Gentoo: eterm escape sequence vulnerability

    Date03 Mar 2003
    CategoryGentoo
    6872
    Posted ByLinuxSecurity Advisories
    Many of the features supported by popular terminal emulator software can be abused when un-trusted data is displayed on the screen.
    
    - ---------------------------------------------------------------------
    GENTOO LINUX SECURITY ANNOUNCEMENT 200303-1
    - ---------------------------------------------------------------------
    
              PACKAGE : eterm
              SUMMARY : dangerous interception of escape sequences
                 DATE : 2003-03-03 10:13 UTC
              EXPLOIT : remote
    VERSIONS AFFECTED : <0.9.2
        FIXED VERSION : >0.9.2
                  CVE : CAN-2003-0021 CAN-2003-0068
    
    - ---------------------------------------------------------------------
    
    From advisory:
    
    "Many of the features supported by popular terminal emulator software
    can be abused when un-trusted data is displayed on the screen. The
    impact of this abuse can range from annoying screen garbage to a
    complete system compromise. All of the issues below are actually
    documented features, anyone who takes the time to read over the man
    pages or source code could use them to carry out an attack."
    
    Read the full advisory at: 
    http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2
    
    SOLUTION
    
    It is recommended that all Gentoo Linux users who are running
    x11-terms/eterm upgrade to eterm-0.9.2-r3 as follows:
    
    emerge sync
    emerge -u eterm
    emerge clean
    
    - ---------------------------------------------------------------------
    This email address is being protected from spambots. You need JavaScript enabled to view it. - GnuPG key is available at  http://cvs.gentoo.org/~aliz
    - ---------------------------------------------------------------------
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    Have you used our RSS feeds?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    21
    radio
    [{"id":"77","title":"Yes, for articles","votes":"2","type":"x","order":"1","pct":28.57,"resources":[]},{"id":"78","title":"Yes, for advisories","votes":"2","type":"x","order":"2","pct":28.57,"resources":[]},{"id":"79","title":"Hybrid that contains both","votes":"0","type":"x","order":"3","pct":0,"resources":[]},{"id":"80","title":"No","votes":"3","type":"x","order":"4","pct":42.86,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.