- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Debian GNU/Linux XTERM (DECRQSS/comments) Weakness Vulnerability
------------------------------------------------------------------------
SUMMARY
CRLF injection vulnerability in xterm allows user-assisted attackers to
execute arbitrary commands via LF (aka \n) characters surrounding a
command name within a Device Control Request Status String (DECRQSS)
escape sequence in a text file.
DETAILS
DECRQSS Device Control Request Status String "DCS $ q" simply echoes
(responds with) invalid commands. For example, perl -e 'print
"\eP\$q\nbad-command\n\e\\"' would run bad-command.
Exploitability is the same as for the "window title reporting" issue in
DSA-380: include the DCS string in an email message to the victim, or
arrange to have it in syslog to be viewed by root.
CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2383>
CVE-2008-2383
Exploit:
perl -e 'print "\eP\$q\nwhoami\n\e\\"' > bla.log
cat bla.log
If whoami gets executed you should update.
ADDITIONAL INFORMATION
The information has been provided by <mailto:psz@maths.usyd.edu.au> Paul
Szabo.
The original article can be found at:
<http://www.milw0rm.com/exploits/7681>
http://www.milw0rm.com/exploits/7681
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
No comments:
Post a Comment