Date: Wed, 15 Aug 2001 03:40:10 +0200 From: =?iso-8859-1?Q?Geir_R=E5ness?= <geir@dropzone.as> To: <freebsd-security@freebsd.org> Subject: Re: Is minicom exploitable under FreeBSD? Message-ID: <002401c1252b$38cb8d10$3704fea9@PULZ> References: <20010814124717.B1870@sheol.localdomain>
next in thread | previous in thread | raw e-mail | index | archive | help
About a month ago it was noticed an bug in the minicom drivers, that can =
lead to root....
I aint sure if this ust linux or if it is FreeBSD to, but from what i =
know about it, it affects all the systems using minicom.
----- Original Message -----=20
From: "D J Hawkey Jr" <hawkeyd@visi.com>
To: <freebsd-security@freebsd.org>
Sent: Tuesday, August 14, 2001 7:47 PM
Subject: Is minicom exploitable under FreeBSD?
> I'm not certain this is "technical enough" for this group, but it =
seems
> appropriate, none the less?
>=20
> Per the following synopsis, is minicom, as found in the packages =
collection,
> vulnerable?
>=20
> ---8<---
> =20
> *** {01.19.020} Cross - Format string vulnerabilities in minicom
>=20
> An advisory was released recently demonstrating format string
> vulnerabilities in the upload/download functionality of minicom. If
> minicom is set sgid uucp (which was recommended at one point in time),
> it is possible to gain uucp group privileges and potentially use those
> privileges to gain root privileges (the advisory details a potential
> exploit path).
>=20
> No patches have been made available. This vulnerability has not been
> confirmed.
>=20
> Source: SecurityFocus Bugtraq
>=20
> --->8---
>=20
> Minicom installed on my system as:
>=20
> [sheol] /usr/local/bin$ ll mini*
> -rwsr-xr-x 1 uucp dialer 132372 Nov 16 2000 minicom
>=20
> Not installed SGID, but it is SUID.
>=20
> I only use it to talk to my Cisco DSL modem over cuaa1; I can't figure =
out
> how to get 'cu' to talk to it (which I would if I could).
>=20
> TIA,
> Dave
>=20
> --=20
>=20
> Windows: "Where do you want to go today?"
> Linux: "Where do you want to go tomorrow?"
> FreeBSD: "Are you guys coming, or what?"
>=20
>=20
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>=20
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002401c1252b$38cb8d10$3704fea9>