with uucp privledges - it will follow
symlinks. Not nice on systems running uucp services.
Agreed. I've tested this on FreeBSD 4.1-STABLE, with minicom 1.83.1, and the file "foo" were created with the correct uid/gid, using the default umask. -- This is what you get when you meet someone who has spent most of his/her entire life, thinking.
Current thread:
- RH 6.1 / 6.2 minicom vulnerability Michal Zalewski (Aug 21)
- Re: RH 6.1 / 6.2 minicom vulnerability Fred Souza (Aug 22)
- Re: RH 6.1 / 6.2 minicom vulnerability Moritz Hardt (Aug 22)
- Re: RH 6.1 / 6.2 minicom vulnerability Roman Drahtmueller (Aug 23)
- Re: RH 6.1 / 6.2 minicom vulnerability denis (Aug 22)
- Re: RH 6.1 / 6.2 minicom vulnerability Andreas Hasenack (Aug 22)
- Re: RH 6.1 / 6.2 minicom vulnerability Kris Kennaway (Aug 23)
- Re: RH 6.1 / 6.2 minicom vulnerability Dpk (Aug 25)
- <Possible follow-ups>
- Re: RH 6.1 / 6.2 minicom vulnerability Ben Lull (Aug 22)
- Re: RH 6.1 / 6.2 minicom vulnerability Sylvain Robitaille (Aug 30)
- Re: RH 6.1 / 6.2 minicom vulnerability Ben Lull (Aug 31)
- Re: RH 6.1 / 6.2 minicom vulnerability Sylvain Robitaille (Aug 30)