Date: Tue, 14 Aug 2001 20:05:06 -0500 (CDT) From: "A.G. Russell IV" <arussell@bifrost.agrknives.com> To: hawkeyd@visi.com Cc: freebsd-security@freebsd.org Subject: Re: Is minicom exploitable under FreeBSD? Message-ID: <200108150105.UAA09269@bifrost.agrknives.com> In-Reply-To: <20010814124717.B1870@sheol.localdomain> from D J Hawkey Jr at "Aug 14, 2001 12:47:17 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Try
"cu -l cuaa0 -s 9600"
with cuaa0 = tty0 = com1
cuaa1 = tty1 = com2
cuaa2 = tty2 = com3
cuaa3 = tty3 = com4
I don't know about minicom, having never used it.
A.G.
"D J Hawkey Jr wrote ..."
> I'm not certain this is "technical enough" for this group, but it seems
> appropriate, none the less?
>
> Per the following synopsis, is minicom, as found in the packages collection,
> vulnerable?
>
> ---8<---
>
> *** {01.19.020} Cross - Format string vulnerabilities in minicom
>
> An advisory was released recently demonstrating format string
> vulnerabilities in the upload/download functionality of minicom. If
> minicom is set sgid uucp (which was recommended at one point in time),
> it is possible to gain uucp group privileges and potentially use those
> privileges to gain root privileges (the advisory details a potential
> exploit path).
>
> No patches have been made available. This vulnerability has not been
> confirmed.
>
> Source: SecurityFocus Bugtraq
>
> --->8---
>
> Minicom installed on my system as:
>
> [sheol] /usr/local/bin$ ll mini*
> -rwsr-xr-x 1 uucp dialer 132372 Nov 16 2000 minicom
>
> Not installed SGID, but it is SUID.
>
> I only use it to talk to my Cisco DSL modem over cuaa1; I can't figure out
> how to get 'cu' to talk to it (which I would if I could).
>
> TIA,
> Dave
>
> --
>
> Windows: "Where do you want to go today?"
> Linux: "Where do you want to go tomorrow?"
> FreeBSD: "Are you guys coming, or what?"
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>
_______________________________________________________________________________
A.G. Russell IV KC5KFD High Order Software e-mail: ag4@hos.net
Phone 512-834-1145
These are my views, on anyone else they would look silly.
-------------------------------------------------------------------------------
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200108150105.UAA09269>