Bugtraq: Re: Wall and talkd pass binary data

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: Wall and talkd pass binary data

From: Bob.Page () Eng Sun COM (Bob Page)
Date: Tue, 19 Jul 1994 19:02:58 +0800


Wow -- this was an old haq from years and years ago.  It was first
exploited by finger (putting escape sequences in your .plan).

The "talk" version is being actively exploited on IRC.  Then again,
every haq meant to annoy others is being exploited on irc.

The defense is easy: just modify talkd, walld, and your finger client
to filter control sequences other than newline and tab.  Or better
yet, disable the daemons and just make sure finger is fixed.

If you still have a terminal that supports block mode -- time to step
into the 80s and get a new terminal!

Good to see bugtraq back in action! :-)

..bob
[not connected with security-alert () sun com]

By Date By Thread

Current thread:

Re: Wall and talkd pass binary data Bob Page (Jul 19)
- Re: Wall and talkd pass binary data Craig Presson (Jul 20)
- <Possible follow-ups>
- Wall and talkd pass binary data Rob Quinn (Jul 19)
  - Flash/talkd Patrick Mcdowell (Jul 20)
    - Re: Flash/talkd Eric Wedaa (Jul 20)
  - Re: Wall and talkd pass binary data a.e.mossberg (Jul 20)