On Sun, 10 May 1998, William Burrow wrote: > On Sat, May 09, 1998 at 09:48:55PM +0200, Tiago F P Rodrigues wrote: > > It seems minicom(distributed with slak3.4) have some overflow > > vulnerabilities, namely in the '-p' switch and when you pick a config > > file on the arguments. (a strcpy and a sprintf) > ... > > If this is new, I may post an exploit if prompted to. > > What kind of exploit will you be able to get? Minicom is setgid uucp on > my system, the worst you can do is upset UUCP operations, which don't happen > here anyway, or possibly change the permissions on the dev file. System > is Slack 3.2. > True enough, minicom is only sgid uucp in latest RedHat & Slakware releases, though keep in mind if you rebuild minicom from source it will install it setuid root by default.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:53:08 PDT