Debian XTERM - 'DECRQSS/comments' Code Execution

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1057230 漏洞类型
发布时间 2009-01-06 更新时间 2009-01-06
CVE编号 N/A CNNVD-ID N/A
漏洞平台 Linux CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/7681
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
Package: xterm
Version: 222-1etch2
Severity: grave
Tags: security patch
Justification: user security hole


DECRQSS Device Control Request Status String "DCS $ q" simply echoes
(responds with) invalid commands. For example,
perl -e 'print "\eP\$q\nbad-command\n\e\\"'
would run bad-command.

Exploitability is the same as for the "window title reporting" issue
in DSA-380: include the DCS string in an email message to the victim,
or arrange to have it in syslog to be viewed by root.

Original:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510030

Test:

perl -e 'print "\eP\$q\nwhoami\n\e\\"' > bla.log
cat bla.log

If whoami gets executed you should update. 

# milw0rm.com [2009-01-06]