Full Disclosure mailing list archives
RE: Re: Terminal Emulator Security Issues
From: "Steve Wray" <steve.wray () paradise net nz>
Date: Wed, 26 Feb 2003 09:32:07 +1300
On Monday, 24 February 2003, at 15:02:52 (-0600), H D Moore wrote:Eterm and rxvt both implement what they call the "screen dump"
[snip]
followed by the screen dump command. $ echo -e "\ec+ +\n\e]<Code>;/home/user/.rhosts\a"As you noted, this is no longer possible with the current release of Eterm, which has been out for some time now. I didn't think it was exploitable until, through a discussion related to this Debian bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=141374&archive=yes
Isn't this one of the generic problems with running the stable debian distro? It tends to get left behind. Sort of like end-of-life only undeclared... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Terminal Emulator Security Issues H D Moore (Feb 24)
- Re: Terminal Emulator Security Issues Michael Jennings (Feb 25)
- Re: Terminal Emulator Security Issues H D Moore (Feb 25)
- Re: Terminal Emulator Security Issues Michael Jennings (Feb 25)
- Re: Terminal Emulator Security Issues Horms (Feb 26)
- RE: Re: Terminal Emulator Security Issues Steve Wray (Feb 25)
- Re: Terminal Emulator Security Issues H D Moore (Feb 25)
- Re: Terminal Emulator Security Issues Michael Jennings (Feb 25)