For mgetty users with non-trusted shell logins

• Messages sorted by:[ date ][ thread ][ subject ][ author ]

On Wed, 27 Jan 1999, Gert Doering wrote:

> On Tue, Jan 26, 1999 at 11:32:48PM +0100, l41484@alfa.ist.utl.pt wrote:
> > Well if we fiddle with the S2 register (by disabling the escape
> > characters) wouldn't we avoid people, entering into command command and
> > thus controlling the matter?
> 
> No. Just hang up on the caller side.  Voila, the modem is in command mode.

I think i've already managed to understand how it's done.

> > Although it think, this would stop the called machine, from terminating
> > the call. (with +++ATH) This could be prevented, by not disabling the
> > escape character, but by changing it, into something else. Or perhaps
> > another possibility, would be fiddling with &D", S25 register and a DTR
> > transition to hangup? 
> 
> Believe Marc, his exploit works, even if the modem is set up correctly,
> and all device permissions are set up just perfectly.

I've nevers disbelieved Marc. I was just suggesting some defenses to what
i thought the vulnerability was. It's just, i was misunderstooding the
problem, and suggesting a defense which you had suggested a long time and
that i've never read. :-) It seems, what i was suggesting is valid, not
for this situation. It seems i was discovering on my own, what had been
revealed a long time ago. (a few years behind, the story of my life :-))

--
Tiago Pascoal  (l41484@alfa.ist.utl.pt)               FAX : +351-1-7273394
Politicamente incorrecto, e membro (nao muito) proeminente da geracao rasca.