Support / Sécurité / Annonces de sécurité / Corporate Server 1.0.1 / MDKSA-2001:051

Nom du paquet: minicom
Date: 2001-05-10
Advisory ID: MDKSA-2001:051
Affected versions: 8.0 i586 , 7.2 i586 , 7.1 i586 , CS1.0 i586

Problem description

Several format string vulnerabilities exist in the minicom program. These bugs can be exploited to obtain group uucp privilege. A simple fix is to simply remove the setgid bit on /usr/bin/minicom, however these new packages introduce some fixes for the vulnerabilties through a patch from Red Hat, and also strip the setgid bit.

Updated packages

8.0 i586

 d7a4e76ac4590a335df65145a5160652  8.0/RPMS/minicom-1.83.1-6.1mdk.i586.rpm
56ea4ba4b7b89eb265cb394876ed365d  8.0/SRPMS/minicom-1.83.1-6.1mdk.src.rpm

7.2 i586

 0fc056ca6af11e35c620239c8a2c449e  7.2/RPMS/minicom-1.83.1-3.1mdk.i586.rpm
8d75daa644c9e2d49d6b292c86a802d9  7.2/SRPMS/minicom-1.83.1-3.1mdk.src.rpm

7.1 i586

 299c307031d3bf291e8c69417f478b78  7.1/RPMS/minicom-1.83.1-3.2mdk.i586.rpm
37356fbff29a5dbec4c7061092c1602e  7.1/SRPMS/minicom-1.83.1-3.2mdk.src.rpm

CS1.0 i586

 299c307031d3bf291e8c69417f478b78  1.0.1/RPMS/minicom-1.83.1-3.2mdk.i586.rpm
37356fbff29a5dbec4c7061092c1602e  1.0.1/SRPMS/minicom-1.83.1-3.2mdk.src.rpm

References

http://www.securityfocus.com/frames/?content=/vdb/bottom.html?vid=2681