|
|
|
|
|
|
by wolfgang42
3133 days ago
|
|
|
> "escape sequences", which are not the same as running executables and isn't very dangerous. Unless your terminal has support for something like setting the answerback string, in which case the escape sequence could set it and then send an ENQ immediately before ending, causing the answerback to be typed into a shell prompt and executed. (Escape sequences aren't always as innocent as you might expect.) I don't know if any modern terminal emulators support this, but I believe it's been a vector in the past. Edit: The article mentions some alternative vectors, specifically the screen dumping escape sequence (potentially allowing overwriting arbitrary files) and window title reporting (which behaves similarly to the answerback exploit I mention above), and links to [1] which gives more details on such exploits. [1]: https://www.proteansec.com/linux/blast-past-executing-code-t... |
|
|