Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 7 Nov 2016 01:25:23 -0500
From: <cve-assign@...re.org>
To: <nicolas@...ud-santoni.eu>
CC: <cve-assign@...re.org>, <oss-security@...ts.openwall.com>,
	<security@...ian.org>, <ross@...listi.us>
Subject: Re: CVE request: Escape Sequence Command Execution vulnerability in Terminology 0.7

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> Terminology 0.7.0 suffers from a bug similar to CVE-2003-0063, where an
> attacker able to print character escape sequences can modify the window
> title and then insert it back in the terminal's input buffer, resulting
> in arbitrary terminal input, including code execution as a local user.

> https://git.enlightenment.org/apps/terminology.git/commit/?id=b80bedc7c21ecffe99d8d142930db696eebdd6a5
>> src/bin/termptyesc.c

Use CVE-2015-8971.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYIB3DAAoJEHb/MwWLVhi2sDAP/2SGtSh3lURdWJgTg5e/iTrr
ts+KS9Gvi4Kzlmz2THht82pnyDyR92ViseaDUYMQRjcFjt2F/blpb3PinUq/O+er
RUGSgRJBsySNqSt8kDTNL1Xp8Zfld8nVsbH4Ok+pYzDgkj1FozCFv33hlGIOmNrU
8alWastFxk/1URgDDfHLkvtZe2OPLJhwbLCon4XMOB3KJITvsSbUMhRbVyViub0k
NUdpKSBrR+gr1NXaExELEWl2zQX2lHUpxw+SPRs8xkUaL4Zkwe5Ofd5Jac6tI+Ei
T6WynJbtxlxBHCoLrD4r0/dLP3VEdVcyK+BvypTlZwyISYlkqKNusvWRiVZdXdTT
LyHOl/TQQ60VIBvCEcFhZ15l1tvkzos+qxYUDEqIiJLorciyxsLkPLVHM6rEaJ3a
zpTKra57+CoWOJr68fwvC9rASc4TdYGEAvIBbld4u5tOSmk6mxOqz4nmv11HxAYk
oVnjXoGmZ9agErDd9eZN636IT/XWVfaPdCtf54gzfYqC04mb4onc5KU+lasX53hP
AOJgiUtwM/GbN/ffiCLCWyU5Aar9iPSFLZIc12B5xA/FxK/RktD2FEJ6TDT36vcw
pEoP1aqgFyTkVqQzxjClLYNnPjkcTsoVZGMM/VQ35zuzmy0M9Q07cFCHHTPj1PQG
io6f65LmgGjmEq+hvBEW
=HUD/
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ