Bugtraq mailing list archives

Re: Securax Advisory 13

From: Fyodor <fygrave () SCORPIONS NET>
Date: Tue, 2 Jan 2001 14:19:13 -0500

      no  source  code  to audit.  This document is subject to change
without
      prior notice.

I.  Problem Description
-----------------------

when someone telnets to a unix system, the tty that will be assigned to him
will be writable for any user on the system. However, when he is logged in,
his tty will not be writable for all users. So if someone would write data
to
a tty that is currently used by someone who's logging in, that person won't
be able to log in.


Wrong, he will be. Having the tty w/w is not a good thing however, you
could throw some junk on a user's screen which could mess-up terminal
settings pretty badly.


-F

--
http://www.notlsd.net
PGP fingerprint = 56DD 1511 DDDA 56D7 99C7  B288 5CE5 A713 0969 A4D1

Current thread:

Securax Advisory 13 incubus (Jan 02)
- Re: Securax Advisory 13 Fyodor (Jan 02)
- Re: Securax Advisory 13 Michal Zalewski (Jan 02)
- Re: Securax Advisory 13 Arturo Busleiman (Jan 03)
- <Possible follow-ups>
- Re: Securax Advisory 13 teleh0r (Jan 03)
  - Re: Securax Advisory 13 Jarno Huuskonen (Jan 03)