[16359] in bugtraq
Re: RH 6.1 / 6.2 minicom vulnerability
daemon@ATHENA.MIT.EDU (Roman Drahtmueller)
Wed Aug 23 11:21:08 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=ISO-8859-1
Content-Transfer-Encoding: 8BIT
Message-Id: <Pine.LNX.4.21.0008222327010.1204-100000@dent.suse.de>
Date: Tue, 22 Aug 2000 23:32:56 +0200
Reply-To: Roman Drahtmueller <draht@SUSE.DE>
From: Roman Drahtmueller <draht@SUSE.DE>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.4.21.0008220022370.695-100000@morix.morix.de>
On Tue, 22 Aug 2000, Moritz Hardt wrote:
> From: Moritz Hardt <root@MORIX.DE>
Don't mail as root!
> To: BUGTRAQ@SECURITYFOCUS.COM
> Date: Tue, 22 Aug 2000 00:24:20 +0200
> Subject: Re: RH 6.1 / 6.2 minicom vulnerability
[snip]
> suse6.4 propably prior versions, too seem to be vulnerable, aswell.
This is not correct.
We ship version 1.81.1 since July 27 1998 (that's back to the good old
SuSE-5.3 times) until now with SuSE-7.0.
minicom is installed root.uucp 0755 in all versions.
`chmod 2755 /usr/bin/minicom' and `minicom -C foo' afterwards does not
exhibit any problem because no file is created.
For a user of a SuSE system to be able to use minicom (restricted by
device permissions), she must be added to group uucp.
From the /etc/minicom.users:
#
# Remember: in S.u.S.E. Linux 5.3 and above modem users have to be in
# group uucp - the "ALL" here only lets minicom try to access modem device.
# If you are not in group uucp, it will fail with the following message:
#
# "minicom: cannot open /dev/modem: Permission denied"
#
[cut, only facts preserved]
> > @(#)Minicom V1.83.0 (compiled Mar 7 2000)(c) Miquel van Smoorenburg
> > [lcamtuf@nimue lcamtuf]$ minicom -C foo
> > [lcamtuf@nimue lcamtuf]$ ls -l foo
> > -rw-rw-r-- 1 lcamtuf uucp 0 Aug 18 12:21 foo
[/cut]
Thanks,
Roman.
--
- -
| Roman Drahtm|ller <draht@suse.de> // "Caution: Cape does |
SuSE GmbH - Security Phone: // not enable user to fly."
| N|rnberg, Germany +49-911-740530 // (Batman Costume warning label) |
- -
