COMMAND

    minicom

SYSTEMS AFFECTED

    Slackware 3.4

PROBLEM

    Tiago F P Rodrigues found following. It seems minicom (distributed
    with Slackware 3.4) have some overflow vulnerabilities, namely  in
    the '-p' switch and when you  pick a config file on the  arguments
    (a strcpy and a sprintf).  You may test it with:

        $ minicom -p/dev/ttyp`perl -e 'print "A" x 2500'`
           (Some garbage)
           Segmentation fault

    An examination under gdb  shows saved EIP=0x414141.   Even minicom
    is setgid uucp, the worst you can do is upset UUCP operations with
    exploit, which don't  happen here anyway,  or possibly change  the
    permissions on the dev file.   However, minicom is only sgid  uucp
    in latest RedHat & Slakware  releases, though keep in mind  if you
    rebuild minicom  from source  it will  install it  setuid root  by
    default.

SOLUTION

    A patch has  already been sent  to the upstream  maintainer. There
    should be a minicom-1.82 soon which addresses this issue.