Date: Thu, 10 Sep 1998 12:06:20 -0700 (PDT) From: Steve Reid <sreid@alpha.sea-to-sky.net> To: Jay Tribick <netadmin@fastnet.co.uk> Cc: security@FreeBSD.ORG Subject: Re: cat exploit Message-ID: <Pine.LNX.3.95.iB1.0.980910114626.20558A-100000@alpha.sea-to-sky.net> In-Reply-To: <Pine.BSF.3.96.980910174455.1831g-100000@bofh.fast.net.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 10 Sep 1998, Jay Tribick wrote: > cat the file INSTALL to find out what you need to do - it would be > relatively simple to embed a command in there to just rm -rf / & your > hd! steve@BitBucket:/home/steve% cat /dev/urandom [barf] ^C steve@BitBucket:/home/steve% 1;2cxterm1;2cxterm1;2cxterm1;2c1;2cx term1;2c1;2cxterm1;2c1;2c I tried it several times and I couldn't get it to produce anything other than "1;2c" and "xterm", although it did completely freeze my xterm once (scrollbars didn't even work). It never seemed to embed an enter character. I have, on occasion, cat'ed a file and seen the "zsh: command not found: xtermxtermxterm" but I think that was caused by me typing ahead without noticing the extra garbage on the command line. In any case, it looks like the worst that could happen is that a binary named with some combination of those strings could be exectued, IF IT IS IN YOUR PATH. I can't think of any "evil" command that can be built using just those strings. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.3.95.iB1.0.980910114626.20558A-100000>