Re: Xterm bug

[wam () staff cc purdue edu (William McVey)]

mike () netsys com wrote:
> Is there any possible way the xterm bug can be exploited without
> being on a X terminal?
>
> mike () netsys com

Short answer
============
yes

Long answer   
===========
All that is needed to exploit the bug is to be able to start a local
invocation of xterm that is configured improperly.  In order for xterm
to start it needs a DISPLAY that it can access.  You don't have to be
at this display to get xterm to run.  You just need permission to open
windows on it.  Since there are many sites that (unfortunately) don't
run with authentication on their X servers, you could set your display
to be one of these remote sites, give the command line previously
mentioned, and be on your way.

 -- William McVey