-----BEGIN PGP SIGNED MESSAGE----- Subject: Caldera Security Advisory SA-1998.20: Overflows in minicom Topic: Overflows in minicom Advisory issue date: 24-July-1998 I. Problem Description There are various buffer overflows in minicom that can be exploited to gain access to group tty. It seems minicom have some overflow vulnerabilities, namely in the '-p' switch and when you pick a config file on the arguments. (a strcpy and a sprintf) II. Impact Description: Unauthorised access can be gained to the tty group. Vulnerable Systems: OpenLinux 1.0, 1.1, & 1.2 systems using minicom packages prior to minicom-1.81.1-1. III. Solution Corrections: The proper solution is to Upgrade to the minicom-1.81.1-1 package. It can be found on Caldera's FTP site at: ftp://ftp.caldera.com/pub/OpenLinux/updates/1.2/010/RPMS The corresponding source code can be found at: ftp://ftp.caldera.com/pub/OpenLinux/updates/1.2/010/SRPMS The MD5 checksums (from the "md5sum" command) for these packages are: b77a9bb05f1c37729a5cd7284f4a6cb0 minicom-1.81.1-1.i386.rpm 700376cc1052fa66c39c2fd3e97f2b80 minicom-1.81.1-1.src.rpm Upgrade with the following commands: rpm -q minicom && rpm -U minicom-1.81.1-1.i386.rpm IV. References This and other Caldera security resources are located at: http://www.caldera.com/news/security/index.html Additional documentation on this problem can be found in the bugtraq mailing list. Message-ID: Date: Sat, 9 May 1998 21:48:55 +0200 Reply-To: Tiago F P Rodrigues <11108496@LIS.ULUSIADA.PT> Sender: Bugtraq List From: Tiago F P Rodrigues <11108496@LIS.ULUSIADA.PT> Subject: Overflows in minicom To: BUGTRAQ@NETSPACE.ORG This security fix closes Caldera's internal Problem Report 4006 & 4060. V. PGP Signature This message was signed with the PGP key for security@caldera.com. This key can be obtained from: ftp://ftp.caldera.com/pub/pgp-keys/ Or on an OpenLinux CDROM under: /OpenLinux/pgp-keys/ $Id: SA-1998.20.txt,v 1.3 1998/07/24 13:03:14 rf Exp $ -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBNbiGEen+9R4958LpAQHFEwP+LJWKpWEOd/xruzBTBnLruglNZ8vB6Zni YPL8ARWuQkJx1B+zbfsuE1Vp+PnZfsxUkCQA1Ef3Tybd/G3qI2/71YUsr6HtAotZ sMbLodIE8fkQxG2wVvMtamTlQotYM77So4ewJv/PrwP0zpGP8fQX2Z0spQFnlfeO ZUO1Jk37Yso= =iQYb -----END PGP SIGNATURE-----