Bugtraq mailing list archives

Re: bsd in.talkd+antiflash remote-remote hole

From: bicknell () ussenterprise async vt edu (Leo Bicknell)
Date: Fri, 10 Mar 1995 13:11:44 -0500 (EST)

Modify your DNS hostfield to :

      ;any_command_you_want

Set a talk flash to the site running the in.talkd d, and guess what happens?


        Flash is such a wonderful tool.  I submitted a patch to the
NetBSD people which got forwarded to some of the BSD (4.4lite?)
people.  I'm not sure what it's in.  Basically I added a check to make
sure each charactor in whatever the other end gave us "isprint()"able,
and if it's not turn it into a space.  This removes the ESC charactor
from flash strings, rendering flash usless.

        When you get data from a possibly untrustworthy source you
need to be careful about what you do with it.

-- 
Leo Bicknell - bicknell () vt edu                     | Make a little birdhouse
               bicknell () csugrad cs vt edu          | in your soul......
               bicknell () ussenterprise async vt edu | They Might
http://ussenterprise.async.vt.edu/~bicknell/       | Be Giants

Current thread:

bsd in.talkd+antiflash remote-remote hole Julian Assange (Mar 10)
- Re: bsd in.talkd+antiflash remote-remote hole Leo Bicknell (Mar 10)
- <Possible follow-ups>
- bsd in.talkd+antiflash remote-remote hole Mikael Simovits (Mar 10)
- Re: bsd in.talkd+antiflash remote-remote hole Julian Assange (Mar 11)