> > I have found some buffer overflows in Minicom 1.80.1 which comes setuid > root with Slackware 3.5. I known that were discussed some overflows in > other versions of minicom ( no setuid root) but i think it's "new" and > more dangerous. I've tested 1.75 which comes with RH5.0, and it also crashes when TERM='aaaa....aaa'. Note that it seems to be only setgid uucp, but it's vulnerable. Willy -- +----------------------------------------------------------------------------+ | Willy Tarreau - tarreauat_private - http://www-miaif.lip6.fr/willy/ | | System and Network Engineer - NOVECOM - http://novworld.novecom.fr/ | | Magistere d'Informatique Appliquee de l'Ile de France ( MIAIF ), Year 1997 | +----------------------------------------------------------------------------+
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:14:23 PDT