Re: Overflows in minicom

• Previous message: Hank Leininger: "Re: Samba problems"
• Maybe in reply to: Tiago F P Rodrigues: "Overflows in minicom"
• Next in thread: Andi Kleen: "Re: Overflows in minicom"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 10 May 1998, William Burrow wrote:

> On Sat, May 09, 1998 at 09:48:55PM +0200, Tiago F P Rodrigues wrote:
> >  It seems minicom(distributed with slak3.4) have some overflow
> > vulnerabilities, namely in the '-p' switch and when you pick a config
> > file on the arguments. (a strcpy and a sprintf)
> ...
> >  If this is new, I may post an exploit if prompted to.
>
> What kind of exploit will you be able to get?  Minicom is setgid uucp on
> my system, the worst you can do is upset UUCP operations, which don't happen
> here anyway, or possibly change the permissions on the dev file.  System
> is Slack 3.2.
>

 True enough, minicom is only sgid uucp in latest RedHat & Slakware
releases, though keep in mind if you rebuild minicom from source it will
install it setuid root by default.

• Next message: Michael Mittelstadt: "Re: 3Com switches - undocumented access level."
• Previous message: Hank Leininger: "Re: Samba problems"
• Maybe in reply to: Tiago F P Rodrigues: "Overflows in minicom"
• Next in thread: Andi Kleen: "Re: Overflows in minicom"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:53:08 PDT