|
Vulnerability Assessment & Network Security Forums |
|||||||||
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> Debian Local Security Checks >> [DSA380] DSA-380-1 xfree86 Vulnerability Assessment Details
|
[DSA380] DSA-380-1 xfree86 |
||
DSA-380-1 xfree86 Detailed Explanation for this Vulnerability Assessment Four vulnerabilities have been discovered in XFree86. The xterm package provides a terminal escape sequence that reports the window title by injecting it into the input buffer of the terminal window, as if the user had typed it. A possible hacker can craft an escape sequence that sets the title of a victim's xterm window to an arbitrary string (such as a shell command) and then reports that title. If the victim is at a shell prompt when this is done, the injected command will appear on the command line, ready to be run. Since it is not possible to embed a carriage return in the window title, the attacker would have to convince the victim to press Enter (or rely upon the victim's careless or confusion) for the shell or other interactive process to interpret the window title as user input. It is conceivable that the attacker could craft other escape sequences that might convince the victim to accept the injected input, however. The Common Vulnerabilities and Exposures project at cve.mitre.org has assigned the name CVE-2003-0063 to this issue. To acertain whether your version of xterm is vulnerable to abuse of the window title reporting feature, run the following command at a shell prompt from within an xterm window: (The terminal bell may ring, and the window title may be prefixed with an "l".) This flaw is exploitable by anything that can send output to a terminal window, such as a text document. The xterm user has to take action to cause the escape sequence to be sent, however (such as by viewing a malicious text document with the "cat" command). Whether you are likely to be exposed to it depends on how you use xterm. Consider the following: Debian has resolved this problem by disabling the window title reporting escape sequence in xterm it is understood but ignored. The escape sequence to set the window title has not been disabled. A future release of the xterm package will have a configuration option to permit the user to turn the window title reporting feature back on, but it will default off. The xterm package, since it emulates DEC VT-series text terminals, emulates a feature of DEC VT terminals known as "User-Defined Keys" (UDK for short). There is a bug in xterm's handling of DEC UDK escape sequences, however, and an ill-formed one can cause the xterm process to enter a tight loop. This causes the process to "spin", consuming CPU cycles uselessly, and refusing to handle signals (such as efforts to kill the process or close the window). To acertain whether your version of xterm is vulnerable to this attack, run the following command at a shell prompt from within a "sacrificial" xterm window (i.e., one that doesn't have anything in the scrollback buffer you might need to see later): This flaw is exploitable by anything that can send output to a terminal window, such as a text document. The xterm user has to take action to cause the escape sequence to be sent, however (such as by viewing a malicious text document with the "cat" command). Whether you [...] Solution : http://www.debian.org/security/2003/dsa-380 Network Security Threat Level: High Networks Security ID: 4396, 6940, 6950, 8514 Vulnerability Assessment Copyright: This script is (C) 2005 Michel Arboi |
||
Cables, Connectors |
lot of 10 Juniper EX-SFP-10GE-SR Compatible 10GBASE-SR SFP+ 850nm 300m DOM -J499
$220.00
Juniper Networks EX3300-48P 48-Port PoE+ 4x SFP+ Network Switch w/ Power Cord
$43.95
JUNIPER EX3400-48P 48x 1GB PoE+ RJ-45 4x 10GB SFP+ 2x 40GB QSFP+, DUAL AC POWER
$210.00
Juniper EX3300-48P, 48 Port PoE+ Gigabit Network Switch w/ Power cord
$54.99
EX2300-24P Juniper 24-port 10/100/1000BASE-T PoE+ 4 x 1/10GbE SFP/SFP+ UNCLAIMED
$450.00
Juniper Networks EX3400-48P 48x Gigabit PoE+ RJ45 2x 40Gb/s QSFP+ Switch
$166.24
Juniper Networks EX2200-C-12P-2G 12 Port Gigabit PoE 2 T/SFP 1G Network Switch
$129.00
Juniper Networks EX3300 EX3300-48P 48-Port Gigabit PoE+ Switch
$41.28
Juniper Networks EX3300-24P 24-Port PoE+ 4x SFP+ Network Switch TESTED
$79.99
|
||
No Discussions have been posted on this vulnerability. |