Bugtraq mailing list archives
Re: bsd in.talkd+antiflash remote-remote hole
From: bicknell () ussenterprise async vt edu (Leo Bicknell)
Date: Fri, 10 Mar 1995 13:11:44 -0500 (EST)
Modify your DNS hostfield to : ;any_command_you_want Set a talk flash to the site running the in.talkd d, and guess what happens?
Flash is such a wonderful tool. I submitted a patch to the NetBSD people which got forwarded to some of the BSD (4.4lite?) people. I'm not sure what it's in. Basically I added a check to make sure each charactor in whatever the other end gave us "isprint()"able, and if it's not turn it into a space. This removes the ESC charactor from flash strings, rendering flash usless. When you get data from a possibly untrustworthy source you need to be careful about what you do with it. -- Leo Bicknell - bicknell () vt edu | Make a little birdhouse bicknell () csugrad cs vt edu | in your soul...... bicknell () ussenterprise async vt edu | They Might http://ussenterprise.async.vt.edu/~bicknell/ | Be Giants
Current thread:
- bsd in.talkd+antiflash remote-remote hole Julian Assange (Mar 10)
- Re: bsd in.talkd+antiflash remote-remote hole Leo Bicknell (Mar 10)
- <Possible follow-ups>
- bsd in.talkd+antiflash remote-remote hole Mikael Simovits (Mar 10)
- Re: bsd in.talkd+antiflash remote-remote hole Julian Assange (Mar 11)