Vulnerability Development mailing list archives

Re: terminal weirdness?

From: Damian Menscher <menscher () uiuc edu>
Date: Fri, 9 Mar 2001 11:48:08 -0600

On Fri, 9 Mar 2001, Curt Wilson wrote:

I recall a while back there was an ADM tool, a local exploit, that
used escape sequences to create dangerous command lines that got passed into
your shell -  for instance adding passwords, + + to .rhosts, and the like that
would execute with the security privs of the current user.

I forget the exact mechanism but it's seems similar to what is being
discussed
here with the VT102 string appearing in reply to the terminal type
query,and the
answer being delivered to the local shell since the remote connection had
closed.


Not sure if I'm thinking of the same thing, but I remember hearing about
using the write command to write text to root's terminal, and having it
contain control characters to do bad things.

Damian Menscher
--
--==## Grad. student & Sys. Admin. @ U. Illinois at Urbana-Champaign ##==--
--==## <menscher () uiuc edu> www.uiuc.edu/~menscher/ Ofc:(217)333-0038 ##==--
--==## Physics Dept, 1110 W Green, Urbana IL 61801 Fax:(217)333-9819 ##==--

Current thread:

Re: terminal weirdness?, (continued)
- - - Re: terminal weirdness? Matt Zimmerman (Mar 08)
    - Re: terminal weirdness? Crispin Cowan (Mar 09)
    - Re: terminal weirdness? Allen J. Newton (Mar 09)
    - Re: terminal weirdness? Ron DuFresne (Mar 10)
    - Re: terminal weirdness? Allen J. Newton (Mar 11)
    - Re: terminal weirdness? Matt Zimmerman (Mar 10)
  - Re: terminal weirdness? Ron DuFresne (Mar 08)
    - Re: terminal weirdness? Matt Zimmerman (Mar 08)
- Re: terminal weirdness? Vincent Zweije (Mar 08)
  - Re: terminal weirdness? Curt Wilson (Mar 09)
    - Re: terminal weirdness? Damian Menscher (Mar 09)
    - Re: terminal weirdness? Matt Zimmerman (Mar 10)
    - Re: terminal weirdness? Systems Administrator (Mar 10)
    - Re: terminal weirdness? Matt Zimmerman (Mar 10)