Re: character injecting on linux console
From: Michal Zalewski (lcamtuf@coredump.cx)Date: 12/09/01
- Previous message: Nelson Brito: "Re: character injecting on linux console"
- In reply to: Nelson Brito: "Re: character injecting on linux console"
- Next in thread: Valdis.Kletnieks@vt.edu: "Re: character injecting on linux console"
- Next in thread: Robert van der Meulen: "Re: character injecting on linux console"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 9 Dec 2001 11:40:45 -0500 (EST) From: Michal Zalewski <lcamtuf@coredump.cx> To: Nelson Brito <nelson@tw-award.com>
On Tue, 9 Oct 2001, Nelson Brito wrote:
> I didn't remember this issue on BUGTRAQ, but I can't point it out that
> this is OLD-NEWS in the wild.
Try e.g. this one:
http://security-archive.merton.ox.ac.uk/bugtraq-199804/0177.html
> If you want read the ADM Crew's original issue, take a look at:
> http://packetstorm.decepticons.org/groups/ADM/sploits/ADMesc
Well, they missed some other possibilities... Also, I believe it makes any
sense to exploit such vulnerabilities by hostile servers via network
clients (telnet, ssh, nc, ftp, lynx, anything that might dump server-side
responses to local console) or mail clients...
-- _____________________________________________________ Michal Zalewski [lcamtuf@bos.bindview.com] [security] [http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};: =-=> Did you know that clones never use mirrors? <=-= http://lcamtuf.coredump.cx/photo/
- Previous message: Nelson Brito: "Re: character injecting on linux console"
- In reply to: Nelson Brito: "Re: character injecting on linux console"
- Next in thread: Valdis.Kletnieks@vt.edu: "Re: character injecting on linux console"
- Next in thread: Robert van der Meulen: "Re: character injecting on linux console"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
