Date: Sat, 19 Aug 2000 11:43:59 +0200 From: Michal Zalewski <lcamtuf@DIONE.IDS.PL> Subject: RH 6.1 / 6.2 minicom vulnerability To: BUGTRAQ@SECURITYFOCUS.COM On RedHat 6.1 and RedHat 6.2 boxes (I haven't found other distributions vulnerable): @(#)Minicom V1.83.0 (compiled Mar 7 2000)(c) Miquel van Smoorenburg [lcamtuf@nimue lcamtuf]$ minicom -C foo minicom: there is no global configuration file /etc/minirc.dfl Ask your sysadm to create one (with minicom -s). [lcamtuf@nimue lcamtuf]$ ls -l foo -rw-rw-r-- 1 lcamtuf uucp 0 Aug 18 12:21 foo ^^ ^^^^ Any file can be created anywhere with uucp privledges - it will follow symlinks. Not nice on systems running uucp services. _______________________________________________________ Michal Zalewski [lcamtuf@tpi.pl] [tp.internet/security] [http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};: =-----=> God is real, unless declared integer. <=-----= -- Support your government, give Echelon / Carnivore something to parse -- classfield top-secret government restricted data information project CIA KGB GRU DISA DoD defense systems military systems spy steal terrorist Allah Natasha Gregori destroy destruct attack democracy will send Russia bank system compromise international own rule the world ATSC RTEM warmod ATMD force power enforce sensitive directorate TSP NSTD ORD DD2-N AMTAS STRAP warrior-T presidental elections policital foreign embassy takeover --------------------------------------------------------------------------