as i said, a quick fix to close the logging exploit.
The information loss (changing ESC to the bell character 7)
is very little;
under normal operation, you should never have a bell
character in the
log file, and now, if you see one, it should ring a bell
the incoming url might be url-en
tl;dr: Yes, this is remotely exploitable.
Longer explanation:
It is if and only if you use a terminal emulator that implements various
exploitable escape sequences *and* cat/tail files that an attacker can
write to, even indirectly, such as webserver access logs.
For various attack vectors, rea
The exploit works like this:
1) Attacker sends HTTP request with ANSI escape sequence embedded in URL
2) Escape sequence is logged to access log.
3) Administrator on web server views log via cat, tail, etc.'
4) Escape sequences are interpreted by terminal emulator.
In the case of extremely braind
Did I read this correctly: this is a remotely exploitable?
Jade
Jade Rubick | Director of Development | TRUiST
2201 Wisconsin Ave NW, Suite 250 | Washington, DC 20007 | www.truist.com | +1
202 903 2564
P Please consider the environment before printing
The information contained in this email/doc
As a short-term solution, this is probably adequate, but there's
information loss -- it'd be nice to indicate the original byte sequence
somehow in the log entry by escaping characters so that log analysis
tools could detect such attacks, etc.
Perhaps the right answer is to log the URI with prope
Hi brian,
i have just now committed a quick fix for the problem into
the aolserver/nslog/nslog.c
into the sourceforge module. please check, if this is in all
cases sufficient.
-gustaf neumann
On 09.09.10 13:32, Fenton, Brian wrote:
Hi all
just came across this when looking for something e
Hi all
just came across this when looking for something else. I don't remember seeing
any discussion on the list at the time.
http://www.securityfocus.com/bid/37712
regards
Brian Fenton
--
AOLserver - http://www.aolserver.com/
To Remove yourself from this list, simply send an email to
with
