COMMAND

    in.talkd(8)

SYSTEMS AFFECTED

    System using an unpatched in.talkd.

PROBLEM

    in.talkd does not filter out escape characters passed to it as the
    address of the calling party  and prints them on the  screen. This
    can be used to garble a users screen, or if using a terminal  that
    supports  echo  back  escape  sequences  it  can  be  used  to run
    commands as the user at the terminal.

SOLUTION

    Set msgs  to no,  patch in.talkd  to filter  out escape characters
    from from  foreing address,  or turn  off in.talkd.   Here are the
    diff for the process.c from the bsd source code:

	90a92,96
	>       if (strchr(mp->l_name,27)) {
	>          syslog(LOG_NOTICE,"flash received. Aborting);
	>          rp->answer = FAILED;
	>          return;
	>       }