Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: character injecting on linux console

From: Michal Zalewski <lcamtuf () coredump cx>
Date: Sun, 9 Dec 2001 11:40:45 -0500 (EST)
On Tue, 9 Oct 2001, Nelson Brito wrote:


I didn't remember this issue on BUGTRAQ, but I can't point it out that
this is OLD-NEWS in the wild.


Try e.g. this one:

http://security-archive.merton.ox.ac.uk/bugtraq-199804/0177.html


If you want read the ADM Crew's original issue, take a look at:
http://packetstorm.decepticons.org/groups/ADM/sploits/ADMesc


Well, they missed some other possibilities... Also, I believe it makes any
sense to exploit such vulnerabilities by hostile servers via network
clients (telnet, ssh, nc, ftp, lynx, anything that might dump server-side
responses to local console) or mail clients...

-- 
_____________________________________________________
Michal Zalewski [lcamtuf () bos bindview com] [security]
[http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};:
=-=> Did you know that clones never use mirrors? <=-=
          http://lcamtuf.coredump.cx/photo/
Previous By Date Next
Previous By Thread Next

Current thread: