[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [bug-inetutils] telnet security advisory
From: |
Alfred M. Szmidt |
Subject: |
Re: [bug-inetutils] telnet security advisory |
Date: |
Mon, 03 Oct 2011 17:21:06 -0400 |
# cat evil-file | telnet 127.0.0.1 80
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
telnet> !id
uid=0(root) gid=0(root)
groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),1
0(wheel),19(log)
Connection closed by foreign host.
I think is very dangerous despite of few admins use telnet for
moving file like this, there is attached a detailed security
advisory.
Good analysis, but I agree with Simon. This isn't a bug, it is no
different than:
cat evil-file | sh
when running as root. If you want to be safe, base64 encode your file
first before transfer; or use the -E flag.