Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Terminal Emulator Security Issues
From: Pavel Machek <pavel () suse cz>
Date: Sun, 2 Mar 2003 21:50:29 +0100

Hi!

TERMINAL EMULATOR SECURITY ISSUES
Copyright  2003 Digital Defense Incorporated

I played related joke on my friends,
telling them to 

telnet host 1234

and login with

secret
#r_f#_m -r _g_/

(of coursed it set terminal to black/black
and disconnected after printing "Password:".)

Not permiting black-on-black-type
color combinations should help this.

Also terminals have various answerback
sentences. On localhost it is easy to
exploit any such thing.

(Create README file and xtermls executable
in some directory. Make README ask
xterm for answerback and hope user
will do ls after cat-ing README. Ouch.)
                                Pavel 

-- 
                                Pavel
Written on sharp zaurus, because my Velo1 broke. If you have Velo you don't need...

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
  • Re: Terminal Emulator Security Issues Pavel Machek (Mar 03)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]