Date: Tue, 24 Mar 2015 16:07:40 +1100 (EST) From: Dave Horsfall <dave@...sfall.org> To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com> Subject: Re: CVE-2014-8166 cups: code execution via unescape ANSI escape sequences On Mon, 23 Mar 2015, Kurt Seifried wrote: > So this one is pretty hard to cause exploitation without heavy social > engineering/etc. Back when I was fooling around with such things in the 80s, I found that not only could I program the function keys on an emulator, I could also execute them... Dunno whether this is still the case. I seem to recall something like "FORMAT C: /YES" or similar. -- Dave Horsfall DTM (VK2KFU) "Those who don't understand security will suffer." http://www.horsfall.org/spam.html (and check the home page whilst you're there)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ