Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 22 May 2012 11:39:55 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Jan Lieskovsky <jlieskov@...hat.com>,
        "Steven M. Christey" <coley@...us.mitre.org>,
        Behdad Esfahbod <behdad@...dad.org>
Subject: Re: CVE Request -- mosh (and probably vte too): mosh
 server DoS (long loop) due improper parsing of terminal parameters in terminal
 dispatcher

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/22/2012 07:53 AM, Jan Lieskovsky wrote:
> Hello Kurt, Steve, vendors,
> 
>   based on:
>   [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=673871
>   [2] https://github.com/keithw/mosh/issues/271
> 
> A) Mosh issue:
> ==============
> A denial of service flaw was found in the way mosh, a remote terminal
> application, performed processing of parameters that have been passed to
> the terminal in the terminal dispatcher class (previously there was no
> limit for the count of parameters, which were allowed to be passed to
> the dispatcher). A remote atttacker could use this flaw to cause a
> denial of service (mosh server to enter long for loop when trying to
> process the paramaters) via specially-crafted escape sequence string.
> 
> Upstream ticket:
> [3] https://github.com/keithw/mosh/issues/271
> 
> Relevant upstream patch:
> [4]
> https://github.com/keithw/mosh/commit/9791768705528e911bfca6c4d8aa88139035060e
> 
> 
> References:
> [5] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=673871
> [6] https://bugzilla.redhat.com/show_bug.cgi?id=823943
> 
> Could you allocate a CVE id for this? (issue confirmed by mosh upstream)

Please use CVE-2012-2385 for this issue.

> B) vte issue:
> =============
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=673871#5
> 
> there is similar issue in vte too (Gnome bug private for now):
> https://bugzilla.gnome.org/show_bug.cgi?id=676090
> 
> Cc-ed Behdad Esfahbod on this post to clarify, what are the upstream plans
> regarding this report in vte and if the CVE id has been already assigned
> for
> it.

Will wait for confirmation.

> Thank you && Regards, Jan.
> -- 
> Jan iankko Lieskovsky / Red Hat Security Response Team


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPu89rAAoJEBYNRVNeJnmTLrAP/3q6tRebtqt9w4Dqgtku62ib
eCKs+EYrgAKmThklXgxbXcHEgT71mAkaX1M9qbQSjodhqeFlvOOodkQ0/sjOd+6q
YaZfsiLT43bC4ky35nW/ddhv+l3xuAte3gvnN947PvCGe6wOU/rBZ3KDEjCJDevf
Ob93NfBAqKC5pw+9Sw1CQHHK/kQMY2BL9gqcFriISqhVYYZRCw0/wFnQOdINNq+4
U2nxMfx9NkobOhDKSYZ0s8QHumcYJY0cVIS8mHDRYf0BHV4y+wSCZTASQnrDOXv4
qxWVgLVb3aFCxTL3oExpKgKqS+YCh4TrE9+4zaLqG/Yn7MDjWmrvqskTznzlQx5T
AbyIbPwXkIy+uhhP7n9Wm7eAUgSq47ZqpQb51Vi4dY2rioudIq8dmH3Fi7pa+EHE
yCHjOf/YtkYYHVykP5LeT5b5WkmLCjR9VxkKkSsxXwT3hfZf+TQP7k3Q1D3IIhqz
tJSoUWx8ydEapj94GwTSP8MDVohZsPtnQICZKIbzWO4Yem4NkL7Gibdcqz+/l0HS
jja1VsoVMKp3GshM+9hTes0Kil/zpyxuW419cQk6rqS0bbbackSVAnkudGt4GyH7
awYBkhmUjfL0YXiZx/wHE9zLrb1v7J8Beujnaq6XoBzFyklBm+Xp8IISdOKyHgHm
NXSsanFLjGm0ogF3+cYQ
=Ws5Q
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ