[16350] in bugtraq
Re: RH 6.1 / 6.2 minicom vulnerability
daemon@ATHENA.MIT.EDU (denis)
Tue Aug 22 15:21:13 2000
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID: <Pine.LNX.4.21.0008211511360.20409-100000@denis.dimick.net>
Date: Mon, 21 Aug 2000 15:12:07 -0700
Reply-To: denis <denis@DIMICK.NET>
From: denis <denis@DIMICK.NET>
X-To: Michal Zalewski <lcamtuf@DIONE.IDS.PL>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.4.21.0008191142460.7020-100000@dione.ids.pl>
Mandrake 7.1 did not do this..
Denis
On Sat, 19 Aug 2000, Michal Zalewski wrote:
> On RedHat 6.1 and RedHat 6.2 boxes (I haven't found other distributions
> vulnerable):
>
> @(#)Minicom V1.83.0 (compiled Mar 7 2000)(c) Miquel van Smoorenburg
>
> [lcamtuf@nimue lcamtuf]$ minicom -C foo
> minicom: there is no global configuration file /etc/minirc.dfl
> Ask your sysadm to create one (with minicom -s).
>
> [lcamtuf@nimue lcamtuf]$ ls -l foo
> -rw-rw-r-- 1 lcamtuf uucp 0 Aug 18 12:21 foo
> ^^ ^^^^
>
> Any file can be created anywhere with uucp privledges - it will follow
> symlinks. Not nice on systems running uucp services.
>
> _______________________________________________________
> Michal Zalewski [lcamtuf@tpi.pl] [tp.internet/security]
> [http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};:
> =-----=> God is real, unless declared integer. <=-----=
>
> -- Support your government, give Echelon / Carnivore something to parse --
> classfield top-secret government restricted data information project CIA
> KGB GRU DISA DoD defense systems military systems spy steal terrorist
> Allah Natasha Gregori destroy destruct attack democracy will send Russia
> bank system compromise international own rule the world ATSC RTEM warmod
> ATMD force power enforce sensitive directorate TSP NSTD ORD DD2-N AMTAS
> STRAP warrior-T presidental elections policital foreign embassy takeover
> --------------------------------------------------------------------------
>
