Re: Hahahaha

[H D Moore <hdm-daily-dave () digitaloffense net>]

Tell me about it. Supposedly someone at the Shmoo Group discovered that 
msfconsole/msfcli doesn't strip terminal escape characters. Sad part is 
the vulnerabilities they reference are they ones that I found in the 
first place and *documented* in ./docs/SECURITY and the user guide...

( http://metasploit.com/projects/Framework/documentation.html#Security )
----
- We recommend that you use a robust, secure terminal emulator when
 utilizing the command-line interfaces. Please see the references at the
 bottom of this document for more information.

Terminal Emulator Security Issues
 http://www.digitaldefense.net/labs/papers/Termulation.txt
----

I didn't get a chance to see the talk, so if this is completely off base, 
someone correct me. I still haven't seen an email from Brian Caswell or 
any @shmoo.org address about it. In other news, Dino Dai Zovi actually 
found a *real* security hole in msfweb, more information can be found 
online at http://metasploit.com/archive/framework/msg00469.html

-HD

On Tuesday 02 August 2005 00:28, Dave Aitel wrote:
> http://www.securityfocus.com/bid/14446/info
> Immunity CANVAS Unspecified Remote Vulnerability
>
> *Advisories:*
> *References:*
>
>     * CANVAS Home Page
>       <http://www.immunitysec.com/products-canvas.shtml> (Immunity
> Inc.) * DefCon Day 2: Patching Your Hacker Toolkit
>      
> <http://blogs.washingtonpost.com/securityfix/2005/07/patching_your_e.ht
> ml> (Washington Post)
>
> -dave
>
> _______________________________________________
> Dailydave mailing list
> Dailydave () lists immunitysec com
> https://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave