[Xquartz-dev] Xterm vulnerability

robert delius royar x11 at frinabulax.org
Fri Jan 2 11:33:16 PST 2009 

Fri, 2 Jan 2009 (19:04 -0000 UTC) Peter Collinson wrote:

> Is this being dealt with, or are we all OK anyway?

% man xterm
[...]
ENVIRONMENT
       Xterm sets several environment variables
[...]
       XTERM_VERSION
            is  set  to  the string displayed by the -version option.
            That is normally an identifier for the X Window
            libraries used to build xterm, followed by xterm's patch
            number in parenthesis.  The patch number is  also
            part of the response to a Secondary Device Attributes (DA)
            control sequence (see Xterm Control Sequences).
[...]
% echo $XTERM_VERSION
XTerm(237)

Try it on your machine to see.


> -------------------------------------------------------------------------------------------------
> (2) HIGH: xterm Escape Sequence Vulnerability
> Affected:
> X.org xterm versions prior to patch #237
>
> Description: xterm is the terminal emulator of the X Window System,
> the standard network-enabled windowing system for Unix and Unix-like
> platforms. It contains a flaw in its handling of certain escape
> sequences (sequences of characters that, when read by the terminal,
> cause it to take action). A specially crafted "DECRQSS Device Control
> Request Status" escape sequence could trigger this vulnerability,
> allowing an attacker to execute arbitrary commands with the privileges
> of the current user. An attacker could exploit this vulnerability by
> tricking a user into displaying a malicious text file in an xterm
> window, or sending such characters in a network terminal session
> (for example, during an SSH or telnet session). Note that this affects
> the reference implementation of xterm from X.org, and presumably also
> affects versions of xterm that share that codebase (such as XFree86).
>
> Status: Vendor confirmed, updates available.
>
> References:
> Wikipedia Article on the X Window System
> http://en.wikipedia.org/wiki/X_Window_System
> Wikipedia Article on Escape Sequences
> http://en.wikipedia.org/wiki/Escape_sequence
> X.org Home Page
> http://www.x.org
> SecurityFocus BID
> http://www.securityfocus.com/bid/33060
>
> ---------------------------------------------------------------------------------------------------
> _______________________________________________
> Xquartz-dev mailing list
> Xquartz-dev at lists.macosforge.org
> http://lists.macosforge.org/mailman/listinfo.cgi/xquartz-dev
>



-- 
Dr. Robert Delius Royar                   Associate Professor of English
Morehead State University                             Morehead, Kentucky
                                   Making meaning one message at a time.
  Never argue with a man who buys ink by the barrel.
                                      -H. L. Mencken
  14:30 up 1 day, 7:04, 1 user, load averages: 0.43 0.34 0.23

More information about the Xquartz-dev mailing list