Bugtraq mailing list archives
Re: RH 6.1 / 6.2 minicom vulnerability
From: Roman Drahtmueller <draht () SUSE DE>
Date: Tue, 22 Aug 2000 23:32:56 +0200
On Tue, 22 Aug 2000, Moritz Hardt wrote:
From: Moritz Hardt <root () MORIX DE>
Don't mail as root!
To: BUGTRAQ () SECURITYFOCUS COM Date: Tue, 22 Aug 2000 00:24:20 +0200 Subject: Re: RH 6.1 / 6.2 minicom vulnerability
[snip]
suse6.4 propably prior versions, too seem to be vulnerable, aswell.
This is not correct. We ship version 1.81.1 since July 27 1998 (that's back to the good old SuSE-5.3 times) until now with SuSE-7.0. minicom is installed root.uucp 0755 in all versions. `chmod 2755 /usr/bin/minicom' and `minicom -C foo' afterwards does not exhibit any problem because no file is created. For a user of a SuSE system to be able to use minicom (restricted by device permissions), she must be added to group uucp.
From the /etc/minicom.users:
# # Remember: in S.u.S.E. Linux 5.3 and above modem users have to be in # group uucp - the "ALL" here only lets minicom try to access modem device. # If you are not in group uucp, it will fail with the following message: # # "minicom: cannot open /dev/modem: Permission denied" # [cut, only facts preserved]
@(#)Minicom V1.83.0 (compiled Mar 7 2000)(c) Miquel van Smoorenburg [lcamtuf@nimue lcamtuf]$ minicom -C foo [lcamtuf@nimue lcamtuf]$ ls -l foo -rw-rw-r-- 1 lcamtuf uucp 0 Aug 18 12:21 foo
[/cut] Thanks, Roman. -- - - | Roman Drahtmüller <draht () suse de> // "Caution: Cape does | SuSE GmbH - Security Phone: // not enable user to fly." | Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) | - -
Current thread:
- RH 6.1 / 6.2 minicom vulnerability Michal Zalewski (Aug 21)
- Re: RH 6.1 / 6.2 minicom vulnerability Fred Souza (Aug 22)
- Re: RH 6.1 / 6.2 minicom vulnerability Moritz Hardt (Aug 22)
- Re: RH 6.1 / 6.2 minicom vulnerability Roman Drahtmueller (Aug 23)
- Re: RH 6.1 / 6.2 minicom vulnerability denis (Aug 22)
- Re: RH 6.1 / 6.2 minicom vulnerability Andreas Hasenack (Aug 22)
- Re: RH 6.1 / 6.2 minicom vulnerability Kris Kennaway (Aug 23)
- Re: RH 6.1 / 6.2 minicom vulnerability Dpk (Aug 25)
- <Possible follow-ups>
- Re: RH 6.1 / 6.2 minicom vulnerability Ben Lull (Aug 22)
- Re: RH 6.1 / 6.2 minicom vulnerability Sylvain Robitaille (Aug 30)
- Re: RH 6.1 / 6.2 minicom vulnerability Ben Lull (Aug 31)
- Re: RH 6.1 / 6.2 minicom vulnerability Sylvain Robitaille (Aug 30)