Nmap Development mailing list archives
Ideas for Ncat output escaping?
From: David Fifield <david () bamsoftware com>
Date: Tue, 10 Mar 2009 12:28:31 -0600
Hello, Fyodor and I were chatting using Ncat's --chat mode (formerly --talk). We were playing tricks, sending ANSI control codes to change the color of each other's screen. Changing colors is fine, but allowing arbitrary control codes is dangerous. We assume that in --chat mode the output is going to a terminal, and some terminals can be exploited by making them show certain sequences. Here's an xterm vulnerability from 2008: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2383 I committed a change that does octal escaping of any nonprinting characters. Escape code shenanigans look like this: <user5> \033[32m Does that look all right? I would like to disable escaping for bytes with the high bit set, to allow sending UTF-8, but I think some of those are control characters too. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Ideas for Ncat output escaping? David Fifield (Mar 10)