Ideas for Ncat output escaping?

[David Fifield <david () bamsoftware com>]

Hello,

Fyodor and I were chatting using Ncat's --chat mode (formerly --talk).
We were playing tricks, sending ANSI control codes to change the color
of each other's screen. Changing colors is fine, but allowing arbitrary
control codes is dangerous. We assume that in --chat mode the output is
going to a terminal, and some terminals can be exploited by making them
show certain sequences. Here's an xterm vulnerability from 2008:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2383

I committed a change that does octal escaping of any nonprinting
characters. Escape code shenanigans look like this:

<user5> \033[32m

Does that look all right? I would like to disable escaping for bytes
with the high bit set, to allow sending UTF-8, but I think some of those
are control characters too.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org