[10748] in bugtraq
Re: RedHat 6.0, /dev/pts permissions bug when using xterm
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@VT.EDU)
Tue Jun 8 13:13:49 1999
Mime-Version: 1.0
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="==_Exmh_1644654370P"; micalg=pgp-md5;
protocol="application/pgp-signature"
Content-Transfer-Encoding: 7bit
Message-Id: <199906071810.d57IAq036072@black-ice.cc.vt.edu>
Date: Mon, 7 Jun 1999 14:10:52 -0400
Reply-To: Valdis.Kletnieks@VT.EDU
From: Valdis.Kletnieks@VT.EDU
X-To: noc-wage <wage@IDIRECT.CA>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Your message of "Sun, 06 Jun 1999 19:15:05 -0000."
<375AC8B8.EE68F0C3@idirect.ca>
--==_Exmh_1644654370P
Content-Type: text/plain; charset=us-ascii
On Sun, 06 Jun 1999 19:15:05 -0000, noc-wage <wage@IDIRECT.CA> said:
> This isn't a particularily "deadly" DoS attack, but can be used as a
> nuisance OR perhaps even to trick the user into doing something he may
> not want to do. (For example dumping "Login:" then "Password:" to the
> terminal may trick the user into adding his login/password to a file or
> to
> his .bash_history).
It's deadly as they come.
Man. It was way back in 1983 or so when I first saw the wonders of discarding
your control terminal, opening a tty to make it your control terminal, and
then start abusing the TIOCSTI ioctl(). No exploit here - this is so old
that you should be able to find it ANYPLACE. ;)
--
Valdis Kletnieks
Computer Systems Senior Engineer
Virginia Tech
--==_Exmh_1644654370P
Content-Type: application/pgp-signature
-----BEGIN PGP MESSAGE-----
Version: 2.6.2
iQCVAwUBN1wLK9QBOOoptg9JAQFuGgP/ZNK3B7TxsW1rrCmmJqhuQnvr0rOU4hOq
p0lJnZPl3F3ME1ABMmerFl73snZapATnZLNPiAUrZNVTHpUQywVBanBUNYCIql44
sNbESNfxp0KY8HinFDjFUP6qQFtzVFtoO36mhlTVKFzNBGYqxEA2P17nJvjEWies
Jjl8E7jIMzg=
=Kx99
-----END PGP MESSAGE-----
--==_Exmh_1644654370P--