Date: Thu, 10 Sep 1998 18:18:41 +0200 (CEST) From: Mikael Karpberg <karpen@ocean.campus.luth.se> To: netadmin@fastnet.co.uk (Jay Tribick) Cc: freebsd-security@FreeBSD.ORG Subject: Re: Err.. cat exploit.. (!) Message-ID: <199809101618.SAA10499@ocean.campus.luth.se> In-Reply-To: <Pine.BSF.3.96.980910115926.408V-100000@bofh.fast.net.uk> from Jay Tribick at "Sep 10, 98 12:07:05 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
According to Jay Tribick: > bofh$ cat sendmail.st > `ay5habf33*`ma}`)`Jj]: Jsu-2.01$ xtermxterm > su: xtermxterm: command not found > bofh$ > > This seems quite scarey to me, couldn't someone embed 'rm -rf /' > within a text file and then, if root cats the file it nukes > their system? I'm not completely clear on what that is, but I've seen it also. What I _am_ completely clear about is that it's got nothing to do with cat, and instead everything to do with xterm. I guess it's some code sequence that comes up that makes xterm do something. Kinda like the code that sets the xterm title. /Mikael To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199809101618.SAA10499>