Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 22 May 2012 11:39:55 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Jan Lieskovsky <jlieskov@...hat.com>,
        "Steven M. Christey" <coley@...us.mitre.org>,
        Behdad Esfahbod <behdad@...dad.org>
Subject: Re: CVE Request -- mosh (and probably vte too): mosh
 server DoS (long loop) due improper parsing of terminal parameters in terminal
 dispatcher

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/22/2012 07:53 AM, Jan Lieskovsky wrote:
> Hello Kurt, Steve, vendors,
> 
>   based on:
>   [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=673871
>   [2] https://github.com/keithw/mosh/issues/271
> 
> A) Mosh issue:
> ==============
> A denial of service flaw was found in the way mosh, a remote terminal
> application, performed processing of parameters that have been passed to
> the terminal in the terminal dispatcher class (previously there was no
> limit for the count of parameters, which were allowed to be passed to
> the dispatcher). A remote atttacker could use this flaw to cause a
> denial of service (mosh server to enter long for loop when trying to
> process the paramaters) via specially-crafted escape sequence string.
> 
> Upstream ticket:
> [3] https://github.com/keithw/mosh/issues/271
> 
> Relevant upstream patch:
> [4]
> https://github.com/keithw/mosh/commit/9791768705528e911bfca6c4d8aa88139035060e
> 
> 
> References:
> [5] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=673871
> [6] https://bugzilla.redhat.com/show_bug.cgi?id=823943
> 
> Could you allocate a CVE id for this? (issue confirmed by mosh upstream)

Please use CVE-2012-2385 for this issue.

> B) vte issue:
> =============
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=673871#5
> 
> there is similar issue in vte too (Gnome bug private for now):
> https://bugzilla.gnome.org/show_bug.cgi?id=676090
> 
> Cc-ed Behdad Esfahbod on this post to clarify, what are the upstream plans
> regarding this report in vte and if the CVE id has been already assigned
> for
> it.

Will wait for confirmation.

> Thank you && Regards, Jan.
> -- 
> Jan iankko Lieskovsky / Red Hat Security Response Team


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPu89rAAoJEBYNRVNeJnmTLrAP/3q6tRebtqt9w4Dqgtku62ib
eCKs+EYrgAKmThklXgxbXcHEgT71mAkaX1M9qbQSjodhqeFlvOOodkQ0/sjOd+6q
YaZfsiLT43bC4ky35nW/ddhv+l3xuAte3gvnN947PvCGe6wOU/rBZ3KDEjCJDevf
Ob93NfBAqKC5pw+9Sw1CQHHK/kQMY2BL9gqcFriISqhVYYZRCw0/wFnQOdINNq+4
U2nxMfx9NkobOhDKSYZ0s8QHumcYJY0cVIS8mHDRYf0BHV4y+wSCZTASQnrDOXv4
qxWVgLVb3aFCxTL3oExpKgKqS+YCh4TrE9+4zaLqG/Yn7MDjWmrvqskTznzlQx5T
AbyIbPwXkIy+uhhP7n9Wm7eAUgSq47ZqpQb51Vi4dY2rioudIq8dmH3Fi7pa+EHE
yCHjOf/YtkYYHVykP5LeT5b5WkmLCjR9VxkKkSsxXwT3hfZf+TQP7k3Q1D3IIhqz
tJSoUWx8ydEapj94GwTSP8MDVohZsPtnQICZKIbzWO4Yem4NkL7Gibdcqz+/l0HS
jja1VsoVMKp3GshM+9hTes0Kil/zpyxuW419cQk6rqS0bbbackSVAnkudGt4GyH7
awYBkhmUjfL0YXiZx/wHE9zLrb1v7J8Beujnaq6XoBzFyklBm+Xp8IISdOKyHgHm
NXSsanFLjGm0ogF3+cYQ
=Ws5Q
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.