|
|
|
 |
Vulnerability Note VU#230561gnome-terminal allows arbitrary command execution when viewing files containing crafted escape sequencesOverviewgnome-terminal may allow a remote attacker to execute arbitrary commands via crafted escape sequences.I. Descriptiongnome-terminal affords users the ability to utilize an escape sequence to "export" the title of the current window title directly to the shell command line. By viewing a maliciously crafted file in gnome-terminal, a victim may unknowingly execute shell commands (provided by the attacker).This vulnerability was discovered by H D Moore of Digital Defense. H D has provided a paper on this topic (TERMINAL EMULATOR SECURITY ISSUES), and Red Hat has published RHSA-2003:053-10. Both of these documents provide more information about this vulnerability.
Referenceshttp://www.digitaldefense.net/labs/papers/Termulation.txt This vulnerability was discovered by H D Moore of Digital Defense. The CERT/CC thanks both H D Moore and Red Hat for providing information upon which this document is based. This document was written by Ian A Finlay.
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||