Executive Summary

Summary
Title Sun Alert 254208 A Security Vulnerability in the xterm(1) program Delivered With OpenSolaris Involving the Parsing of Device Control Request Status String (DECRQSS) Sequences May Lead to Execution of Arbitrary Code
Informations
Name SUN-254208 First vendor Publication 2009-03-05
Vendor Sun Last vendor Modification 2009-03-05
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Product: OpenSolaris

A security vulnerability in the xterm(1) program delivered with OpenSolaris related to the interpretation of certain Device Control Request Status String (DECRQSS) sequences may allow unprivileged local or remote users to execute arbitrary code with the privileges of the user running xterm(1).

This issue is described in the following document:


State: Resolved
First released: 05-Mar-2009

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_254208_a_security

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-94 Failure to Control Generation of Code ('Code Injection')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:13513
 
Oval ID: oval:org.mitre.oval:def:13513
Title: USN-703-1 -- xterm vulnerability
Description: Paul Szabo discovered that the DECRQSS escape sequences were not handled correctly by xterm. Additionally, window title operations were also not safely handled. If a user were tricked into viewing a specially crafted series of characters while in xterm, a remote attacker could execute arbitrary commands with user privileges
Family: unix Class: patch
Reference(s): USN-703-1
CVE-2006-7236
CVE-2008-2382
CVE-2008-2383
Version: 5
Platform(s): Ubuntu 7.10
Ubuntu 8.04
Ubuntu 6.06
Ubuntu 8.10
Product(s): xterm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13620
 
Oval ID: oval:org.mitre.oval:def:13620
Title: DSA-1694-2 xterm -- design flaw
Description: The xterm update in DSA-1694-1 disabled font changing as a precaution. However, users reported that they need this feature. The update in this DSA makes font shifting through escape sequences configurable, using a new allowFontOps X resource, and unconditionally enables font changing through keyboard sequences. For the stable distribution, this problem has been fixed in version 222-1etch4. For the testing distribution, this problem has been fixed in version 235-2. For the unstable distribution, this problem has been fixed in version 238-2. We recommend that you upgrade your xterm package.
Family: unix Class: patch
Reference(s): DSA-1694-2
CVE-2008-2383
Version: 5
Platform(s): Debian GNU/Linux 4.0
Product(s): xterm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13638
 
Oval ID: oval:org.mitre.oval:def:13638
Title: DSA-1694-1 xterm -- design flaw
Description: Paul Szabo discovered that xterm, a terminal emulator for the X Window System, places arbitrary characters into the input buffer when displaying certain crafted escape sequences. As an additional precaution, this security update also disables font changing, user-defined keys, and X property changes through escape sequences. For the stable distribution, this problem has been fixed in version 222-1etch3. For the unstable distribution, this problem will be fixed soon. We recommend that you upgrade your xterm package.
Family: unix Class: patch
Reference(s): DSA-1694-1
CVE-2008-2383
Version: 5
Platform(s): Debian GNU/Linux 4.0
Product(s): xterm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22551
 
Oval ID: oval:org.mitre.oval:def:22551
Title: ELSA-2009:0018: xterm security update (Important)
Description: CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071.
Family: unix Class: patch
Reference(s): ELSA-2009:0018-01
CVE-2008-2383
Version: 6
Platform(s): Oracle Linux 5
Product(s): xterm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29143
 
Oval ID: oval:org.mitre.oval:def:29143
Title: RHSA-2009:0018 -- xterm security update (Important)
Description: An updated xterm package to correct a security issue is now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The xterm program is a terminal emulator for the X Window System. A flaw was found in the xterm handling of Device Control Request Status String (DECRQSS) escape sequences. An attacker could create a malicious text file (or log entry, if unfiltered) that could run arbitrary commands if read by a victim inside an xterm window. (CVE-2008-2383)
Family: unix Class: patch
Reference(s): RHSA-2009:0018
CESA-2009:0018-CentOS 3
CESA-2009:0018-CentOS 5
CVE-2008-2383
Version: 3
Platform(s): Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 3
CentOS Linux 5
Product(s): xterm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7900
 
Oval ID: oval:org.mitre.oval:def:7900
Title: DSA-1694 xterm -- design flaw
Description: Paul Szabo discovered that xterm, a terminal emulator for the X Window System, places arbitrary characters into the input buffer when displaying certain crafted escape sequences (CVE-2008-2383). As an additional precaution, this security update also disables font changing, user-defined keys, and X property changes through escape sequences.
Family: unix Class: patch
Reference(s): DSA-1694
CVE-2008-2383
Version: 3
Platform(s): Debian GNU/Linux 4.0
Product(s): xterm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9317
 
Oval ID: oval:org.mitre.oval:def:9317
Title: CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071.
Description: CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071.
Family: unix Class: vulnerability
Reference(s): CVE-2008-2383
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:

OpenVAS Exploits

Date Description
2011-08-09 Name : CentOS Update for hanterm-xf CESA-2009:0019-01 centos2 i386
File : nvt/gb_CESA-2009_0019-01_hanterm-xf_centos2_i386.nasl
2011-08-09 Name : CentOS Update for xterm CESA-2009:0018 centos3 i386
File : nvt/gb_CESA-2009_0018_xterm_centos3_i386.nasl
2011-08-09 Name : CentOS Update for xterm-192-8.el4 CESA-2009:0018 centos4 i386
File : nvt/gb_CESA-2009_0018_xterm-192-8.el4__centos4_i386.nasl
2011-08-09 Name : CentOS Update for xterm-215-5.el5 CESA-2009:0018 centos5 i386
File : nvt/gb_CESA-2009_0018_xterm-215-5.el5__centos5_i386.nasl
2010-05-12 Name : Mac OS X 10.5.7 Update / Mac OS X Security Update 2009-002
File : nvt/macosx_upd_10_5_7_secupd_2009-002.nasl
2009-11-17 Name : Mac OS X Version
File : nvt/macosx_version.nasl
2009-10-13 Name : SLES10: Security update for xterm
File : nvt/sles10_xterm.nasl
2009-10-10 Name : SLES9: Security update for XFree86
File : nvt/sles9p5041641.nasl
2009-06-05 Name : Ubuntu USN-707-1 (cupsys)
File : nvt/ubuntu_707_1.nasl
2009-06-05 Name : Ubuntu USN-698-3 (nagios2)
File : nvt/ubuntu_698_3.nasl
2009-02-13 Name : Gentoo Security Advisory GLSA 200902-04 (xterm)
File : nvt/glsa_200902_04.nasl
2009-02-10 Name : CentOS Security Advisory CESA-2009:0019-01 (hanterm-xf)
File : nvt/ovcesa2009_0019_01.nasl
2009-02-02 Name : SuSE Security Summary SUSE-SR:2009:003
File : nvt/suse_sr_2009_003.nasl
2009-01-20 Name : SuSE Security Summary SUSE-SR:2009:002
File : nvt/suse_sr_2009_002.nasl
2009-01-13 Name : Mandrake Security Advisory MDVSA-2009:005 (xterm)
File : nvt/mdksa_2009_005.nasl
2009-01-13 Name : CentOS Security Advisory CESA-2009:0018 (xterm)
File : nvt/ovcesa2009_0018.nasl
2009-01-07 Name : FreeBSD Ports: xterm
File : nvt/freebsd_xterm.nasl
2009-01-07 Name : Fedora Core 8 FEDORA-2009-0154 (xterm)
File : nvt/fcore_2009_0154.nasl
2009-01-07 Name : RedHat Security Advisory RHSA-2009:0018
File : nvt/RHSA_2009_0018.nasl
2009-01-07 Name : Fedora Core 10 FEDORA-2009-0091 (xterm)
File : nvt/fcore_2009_0091.nasl
2009-01-07 Name : Fedora Core 9 FEDORA-2009-0059 (xterm)
File : nvt/fcore_2009_0059.nasl
2009-01-07 Name : Debian Security Advisory DSA 1694-2 (xterm)
File : nvt/deb_1694_2.nasl
2009-01-07 Name : Debian Security Advisory DSA 1694-1 (xterm)
File : nvt/deb_1694_1.nasl
2009-01-07 Name : Ubuntu USN-702-1 (samba)
File : nvt/ubuntu_702_1.nasl
2009-01-07 Name : Ubuntu USN-703-1 (xterm)
File : nvt/ubuntu_703_1.nasl
2009-01-07 Name : RedHat Security Advisory RHSA-2009:0019
File : nvt/RHSA_2009_0019.nasl
0000-00-00 Name : Slackware Advisory SSA:2009-069-03 xterm
File : nvt/esoft_slk_ssa_2009_069_03.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
51142 xterm DECRQSS Escape Sequence LF Character Handling CRLF Injection

Nessus® Vulnerability Scanner

Date Description
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2009-0018.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20090107_xterm_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_xterm-5898.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12344.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_xterm-090108.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_xterm-090108.nasl - Type : ACT_GATHER_INFO
2009-05-13 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_10_5_7.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-703-1.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing a security update.
File : mandriva_MDVSA-2009-005.nasl - Type : ACT_GATHER_INFO
2009-03-11 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2009-069-03.nasl - Type : ACT_GATHER_INFO
2009-02-13 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200902-04.nasl - Type : ACT_GATHER_INFO
2009-01-16 Name : The remote Fedora host is missing a security update.
File : fedora_2009-0154.nasl - Type : ACT_GATHER_INFO
2009-01-16 Name : The remote Fedora host is missing a security update.
File : fedora_2009-0059.nasl - Type : ACT_GATHER_INFO
2009-01-14 Name : The remote openSUSE host is missing a security update.
File : suse_xterm-5902.nasl - Type : ACT_GATHER_INFO
2009-01-08 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2009-0019.nasl - Type : ACT_GATHER_INFO
2009-01-08 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2009-0018.nasl - Type : ACT_GATHER_INFO
2009-01-07 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2009-0018.nasl - Type : ACT_GATHER_INFO
2009-01-06 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_d5e1aac8db0b11ddae30001cc0377035.nasl - Type : ACT_GATHER_INFO
2009-01-06 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1694.nasl - Type : ACT_GATHER_INFO