[18405] in bugtraq
Re: Securax Advisory 13
daemon@ATHENA.MIT.EDU (Fyodor)
Tue Jan 2 19:59:43 2001
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.31.0101021411030.15700-100000@doit.scorpions.net>
Date: Tue, 2 Jan 2001 14:19:13 -0500
Reply-To: Fyodor <fygrave@SCORPIONS.NET>
From: Fyodor <fygrave@SCORPIONS.NET>
X-To: incubus <incubus@SECURAX.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <001701c07403$d18d5bc0$8656e0d5@pandora.be>
> no source code to audit. This document is subject to change
> without
> prior notice.
>
> I. Problem Description
> -----------------------
>
> when someone telnets to a unix system, the tty that will be assigned to him
> will be writable for any user on the system. However, when he is logged in,
> his tty will not be writable for all users. So if someone would write data
> to
> a tty that is currently used by someone who's logging in, that person won't
> be able to log in.
>
Wrong, he will be. Having the tty w/w is not a good thing however, you
could throw some junk on a user's screen which could mess-up terminal
settings pretty badly.
-F
--
http://www.notlsd.net
PGP fingerprint = 56DD 1511 DDDA 56D7 99C7 B288 5CE5 A713 0969 A4D1
