CVE-2008-2383

Related Files

Gentoo Linux Security Advisory 200902-4

Posted Feb 12, 2009

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200902-04 - An error in the processing of special sequences in xterm may lead to arbitrary commands execution. Paul Szabo reported an insufficient input sanitization when processing Device Control Request Status String (DECRQSS) sequences. Versions less than 239 are affected.

tags | advisory, arbitrary

systems | linux, gentoo

advisories | CVE-2008-2383

SHA-256 | 0131e76876c7cebbb97deee77a4673733c286d37eb16cfe9f06ef660692c0383

Download | Favorite | View

Mandriva Linux Security Advisory 2009-005

Posted Jan 12, 2009

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-005 - A vulnerability has been discovered in xterm, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to xterm not properly processing the DECRQSS Device Control Request Status String escape sequence. This can be exploited to inject and execute arbitrary shell commands by e.g. tricking a user into displaying a malicious text file containing a specially crafted escape sequence via the more command in xterm. The updated packages have been patched to prevent this.

tags | advisory, arbitrary, shell

systems | linux, mandriva

advisories | CVE-2008-2383

SHA-256 | 2493748ea4d2a9b36180e68cee133d311ce65680b96da22fdf380057be4be1d0

Download | Favorite | View

Debian Linux Security Advisory 1694-2

Posted Jan 7, 2009

Authored by Debian | Site debian.org

Debian Security Advisory 1694-2 - The xterm update in DSA-1694-1 disabled font changing as a precaution. However, users reported that they need this feature. The update in this DSA makes font shifting through escape sequences configurable, using a new allowFontOps X resource, and unconditionally enables font changing through keyboard sequences.

tags | advisory

systems | linux, debian

advisories | CVE-2008-2383

SHA-256 | bd28e9c06f2e2a1a0f5ffca0f09dbbcde34b410e66ca333d4ea91a8dccfbae12

Download | Favorite | View

Ubuntu Security Notice 703-1

Posted Jan 6, 2009

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-703-1 - Paul Szabo discovered that the DECRQSS escape sequences were not handled correctly by xterm. Additionally, window title operations were also not safely handled. If a user were tricked into viewing a specially crafted series of characters while in xterm, a remote attacker could execute arbitrary commands with user privileges.

tags | advisory, remote, arbitrary

systems | linux, ubuntu

advisories | CVE-2006-7236, CVE-2008-2383

SHA-256 | e7e6a06f9fe2effdb62bbdfe84ed4ba618aa063ddb21bba5c246c5989dcf40c7

Download | Favorite | View

Debian Linux Security Advisory 1694-1

Posted Jan 3, 2009

Authored by Debian | Site debian.org

Debian Security Advisory 1694-1 - Paul Szabo discovered that xterm, a terminal emulator for the X Window System, places arbitrary characters into the input buffer when displaying certain crafted escape sequences (CVE-2008-2383).

tags | advisory, arbitrary

systems | linux, debian

advisories | CVE-2008-2383

SHA-256 | 3e2b711ede10390232555c7428e3ef4ba8fa5b9efd1daa4be578455a531e921a

Download | Favorite | View