Bugtraq mailing list archives

Re: RH 6.1 / 6.2 minicom vulnerability

From: Ben Lull <blull () valleylocal com>
Date: Tue, 22 Aug 2000 12:47:51 -0700

Slackware 7.0 (minicom 1.82):
    plix@technolust:/home/plix> groups
    secure wheel xuser plix

    plix@technolust:/home/plix> minicom -C foo
    minicom: cannot open /dev/ttyS1: Permission denied

    plix@technolust:/home/plix> ls -al foo
    -rw-r--r--   1 plix     uucp            0 Aug 22 12:36 foo
    plix@technolust:/home/plix>


Slackware 7.1 (minicom 1.82.1)
    plix@mos:/home/plix> groups
    users

    plix@mos:/home/plix> minicom -C foo
    minicom: cannot open /dev/ttyS1: Permission denied

    plix@mos:/home/plix> ls -al foo
    -rw-r--r--   1 plix     uucp            0 Aug 22 12:39 foo


-- Yep Slackware too using minicom 1.82 and 1.82.1

Thanks,
Ben Lull

***
* Ben Lull
* Valley Local Internet, Inc.
* Systems Administrator
***



Michal Zalewski wrote:

On RedHat 6.1 and RedHat 6.2 boxes (I haven't found other

distributions

vulnerable):

@(#)Minicom V1.83.0 (compiled Mar  7 2000)(c) Miquel van Smoorenburg

[lcamtuf@nimue lcamtuf]$ minicom -C foo
minicom: there is no global configuration file /etc/minirc.dfl
Ask your sysadm to create one (with minicom -s).

[lcamtuf@nimue lcamtuf]$ ls -l foo
-rw-rw-r--   1 lcamtuf  uucp            0 Aug 18 12:21 foo
    ^^                  ^^^^

Any file can be created anywhere with uucp privledges - it will follow

symlinks. Not nice on systems running uucp services.

_______________________________________________________
Michal Zalewski [lcamtuf () tpi pl] [tp.internet/security]
[http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};:
=-----=> God is real, unless declared integer. <=-----=

-- Support your government, give Echelon / Carnivore something to

parse --

classfield  top-secret government  restricted data information project

CIA

KGB GRU DISA  DoD  defense  systems  military  systems spy steal

terrorist

Allah Natasha  Gregori destroy destruct attack  democracy will send

Russia

bank system compromise international  own  rule the world ATSC RTEM

warmod

ATMD force power enforce  sensitive  directorate  TSP NSTD ORD DD2-N

AMTAS

STRAP warrior-T presidental  elections  policital foreign embassy

takeover

--------------------------------------------------------------------------

Current thread:

RH 6.1 / 6.2 minicom vulnerability Michal Zalewski (Aug 21)
- Re: RH 6.1 / 6.2 minicom vulnerability Fred Souza (Aug 22)
- Re: RH 6.1 / 6.2 minicom vulnerability Moritz Hardt (Aug 22)
  - Re: RH 6.1 / 6.2 minicom vulnerability Roman Drahtmueller (Aug 23)
- Re: RH 6.1 / 6.2 minicom vulnerability denis (Aug 22)
- Re: RH 6.1 / 6.2 minicom vulnerability Andreas Hasenack (Aug 22)
- Re: RH 6.1 / 6.2 minicom vulnerability Kris Kennaway (Aug 23)
- Re: RH 6.1 / 6.2 minicom vulnerability Dpk (Aug 25)
- <Possible follow-ups>
- Re: RH 6.1 / 6.2 minicom vulnerability Ben Lull (Aug 22)
  - Re: RH 6.1 / 6.2 minicom vulnerability Sylvain Robitaille (Aug 30)
    - Re: RH 6.1 / 6.2 minicom vulnerability Ben Lull (Aug 31)