Multiple Unix talkd/walld Escape Sequence Screen Disruption DoS

1985-01-01T00:00:00
ID OSVDB:17043
Type osvdb
Reporter OSVDB
Modified 1985-01-01T00:00:00

Description

Vulnerability Description

Many Unix versions contain a flaw that may allow a remote attacker to interfere with a user's session. The issue is due to in.talkd and/or walld not sanitizing user-supplied input. By sending a crafted set of escape characters, it is possible to disrupt a user's session in a way that prevents their screen from displaying characters properly. This will force a user to reset the session (which frequently did not work) or exit the session and relogin.

Solution Description

Upgrade to one of the more recent versions of your flavor of Unix. Most (if not all) Unix vendors patched their various implementations many years ago.

Short Description

Many Unix versions contain a flaw that may allow a remote attacker to interfere with a user's session. The issue is due to in.talkd and/or walld not sanitizing user-supplied input. By sending a crafted set of escape characters, it is possible to disrupt a user's session in a way that prevents their screen from displaying characters properly. This will force a user to reset the session (which frequently did not work) or exit the session and relogin.

References:

Related OSVDB ID: 17043 Related OSVDB ID: 11513 Other Advisory URL: http://www.securitybugware.org/mUNIXes/4651.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1994_3/0016.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1994_3/0026.html Keyword: flash Keyword: flash.c ISS X-Force ID: 615 CVE-1999-0251