Date: Tue, 14 Aug 2001 12:47:17 -0500 From: D J Hawkey Jr <hawkeyd@visi.com> To: freebsd-security@freebsd.org Subject: Is minicom exploitable under FreeBSD? Message-ID: <20010814124717.B1870@sheol.localdomain>
next in thread | raw e-mail | index | archive | help
I'm not certain this is "technical enough" for this group, but it seems
appropriate, none the less?
Per the following synopsis, is minicom, as found in the packages collection,
vulnerable?
---8<---
*** {01.19.020} Cross - Format string vulnerabilities in minicom
An advisory was released recently demonstrating format string
vulnerabilities in the upload/download functionality of minicom. If
minicom is set sgid uucp (which was recommended at one point in time),
it is possible to gain uucp group privileges and potentially use those
privileges to gain root privileges (the advisory details a potential
exploit path).
No patches have been made available. This vulnerability has not been
confirmed.
Source: SecurityFocus Bugtraq
--->8---
Minicom installed on my system as:
[sheol] /usr/local/bin$ ll mini*
-rwsr-xr-x 1 uucp dialer 132372 Nov 16 2000 minicom
Not installed SGID, but it is SUID.
I only use it to talk to my Cisco DSL modem over cuaa1; I can't figure out
how to get 'cu' to talk to it (which I would if I could).
TIA,
Dave
--
Windows: "Where do you want to go today?"
Linux: "Where do you want to go tomorrow?"
FreeBSD: "Are you guys coming, or what?"
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010814124717.B1870>