Bugtraq mailing list archives
Re: Wall and talkd pass binary data
From: Bob.Page () Eng Sun COM (Bob Page)
Date: Tue, 19 Jul 1994 19:02:58 +0800
Wow -- this was an old haq from years and years ago. It was first exploited by finger (putting escape sequences in your .plan). The "talk" version is being actively exploited on IRC. Then again, every haq meant to annoy others is being exploited on irc. The defense is easy: just modify talkd, walld, and your finger client to filter control sequences other than newline and tab. Or better yet, disable the daemons and just make sure finger is fixed. If you still have a terminal that supports block mode -- time to step into the 80s and get a new terminal! Good to see bugtraq back in action! :-) ..bob [not connected with security-alert () sun com]
Current thread:
- Re: Wall and talkd pass binary data Bob Page (Jul 19)
- Re: Wall and talkd pass binary data Craig Presson (Jul 20)
- <Possible follow-ups>
- Wall and talkd pass binary data Rob Quinn (Jul 19)
- Flash/talkd Patrick Mcdowell (Jul 20)
- Re: Flash/talkd Eric Wedaa (Jul 20)
- Re: Wall and talkd pass binary data a.e.mossberg (Jul 20)
- Flash/talkd Patrick Mcdowell (Jul 20)
- Re: Wall and talkd pass binary data Martin Sean Bennet - Sun UK - CSG Engineer (Jul 20)
- Re: Sending escape sequences to xterms via wall/talk Mike Raffety (Jul 20)
- Re: Sending escape sequences to xterms via wall/talk Christopher A. Stewart (Jul 20)
- Re: Sending escape sequences to xterms via wall/talk Andrew Beckett (Jul 21)
- setuid root programs and core dumps Rob Quinn (Jul 21)
- Re: Sending escape sequences to xterms via wall/talk Mike Raffety (Jul 20)