[16324] in bugtraq
RH 6.1 / 6.2 minicom vulnerability
daemon@ATHENA.MIT.EDU (Michal Zalewski)
Mon Aug 21 16:04:13 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.21.0008191142460.7020-100000@dione.ids.pl>
Date: Sat, 19 Aug 2000 11:43:59 +0200
Reply-To: Michal Zalewski <lcamtuf@DIONE.IDS.PL>
From: Michal Zalewski <lcamtuf@DIONE.IDS.PL>
To: BUGTRAQ@SECURITYFOCUS.COM
On RedHat 6.1 and RedHat 6.2 boxes (I haven't found other distributions
vulnerable):
@(#)Minicom V1.83.0 (compiled Mar 7 2000)(c) Miquel van Smoorenburg
[lcamtuf@nimue lcamtuf]$ minicom -C foo
minicom: there is no global configuration file /etc/minirc.dfl
Ask your sysadm to create one (with minicom -s).
[lcamtuf@nimue lcamtuf]$ ls -l foo
-rw-rw-r-- 1 lcamtuf uucp 0 Aug 18 12:21 foo
^^ ^^^^
Any file can be created anywhere with uucp privledges - it will follow
symlinks. Not nice on systems running uucp services.
_______________________________________________________
Michal Zalewski [lcamtuf@tpi.pl] [tp.internet/security]
[http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};:
=-----=> God is real, unless declared integer. <=-----=
-- Support your government, give Echelon / Carnivore something to parse --
classfield top-secret government restricted data information project CIA
KGB GRU DISA DoD defense systems military systems spy steal terrorist
Allah Natasha Gregori destroy destruct attack democracy will send Russia
bank system compromise international own rule the world ATSC RTEM warmod
ATMD force power enforce sensitive directorate TSP NSTD ORD DD2-N AMTAS
STRAP warrior-T presidental elections policital foreign embassy takeover
--------------------------------------------------------------------------
