I apologise if this is old, though i haven´t found any message on this issue on bugtraq in the last few months. It seems minicom(distributed with slak3.4) have some overflow vulnerabilities, namely in the '-p' switch and when you pick a config file on the arguments. (a strcpy and a sprintf) you may test it with: $ minicom -p/dev/ttyp`perl -e ´print "A" x 2500´` (Some garbage) Segmentation fault An examination under gdb shows saved EIP=0x414141 If this is new, I may post an exploit if prompted to. ----------------------------------------------------------------------------- "There are awfull penalties for crimes against the gods" - Irish Murdoch Tiago F. P. Rodrigues (BlindPoet) Universidade Lusiada ´98 - PORTUGAL -----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:53:00 PDT