Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 615996 (CVE-2017-7467) - <net-dialup/minicom-2.7.1: Remote code exploit possibility
Summary: <net-dialup/minicom-2.7.1: Remote code exploit possibility
Status: RESOLVED FIXED
Alias: CVE-2017-7467
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://www.openwall.com/lists/oss-sec...
Whiteboard: B2 [glsa cve glsa cleanup]
Keywords: STABLEREQ
Depends on:
Blocks:
 
Reported: 2017-04-19 08:35 UTC by Kristian Fiskerstrand
Modified: 2018-07-28 18:14 UTC (History)
1 user (show)

See Also:
Package list:
=net-dialup/minicom-2.7.1 alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Kristian Fiskerstrand gentoo-dev Security 2017-04-19 08:35:03 UTC
From $URL:
This is to announce a vulnerability that has just been fixed in minicom
2.7.1 released earlier today, and that had been found and fixed in
derived code in prl-vzvncserver (a Virtuozzo 7 component) earlier this
year.  minicom 2.7.1 is available for download at:
...
At least in the Fedora 23 package of minicom, this lets me adjust or
replace the termout function pointer.  If the variables were put in .bss
in the other order (perhaps by a different compiler), then ptr could be
overwritten, which is likely also exploitable.
...
As you can see, I am able to control the address to branch to.  Moreover,
on typical 64-bit little-endian there's partial ASLR (PIE) bypass due to
ability to keep most significant 32 bits of the function pointer intact.

Thus, this bug likely allows for remote code execution.
Comment 1 Yury German Gentoo Infrastructure gentoo-dev Security 2017-04-19 22:50:03 UTC
This is a new 2.7.1 available at:
https://alioth.debian.org/frs/download.php/latestfile/3/minicom-2.7.1.tar.gz
Comment 2 Kristian Fiskerstrand gentoo-dev Security 2017-04-21 16:20:28 UTC
Arches, please stabilize
Comment 3 Jeroen Roovers gentoo-dev 2017-04-22 13:19:45 UTC
Stable for HPPA.
Comment 4 Agostino Sarubbo gentoo-dev 2017-04-23 10:32:41 UTC
amd64 stable
Comment 5 Tobias Klausmann gentoo-dev 2017-04-24 12:45:18 UTC
Stable on alpha.
Comment 6 Agostino Sarubbo gentoo-dev 2017-04-27 10:42:03 UTC
x86 stable
Comment 7 Agostino Sarubbo gentoo-dev 2017-04-27 11:28:57 UTC
sparc stable
Comment 8 Agostino Sarubbo gentoo-dev 2017-04-29 15:05:56 UTC
ppc stable
Comment 9 Agostino Sarubbo gentoo-dev 2017-04-30 09:39:55 UTC
ppc64 stable
Comment 10 Yury German Gentoo Infrastructure gentoo-dev Security 2017-04-30 12:21:04 UTC
Remaining arches are not part of security supported architectures, please stabilize when you have a chance. 
New GLSA Request filed.

Maintainer(s), please drop the vulnerable version(s).
Comment 11 Markus Meier gentoo-dev 2017-05-04 20:03:25 UTC
arm stable
Comment 12 GLSAMaker/CVETool Bot gentoo-dev 2017-06-06 20:05:25 UTC
This issue was resolved and addressed in
 GLSA 201706-13 at https://security.gentoo.org/glsa/201706-13
by GLSA coordinator Kristian Fiskerstrand (K_F).
Comment 13 Sergei Trofimovich gentoo-dev 2018-07-28 18:14:29 UTC
commit bcaa18957c06935a5b13e654bb619fdfecb70751
Author: Tim Harder <radhermit@gentoo.org>
Date:   Thu Oct 12 00:40:27 2017 -0500

    net-dialup/minicom: stabilize 2.7.1