Bugtraq mailing list archives
Re: Overflows in minicom
From: 11108496 () LIS ULUSIADA PT (Tiago F P Rodrigues)
Date: Mon, 11 May 1998 12:32:02 +0200
On Sun, 10 May 1998, William Burrow wrote:
On Sat, May 09, 1998 at 09:48:55PM +0200, Tiago F P Rodrigues wrote:It seems minicom(distributed with slak3.4) have some overflow vulnerabilities, namely in the '-p' switch and when you pick a config file on the arguments. (a strcpy and a sprintf)...If this is new, I may post an exploit if prompted to.What kind of exploit will you be able to get? Minicom is setgid uucp on my system, the worst you can do is upset UUCP operations, which don't happen here anyway, or possibly change the permissions on the dev file. System is Slack 3.2.
True enough, minicom is only sgid uucp in latest RedHat & Slakware releases, though keep in mind if you rebuild minicom from source it will install it setuid root by default.
Current thread:
- Re: Overflows in minicom Tiago F P Rodrigues (May 11)
- <Possible follow-ups>
- Re: Overflows in minicom Andi Kleen (May 11)
- Re: Overflows in minicom Stefan `Sec` Zehl (May 12)