Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 24 Mar 2015 16:07:40 +1100 (EST)
From: Dave Horsfall <dave@...sfall.org>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
Subject: Re: CVE-2014-8166 cups: code execution via unescape
 ANSI escape sequences

On Mon, 23 Mar 2015, Kurt Seifried wrote:

> So this one is pretty hard to cause exploitation without heavy social 
> engineering/etc.

Back when I was fooling around with such things in the 80s, I found that 
not only could I program the function keys on an emulator, I could also 
execute them...  Dunno whether this is still the case.

I seem to recall something like "FORMAT C: /YES" or similar.

-- 
Dave Horsfall DTM (VK2KFU)   "Those who don't understand security will suffer."
http://www.horsfall.org/spam.html (and check the home page whilst you're there)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ