RealTerm Serial Terminal version 2.0.0.70 suffers from an echo port buffer overflow vulnerability.
801b86d255328b3fedc995c0bcbbcc29d2ca3f7b6e8522ecf7a4d5babd746c01Ubuntu Security Notice 1086-1 - Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. Dan Rosenberg discovered that the socket filters did not correctly initialize structure memory. A local attacker could create malicious filters to read portions of kernel stack memory, leading to a loss of privacy. Dan Rosenberg discovered that the SCSI subsystem did not correctly validate iov segments. A local attacker with access to a SCSI device could send specially crafted requests to crash the system, leading to a denial of service. Dan Rosenberg discovered that the RDS protocol did not correctly check ioctl arguments. A local attacker could exploit this to crash the system, leading to a denial of service.
8b47c6ebe7f6860e5fb3da4897e68af88a18eccd3e4d5e77146dc58143df0d3cTerminal Server Client denial of service exploit that creates a malicious .rdp file.
d857699b16f5ec4c39e143b5884dbd9906f3c40528d651e0211042a4d470a457Secunia Security Advisory - Multiple vulnerabilities have been discovered in Terminal Server Client (tsclient), which can be exploited by malicious people to compromise a user's system.
ac12b089dc90737dcca51d9af9a18ef8db55ead8185fb24199205ea5184c4e81Mandriva Linux Security Advisory 2010-161 - The vte_sequence_handler_window_manipulation function in vteseq.c in libvte in VTE 0.25.1 and earlier, as used in gnome-terminal, does not properly handle escape sequences, which allows remote attackers to execute arbitrary commands or obtain potentially sensitive information via a icon title sequence. NOTE: this issue exists because of a CVE-2003-0070 regression. The updated packages have been patched to correct this issue.
5c7a414367f3129cbf38fe91e8a83bb33c301685dd0732c30600871a9afdbbefUbuntu Security Notice 962-1 - Janne Snabb discovered that applications using VTE, such as gnome-terminal, did not correctly filter window and icon title request escape codes. If a user were tricked into viewing specially crafted output in their terminal, a remote attacker could execute arbitrary commands with user privileges.
80c4d64b72f9a308db9f8e5b218bb0ad4dff2e8abe8e73d44a908a8521f7dfe160 bytes small Linux/x86 shellcode that send "Phuck3d!" to all terminals.
222bcd93231be03d8446d74896dc2dff4386ef4ba1d7da74f7643266b106a418Ubuntu Security Notice 900-1 - Emmanouel Kellinis discovered that Ruby did not properly handle certain string operations. An attacker could exploit this issue and possibly execute arbitrary code with application privileges. Giovanni Pellerano, Alessandro Tanasi, and Francesco Ongaro discovered that Ruby did not properly sanitize data written to log files. An attacker could insert specially-crafted data into log files which could affect certain terminal emulators and cause arbitrary files to be overwritten, or even possibly execute arbitrary commands. It was discovered that Ruby did not properly handle string arguments that represent large numbers. An attacker could exploit this and cause a denial of service. This issue only affected Ubuntu 9.10.
70b75a6c7bfeabf4136e18e897f88132e74cb4a9c3e67e5d0923c49a358f6156Debian Linux Security Advisory 1994-1 - It was discovered that ajaxterm, a web-based terminal, generates weak and predictable session IDs, which might be used to hijack a session or cause a denial of service attack on a system that uses ajaxterm.
01f42fb15d52253fce43542edbfa8cbe981715dacca0392a6536379ca8948e33Mandriva Linux Security Advisory 2010-017 - WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.
5b4843eb8fd87e50c463fed2a1697b702750dfd1be042b47462472371bd6e626Gentoo Linux Security Advisory 201001-9 - An input sanitation flaw in the WEBrick HTTP server included in Ruby might allow remote attackers to inject arbitrary control characters into terminal sessions. Giovanni Pellerano, Alessandro Tanasi and Francesco Ongaro reported that WEBrick does not filter terminal control characters, for instance when handling HTTP logs. Versions less than 1.8.7_p249 are affected.
f50111006fffa62948fd5efaae52f0ed28bc7804c0455af5537768f817e9d1a8This registry code allows any terminal client access to a Terminal Server. It bypasses the Microsoft "Terminal Server License" and allows the client to create a session on the server without a CAL (Client Access License) or MS Open License. It works on WinNT, Win2000, Win2003 server and Win2008 server.
9cec54ca3bf48377115aba5d8a681eeb8b070d26a3b7949518b42ec39e09b6cbsudosh3 is an auditing shell and filter based on sudosh2. It aims to improve file management and terminal emulation. Passwords are not recorded.
8a1099da9a6115db2cf70112aa48600bd056c868e98ac27e80b07bfab4b7b362This Metasploit module exploits a vulnerability in Safari's "Safe file" feature, which will automatically open any file with one of the allowed extensions. This can be abused by supplying a zip file, containing a shell script, with a metafile indicating that the file should be opened by Terminal.app. This module depends on the 'zip' command-line utility.
8c4311240e8171f3f9f4e554f0f29aa8dd421640cd7dc1296331a5d14e3d441fThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Terminal. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the handling of 'CSI[4' xterm window resizing escape code. When a very low negative value for (x, y) size is set, an integer overflow occurs resulting in a memory corruption. This can be further leveraged to execute arbitrary code under the context of the logged in user.
20ae37d091c7aa40b2e3352124f58f68bb08d2f96fd590e14194979db31572c4Debian Security Advisory 1694-1 - Paul Szabo discovered that xterm, a terminal emulator for the X Window System, places arbitrary characters into the input buffer when displaying certain crafted escape sequences (CVE-2008-2383).
3e2b711ede10390232555c7428e3ef4ba8fa5b9efd1daa4be578455a531e921aThe sniffy project can trace/log the data of any pseudo terminal in the system. Due to the way the terminal works, such a terminal trace provides complete information of what happened on the terminal screen, and sniffy is able to display/replay this information. It consists of a kernel module able to connect/hook on the pseudo terminal, a program to display the contents of any pseudo terminal on the fly, a daemon process tracing the pseudo terminal content into the file, and a replay program to replay any stored pseudo terminal session.
690392cbd14e5cf80472524f7dd7b417a2655b94209dbf746d054c0351cb5892Mandriva Linux Security Advisory - A vulnerability in Eterm allowed it to open a terminal on :0 if the environment variable was not set or the -display option was not specified, which could be used by a local user to hijack X11 connections. The updated packages have been patched to correct this issue.
6135ff2144b6f19a3b7088ce33de499f9ede3466b9efd1cc8e21e78e79cb33a9Mandriva Linux Security Advisory - A vulnerability in rxvt allowed it to open a terminal on :0 if the environment variable was not set, which could be used by a local user to hijack X11 connections. The updated packages have been patched to correct this issue.
f5133a98ebeb14790bd38e8f48d1d2aaf8129160a01443ae2933695af3a86e6aUbuntu Security Notice 637-1 - It was discovered that there were multiple NULL-pointer function dereferences in the Linux kernel terminal handling code. A local attacker could exploit this to execute arbitrary code as root, or crash the system, leading to a denial of service. The do_change_type routine did not correctly validation administrative users. A local attacker could exploit this to block mount points or cause private mounts to be shared, leading to denial of service or a possible loss of privacy. Tobias Klein discovered that the OSS interface through ALSA did not correctly validate the device number. A local attacker could exploit this to access sensitive kernel memory, leading to a denial of service or a loss of privacy. Zoltan Sogor discovered that new directory entries could be added to already deleted directories. A local attacker could exploit this, filling up available memory and disk space, leading to a denial of service.
ca0426c0a769cfea0d004df111f7bc27965eadeb0ea4026d54fcf6f94868702fMandriva Linux Security Advisory - A vulnerability in rxvt allowed it to open a terminal on :0 if the environment variable was not set, which could be used by a local user to hijack X11 connections. The updated packages have been patched to correct this issue.
e60f27b0775d9c012b721d0ab173af4f74bc20df9f23fe93dd15ac0af121939fThe Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions maintained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM hashes (YES, PASS-THE-HASH on Windows!).
e7bde2f898cac6acd7178cbc1b56f32a0e4c5273632a401bcd79b11e77d91c0cGentoo Linux Security Advisory GLSA 200805-03 - Bernhard R. Link discovered that Eterm opens a terminal on :0 if the -display option is not specified and the DISPLAY environment variable is not set. Further research by the Gentoo Security Team has shown that aterm, Mrxvt, multi-aterm, RXVT, rxvt-unicode, and wterm are also affected. Versions less than 1.0.1-r1 are affected.
8e597b0eb583a93f5b20705800370493675a314ae667c8c72e4033be649d542cDebian Security Advisory 1561-1 - Christian Herzog discovered that within the Linux Terminal Server Project, it was possible to connect to X on any LTSP client from any host on the network, making client windows and keystrokes visible to that host.
7c1b5251834a193362f5581177021f87b6d1a3085067f563d362dd16b8fb66c2The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions maintained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM hashes (YES, PASS-THE-HASH on Windows!).
13ef7b8410107d58975fc08d8936ecc0c604229ac2938a11198712cf2d2625abThe Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions maintained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM hashes (YES, PASS-THE-HASH on Windows!). Both source tarball and binary tarballs are included.
ca44f24d0aee8b477db09c45fa6771b0c852c2cebf644dd4a756951e9808fddc
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed