From owner-freebsd-security  Fri Sep 11 02:51:29 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id CAA10620
          for freebsd-security-outgoing; Fri, 11 Sep 1998 02:51:29 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from hosting.doublesquare.com (hosting.doublesquare.com [195.5.128.151])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id CAA10615
          for <security@FreeBSD.ORG>; Fri, 11 Sep 1998 02:51:20 -0700 (PDT)
          (envelope-from ark@eltex.ru)
From: ark@eltex.ru
Received: from eltex.ru (eltex-spiiras.nw.ru [195.19.204.46] (may be forged))
	by hosting.doublesquare.com (8.8.8/8.8.8) with ESMTP id NAA02658; Fri, 11 Sep 1998 13:50:38 +0400 (MSD)
Received: from paranoid.eltex.spb.ru (root@border.eltex.ru [195.19.198.2])
	by eltex.ru (8.8.8/8.8.8) with ESMTP id NAA03566; Fri, 11 Sep 1998 13:50:42 +0400 (MSD)
Received: (from ark@localhost) by paranoid.eltex.spb.ru (8.8.8/8.7.3) id NAA04779; Fri, 11 Sep 1998 13:50:28 +0400
Date: Fri, 11 Sep 1998 13:50:28 +0400
Message-Id: <199809110950.NAA04779@paranoid.eltex.spb.ru>
In-Reply-To: <Pine.LNX.3.95.iB1.0.980910114626.20558A-100000@alpha.sea-to-sky.net> from "Steve Reid <sreid@alpha.sea-to-sky.net>"
Organization: "Klingon Imperial Intelligence Service"
Subject: Re: cat exploit
To: sreid@alpha.sea-to-sky.net
Cc: netadmin@fastnet.co.uk, security@FreeBSD.ORG
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

-----BEGIN PGP SIGNED MESSAGE-----

nuqneH,

Can't remember exact control sequences details but afair it is possible
for xterm to
a) set window title to whatever you want
b) get it back as a responce.

Steve Reid <sreid@alpha.sea-to-sky.net> said :


> I tried it several times and I couldn't get it to produce anything
> other than "1;2c" and "xterm", although it did completely freeze my
> xterm once (scrollbars didn't even work).
> 
> It never seemed to embed an enter character. I have, on occasion, cat'ed
> a file and seen the "zsh: command not found: xtermxtermxterm" but I
> think that was caused by me typing ahead without noticing the extra
> garbage on the command line. 
> 
> In any case, it looks like the worst that could happen is that a binary
> named with some combination of those strings could be exectued, IF IT IS
> IN YOUR PATH. I can't think of any "evil" command that can be built
> using just those strings.
                                     _     _  _  _  _      _  _
 {::} {::} {::}  CU in Hell          _| o |_ | | _|| |   / _||_|   |_ |_ |_
 (##) (##) (##)        /Arkan#iD    |_  o  _||_| _||_| /   _|  | o |_||_||_|
 [||] [||] [||]            Do i believe in Bible? Hell,man,i've seen one!

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBNfjyY6H/mIJW9LeBAQFW6wQAs1tNY621k24Trk7y1kCx8wOHBCLVAYQ5
ym9GUsSpBd/y4brSRODb8F4bABYTeNG7/gD6pzf+/x5eh7UOUbdNPKctGQmbW+Jk
lz9oNsJ8ij6jweRIPkQcTLB5rsWk/oXd7tO0wWK312g5uF5pQ3voR0/hrspGssId
qWqvGTSXLsc=
=1x9r
-----END PGP SIGNATURE-----

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message