Date:         Sat, 19 Aug 2000 11:43:59 +0200
From: Michal Zalewski <lcamtuf@DIONE.IDS.PL>
Subject:      RH 6.1 / 6.2 minicom vulnerability
To: BUGTRAQ@SECURITYFOCUS.COM

On RedHat 6.1 and RedHat 6.2 boxes (I haven't found other distributions
vulnerable):

@(#)Minicom V1.83.0 (compiled Mar  7 2000)(c) Miquel van Smoorenburg

[lcamtuf@nimue lcamtuf]$ minicom -C foo
minicom: there is no global configuration file /etc/minirc.dfl
Ask your sysadm to create one (with minicom -s).

[lcamtuf@nimue lcamtuf]$ ls -l foo
-rw-rw-r--   1 lcamtuf  uucp            0 Aug 18 12:21 foo
    ^^                  ^^^^

Any file can be created anywhere with uucp privledges - it will follow
symlinks. Not nice on systems running uucp services.

_______________________________________________________
Michal Zalewski [lcamtuf@tpi.pl] [tp.internet/security]
[http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};:
=-----=> God is real, unless declared integer. <=-----=

-- Support your government, give Echelon / Carnivore something to parse --
classfield  top-secret government  restricted data information project CIA
KGB GRU DISA  DoD  defense  systems  military  systems spy steal terrorist
Allah Natasha  Gregori destroy destruct attack  democracy will send Russia
bank system compromise international  own  rule the world ATSC RTEM warmod
ATMD force power enforce  sensitive  directorate  TSP NSTD ORD DD2-N AMTAS
STRAP warrior-T presidental  elections  policital foreign embassy takeover
--------------------------------------------------------------------------