Minicom XModem Format String Vulnerability

Minicom is a serial communication utility, often used to simplify dialup connections for UNIX hosts. It is included with many popular UNIX and UNIX derivative operating systems, and is a clone of the original Telix program for MS-DOS.

A problem in the design of the software makes it vulnerable to a format string attack. By executing the software, and attempting to send a file via xmodem with a format identifier in the name, it is possible exploit this format string vulnerability.

This makes it possible for a local user to gain an elevation of privileges equal to uucp.

Caldera Systems reports that OpenLinux does not permit exploitation of this vulnerability to yield root privilege to the attacker.


Privacy Statement
Copyright 2010, SecurityFocus