Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 615996 (CVE-2017-7467) - <net-dialup/minicom-2.7.1: Remote code exploit possibility
Summary: <net-dialup/minicom-2.7.1: Remote code exploit possibility
Status: RESOLVED FIXED
Alias: CVE-2017-7467
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://www.openwall.com/lists/oss-sec...
Whiteboard: B2 [glsa cve glsa cleanup]
Keywords: STABLEREQ
Depends on:
Blocks:
 
Reported: 2017-04-19 08:35 UTC by Kristian Fiskerstrand (RETIRED)
Modified: 2018-07-28 18:14 UTC (History)
1 user (show)

See Also:
Package list:
=net-dialup/minicom-2.7.1 alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
Runtime testing required: ---
stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Kristian Fiskerstrand (RETIRED) gentoo-dev 2017-04-19 08:35:03 UTC 
From $URL:
This is to announce a vulnerability that has just been fixed in minicom
2.7.1 released earlier today, and that had been found and fixed in
derived code in prl-vzvncserver (a Virtuozzo 7 component) earlier this
year.  minicom 2.7.1 is available for download at:
...
At least in the Fedora 23 package of minicom, this lets me adjust or
replace the termout function pointer.  If the variables were put in .bss
in the other order (perhaps by a different compiler), then ptr could be
overwritten, which is likely also exploitable.
...
As you can see, I am able to control the address to branch to.  Moreover,
on typical 64-bit little-endian there's partial ASLR (PIE) bypass due to
ability to keep most significant 32 bits of the function pointer intact.

Thus, this bug likely allows for remote code execution.
Comment 1 Yury German Gentoo Infrastructure gentoo-dev 2017-04-19 22:50:03 UTC 
This is a new 2.7.1 available at:
https://alioth.debian.org/frs/download.php/latestfile/3/minicom-2.7.1.tar.gz
Comment 2 Kristian Fiskerstrand (RETIRED) gentoo-dev 2017-04-21 16:20:28 UTC 
Arches, please stabilize
Comment 3 Jeroen Roovers (RETIRED) gentoo-dev 2017-04-22 13:19:45 UTC 
Stable for HPPA.
Comment 4 Agostino Sarubbo gentoo-dev 2017-04-23 10:32:41 UTC 
amd64 stable
Comment 5 Tobias Klausmann (RETIRED) gentoo-dev 2017-04-24 12:45:18 UTC 
Stable on alpha.
Comment 6 Agostino Sarubbo gentoo-dev 2017-04-27 10:42:03 UTC 
x86 stable
Comment 7 Agostino Sarubbo gentoo-dev 2017-04-27 11:28:57 UTC 
sparc stable
Comment 8 Agostino Sarubbo gentoo-dev 2017-04-29 15:05:56 UTC 
ppc stable
Comment 9 Agostino Sarubbo gentoo-dev 2017-04-30 09:39:55 UTC 
ppc64 stable
Comment 10 Yury German Gentoo Infrastructure gentoo-dev 2017-04-30 12:21:04 UTC 
Remaining arches are not part of security supported architectures, please stabilize when you have a chance. 
New GLSA Request filed.

Maintainer(s), please drop the vulnerable version(s).
Comment 11 Markus Meier gentoo-dev 2017-05-04 20:03:25 UTC 
arm stable
Comment 12 GLSAMaker/CVETool Bot gentoo-dev 2017-06-06 20:05:25 UTC 
This issue was resolved and addressed in
 GLSA 201706-13 at https://security.gentoo.org/glsa/201706-13
by GLSA coordinator Kristian Fiskerstrand (K_F).
Comment 13 Sergei Trofimovich (RETIRED) gentoo-dev 2018-07-28 18:14:29 UTC 
commit bcaa18957c06935a5b13e654bb619fdfecb70751
Author: Tim Harder <radhermit@gentoo.org>
Date:   Thu Oct 12 00:40:27 2017 -0500

    net-dialup/minicom: stabilize 2.7.1