Bugtraq mailing list archives
Re: RH 6.1 / 6.2 minicom vulnerability
From: Dpk <dpk () EGR MSU EDU>
Date: Wed, 23 Aug 2000 18:23:18 -0400
On Sat, Aug 19, 2000 at 11:43:59AM +0200, Michal Zalewski wrote: On RedHat 6.1 and RedHat 6.2 boxes (I haven't found other distributions vulnerable): @(#)Minicom V1.83.0 (compiled Mar 7 2000)(c) Miquel van Smoorenburg [lcamtuf@nimue lcamtuf]$ minicom -C foo minicom: there is no global configuration file /etc/minirc.dfl Ask your sysadm to create one (with minicom -s). [lcamtuf@nimue lcamtuf]$ ls -l foo -rw-rw-r-- 1 lcamtuf uucp 0 Aug 18 12:21 foo ^^ ^^^^ Any file can be created anywhere with uucp privledges - it will follow symlinks. Not nice on systems running uucp services. [snip] To round out the distribution status... Debian/GNU Linux does not install minicom set[ug]id, and is not vulnerable... verified on 2.1 (slink), 2.2 (potato), and "woody". Dpk
Current thread:
- RH 6.1 / 6.2 minicom vulnerability Michal Zalewski (Aug 21)
- Re: RH 6.1 / 6.2 minicom vulnerability Fred Souza (Aug 22)
- Re: RH 6.1 / 6.2 minicom vulnerability Moritz Hardt (Aug 22)
- Re: RH 6.1 / 6.2 minicom vulnerability Roman Drahtmueller (Aug 23)
- Re: RH 6.1 / 6.2 minicom vulnerability denis (Aug 22)
- Re: RH 6.1 / 6.2 minicom vulnerability Andreas Hasenack (Aug 22)
- Re: RH 6.1 / 6.2 minicom vulnerability Kris Kennaway (Aug 23)
- Re: RH 6.1 / 6.2 minicom vulnerability Dpk (Aug 25)
- <Possible follow-ups>
- Re: RH 6.1 / 6.2 minicom vulnerability Ben Lull (Aug 22)
- Re: RH 6.1 / 6.2 minicom vulnerability Sylvain Robitaille (Aug 30)
- Re: RH 6.1 / 6.2 minicom vulnerability Ben Lull (Aug 31)
- Re: RH 6.1 / 6.2 minicom vulnerability Sylvain Robitaille (Aug 30)