[Tech] FW: RH 6.1 / 6.2 minicom vulnerability

Franco Vite franco.vite@tin.it
Mar 22 Ago 2000 12:28:23 CEST


occhio, redhttisti!

-- 
ciao Franco

utonto GNU/Linux ... momentaneamente altrove

----------
> Da: Michal Zalewski <lcamtuf@DIONE.IDS.PL>
> Risposta: Michal Zalewski <lcamtuf@DIONE.IDS.PL>
> Data: Sat, 19 Aug 2000 11:43:59 +0200
> A: BUGTRAQ@SECURITYFOCUS.COM
> Oggetto: RH 6.1 / 6.2 minicom vulnerability
> 
> On RedHat 6.1 and RedHat 6.2 boxes (I haven't found other distributions
> vulnerable):
> 
> @(#)Minicom V1.83.0 (compiled Mar  7 2000)(c) Miquel van Smoorenburg
> 
> [lcamtuf@nimue lcamtuf]$ minicom -C foo
> minicom: there is no global configuration file /etc/minirc.dfl
> Ask your sysadm to create one (with minicom -s).
> 
> [lcamtuf@nimue lcamtuf]$ ls -l foo
> -rw-rw-r--   1 lcamtuf  uucp            0 Aug 18 12:21 foo
> ^^                  ^^^^
> 
> Any file can be created anywhere with uucp privledges - it will follow
> symlinks. Not nice on systems running uucp services.
> 
> _______________________________________________________
> Michal Zalewski [lcamtuf@tpi.pl] [tp.internet/security]
> [http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};:
> =-----=> God is real, unless declared integer. <=-----=
> 
> -- Support your government, give Echelon / Carnivore something to parse --
> classfield  top-secret government  restricted data information project CIA
> KGB GRU DISA  DoD  defense  systems  military  systems spy steal terrorist
> Allah Natasha  Gregori destroy destruct attack  democracy will send Russia
> bank system compromise international  own  rule the world ATSC RTEM warmod
> ATMD force power enforce  sensitive  directorate  TSP NSTD ORD DD2-N AMTAS
> STRAP warrior-T presidental  elections  policital foreign embassy takeover
> --------------------------------------------------------------------------






Maggiori informazioni sulla lista flug-tech