Overflows in minicom

From: Tiago F P Rodrigues (11108496at_private)
Date: Sat May 09 1998 - 12:48:55 PDT

Next message: Aleph One: "Re: 3Com switches - undocumented access level.)"

Previous message: Riku Meskanen: "Re: 3Com switches - undocumented access level.)"
Next in thread: Alan Cox: "Re: Overflows in minicom"
Reply: Alan Cox: "Re: Overflows in minicom"
Reply: Tiago F P Rodrigues: "Re: Overflows in minicom"
Reply: Andi Kleen: "Re: Overflows in minicom"
Reply: Stefan `Sec` Zehl: "Re: Overflows in minicom"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

 I apologise if this is old, though i haven´t found any message on this
issue on bugtraq in the last few months.

 It seems minicom(distributed with slak3.4) have some overflow
vulnerabilities, namely in the '-p' switch and when you pick a config
file on the arguments. (a strcpy and a sprintf)

 you may test it with:
  $ minicom -p/dev/ttyp`perl -e ´print "A" x 2500´`
    (Some garbage)
    Segmentation fault

 An examination under gdb shows saved EIP=0x414141
 If this is new, I may post an exploit if prompted to.

-----------------------------------------------------------------------------
"There are awfull penalties for crimes against the gods"
                                        - Irish Murdoch
Tiago F. P. Rodrigues   (BlindPoet)
Universidade Lusiada ´98 - PORTUGAL
-----------------------------------------------------------------------------

Next message: Aleph One: "Re: 3Com switches - undocumented access level.)"
Previous message: Riku Meskanen: "Re: 3Com switches - undocumented access level.)"
Next in thread: Alan Cox: "Re: Overflows in minicom"
Reply: Alan Cox: "Re: Overflows in minicom"
Reply: Tiago F P Rodrigues: "Re: Overflows in minicom"
Reply: Andi Kleen: "Re: Overflows in minicom"
Reply: Stefan `Sec` Zehl: "Re: Overflows in minicom"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:53:00 PDT