[Xquartz-dev] Xterm vulnerability
robert delius royar
x11 at frinabulax.org
Fri Jan 2 11:33:16 PST 2009
Fri, 2 Jan 2009 (19:04 -0000 UTC) Peter Collinson wrote:
> Is this being dealt with, or are we all OK anyway?
% man xterm
[...]
ENVIRONMENT
Xterm sets several environment variables
[...]
XTERM_VERSION
is set to the string displayed by the -version option.
That is normally an identifier for the X Window
libraries used to build xterm, followed by xterm's patch
number in parenthesis. The patch number is also
part of the response to a Secondary Device Attributes (DA)
control sequence (see Xterm Control Sequences).
[...]
% echo $XTERM_VERSION
XTerm(237)
Try it on your machine to see.
> -------------------------------------------------------------------------------------------------
> (2) HIGH: xterm Escape Sequence Vulnerability
> Affected:
> X.org xterm versions prior to patch #237
>
> Description: xterm is the terminal emulator of the X Window System,
> the standard network-enabled windowing system for Unix and Unix-like
> platforms. It contains a flaw in its handling of certain escape
> sequences (sequences of characters that, when read by the terminal,
> cause it to take action). A specially crafted "DECRQSS Device Control
> Request Status" escape sequence could trigger this vulnerability,
> allowing an attacker to execute arbitrary commands with the privileges
> of the current user. An attacker could exploit this vulnerability by
> tricking a user into displaying a malicious text file in an xterm
> window, or sending such characters in a network terminal session
> (for example, during an SSH or telnet session). Note that this affects
> the reference implementation of xterm from X.org, and presumably also
> affects versions of xterm that share that codebase (such as XFree86).
>
> Status: Vendor confirmed, updates available.
>
> References:
> Wikipedia Article on the X Window System
> http://en.wikipedia.org/wiki/X_Window_System
> Wikipedia Article on Escape Sequences
> http://en.wikipedia.org/wiki/Escape_sequence
> X.org Home Page
> http://www.x.org
> SecurityFocus BID
> http://www.securityfocus.com/bid/33060
>
> ---------------------------------------------------------------------------------------------------
> _______________________________________________
> Xquartz-dev mailing list
> Xquartz-dev at lists.macosforge.org
> http://lists.macosforge.org/mailman/listinfo.cgi/xquartz-dev
>
--
Dr. Robert Delius Royar Associate Professor of English
Morehead State University Morehead, Kentucky
Making meaning one message at a time.
Never argue with a man who buys ink by the barrel.
-H. L. Mencken
14:30 up 1 day, 7:04, 1 user, load averages: 0.43 0.34 0.23
More information about the Xquartz-dev
mailing list