gnome-terminal may allow a remote attacker to execute arbitrary commands via crafted escape sequences.
gnome-terminal affords users the ability to utilize an escape sequence to "export" the title of the current window title directly to the shell command line. By viewing a maliciously crafted file in gnome-terminal, a victim may unknowingly execute shell commands (provided by the attacker).
This vulnerability was discovered by H D Moore of Digital Defense. H D has provided a paper on this topic (TERMINAL EMULATOR SECURITY ISSUES), and Red Hat has published RHSA-2003:053-10. Both of these documents provide more information about this vulnerability.
A remote attacker may be able to execute arbitrary commands on a vulnerable host.
Apply a patch.
Red Hat Inc.
This vulnerability was discovered by H D Moore of Digital Defense . The CERT/CC thanks both H D Moore and Red Hat for providing information upon which this document is based.
|Date First Published:||2003-02-27|
|Date Last Updated:||2003-02-27 17:57 UTC|