Re: Wall and talkd pass binary data

Bob.PageEng.Sun.COM

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Patrick Mcdowell: "Flash/talkd"
• Previous message: Scott D. Yelich: "Re: rpc.cmsd?"
• Maybe in reply to: Rob Quinn: "Wall and talkd pass binary data"
• Next in thread: Craig Presson: "Re: Wall and talkd pass binary data"

Wow -- this was an old haq from years and years ago.  It was first
exploited by finger (putting escape sequences in your .plan).

The "talk" version is being actively exploited on IRC.  Then again,
every haq meant to annoy others is being exploited on irc.

The defense is easy: just modify talkd, walld, and your finger client
to filter control sequences other than newline and tab.  Or better
yet, disable the daemons and just make sure finger is fixed.

If you still have a terminal that supports block mode -- time to step
into the 80s and get a new terminal!

Good to see bugtraq back in action! :-)

..bob
[not connected with security-alertsun.com]

• Next message: Patrick Mcdowell: "Flash/talkd"
• Previous message: Scott D. Yelich: "Re: rpc.cmsd?"
• Maybe in reply to: Rob Quinn: "Wall and talkd pass binary data"
• Next in thread: Craig Presson: "Re: Wall and talkd pass binary data"