• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Minicom XModem Format String Vulnerability

Severity: MODERATE

Description:

Minicom is a serial communication utility, often used to simplify dialup connections for UNIX hosts. It is included with many popular UNIX and UNIX derivative operating systems, and is a clone of the original Telix program for MS-DOS.

A problem in the xmodem function of the software package makes it possible for local users to gain elevated privileges. This could result in further compromise, including root access.

The problem occurs in the handling of format strings by minicom. When a request to move a file via xmodem is made, an attempt to transfer the file via serial communication is made. The file can be any file on the local system that is read-accessible by the minicom user.

Upon an attempt to tranfer a file containing a format identifier at the beginning of a file name, this creates a condition in which a format string attack can occur. Problem code has been identified in source files updown.c and common.c, with function do_log().

This vulnerability can result in privileges elevated to EGID uucp, with the potential to gain root access.

Caldera Systems reports that OpenLinux does not permit exploitation of this vulnerability to yield root privilege to the attacker.

Affected Products:

• Caldera OpenLinux 2.4.0
• MandrakeSoft Linux Mandrake 7.0.0
• MandrakeSoft Linux Mandrake 7.1.0
• MandrakeSoft Linux Mandrake 7.2.0
• MandrakeSoft Linux Mandrake 8.0.0
• RedHat Linux 6.2.0
• RedHat Linux 7.0.0
• S.u.S.E. Linux 6.2.0
• S.u.S.E. Linux 6.4.0
• S.u.S.E. Linux 7.0.0
• S.u.S.E. Linux 7.1.0
• SCO eDesktop 2.4.0
• SCO eServer 2.3.1
• Slackware Linux 7.0.0
• Slackware Linux 7.1.0
• minicom minicom 1.82.1
• minicom minicom 1.83.0.0
• minicom minicom 1.83.1

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.