RE: [Full-Disclosure] Re: Terminal Emulator Security Issues

From: Steve Wray (steve.wrayat_private)
Date: Tue Feb 25 2003 - 12:32:07 PST

Next message: @stake Advisories: "Nokia 6210 DoS SMS Issue"

Previous message: Michael Walton: "[sorcerer-spells] ZLIB-SORCERER2003-02-25"
In reply to: Michael Jennings: "[Full-Disclosure] Re: Terminal Emulator Security Issues"
Next in thread: Michael Jennings: "Re: Terminal Emulator Security Issues"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> On Monday, 24 February 2003, at 15:02:52 (-0600),
> H D Moore wrote:
> 
> > Eterm and rxvt both implement what they call the "screen dump"
[snip]
> > followed by the screen dump command.
> > 
> > $ echo -e "\ec+ +\n\e]<Code>;/home/user/.rhosts\a"
> 
> As you noted, this is no longer possible with the current release of
> Eterm, which has been out for some time now.  I didn't think it was
> exploitable until, through a discussion related to this Debian bug:
> 
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=141374&archive=yes

Isn't this one of the generic problems with running the stable
debian distro? It tends to get left behind. Sort of like end-of-life
only undeclared...

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Next message: @stake Advisories: "Nokia 6210 DoS SMS Issue"
Previous message: Michael Walton: "[sorcerer-spells] ZLIB-SORCERER2003-02-25"
In reply to: Michael Jennings: "[Full-Disclosure] Re: Terminal Emulator Security Issues"
Next in thread: Michael Jennings: "Re: Terminal Emulator Security Issues"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Feb 25 2003 - 13:12:06 PST