severity 400624 important thanks > Since urlsnarf is usually used on a terminal to have a look at > requested URLs in real-time, a malicious attacker could use requests > with escape sequences to execute arbitrary code.
By this reasoning, cat would have a grave bug for allowing users to send untrusted files to the terminal without escaping. If a terminal can be exploited to cause arbitrary code execution through control sequences in a file being displayed, we should consider this a bug in the terminal. I don't see any reason that dsniff should be picked on here just because the untrusted data it's displaying comes directly from the network. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
