Vulnerability Development mailing list archives
Re: terminal weirdness?
From: Damian Menscher <menscher () uiuc edu>
Date: Fri, 9 Mar 2001 11:48:08 -0600
On Fri, 9 Mar 2001, Curt Wilson wrote:
I recall a while back there was an ADM tool, a local exploit, that used escape sequences to create dangerous command lines that got passed into your shell - for instance adding passwords, + + to .rhosts, and the like that would execute with the security privs of the current user. I forget the exact mechanism but it's seems similar to what is being discussed here with the VT102 string appearing in reply to the terminal type query,and the answer being delivered to the local shell since the remote connection had closed.
Not sure if I'm thinking of the same thing, but I remember hearing about using the write command to write text to root's terminal, and having it contain control characters to do bad things. Damian Menscher -- --==## Grad. student & Sys. Admin. @ U. Illinois at Urbana-Champaign ##==-- --==## <menscher () uiuc edu> www.uiuc.edu/~menscher/ Ofc:(217)333-0038 ##==-- --==## Physics Dept, 1110 W Green, Urbana IL 61801 Fax:(217)333-9819 ##==--
Current thread:
- Re: terminal weirdness?, (continued)
- Re: terminal weirdness? Matt Zimmerman (Mar 08)
- Re: terminal weirdness? Crispin Cowan (Mar 09)
- Re: terminal weirdness? Allen J. Newton (Mar 09)
- Re: terminal weirdness? Ron DuFresne (Mar 10)
- Re: terminal weirdness? Allen J. Newton (Mar 11)
- Re: terminal weirdness? Matt Zimmerman (Mar 10)
- Re: terminal weirdness? Ron DuFresne (Mar 08)
- Re: terminal weirdness? Matt Zimmerman (Mar 08)
- Re: terminal weirdness? Curt Wilson (Mar 09)
- Re: terminal weirdness? Damian Menscher (Mar 09)
- Re: terminal weirdness? Matt Zimmerman (Mar 10)
- Re: terminal weirdness? Systems Administrator (Mar 10)
- Re: terminal weirdness? Matt Zimmerman (Mar 10)