oss-sec mailing list archives
Re: CVE-2014-8166 cups: code execution via unescape ANSI escape sequences
From: Dave Horsfall <dave () horsfall org>
Date: Tue, 24 Mar 2015 16:07:40 +1100 (EST)
On Mon, 23 Mar 2015, Kurt Seifried wrote:
So this one is pretty hard to cause exploitation without heavy social engineering/etc.
Back when I was fooling around with such things in the 80s, I found that not only could I program the function keys on an emulator, I could also execute them... Dunno whether this is still the case. I seem to recall something like "FORMAT C: /YES" or similar. -- Dave Horsfall DTM (VK2KFU) "Those who don't understand security will suffer." http://www.horsfall.org/spam.html (and check the home page whilst you're there)
Current thread:
- CVE-2014-8166 cups: code execution via unescape ANSI escape sequences Kurt Seifried (Mar 23)
- Re: CVE-2014-8166 cups: code execution via unescape ANSI escape sequences Dave Horsfall (Mar 23)
- Re: CVE-2014-8166 cups: code execution via unescape ANSI escape sequences Florian Weimer (Mar 24)