Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 22 May 2012 21:48:42 -0400
From: Behdad Esfahbod <behdad@...dad.org>
To: oss-security@...ts.openwall.com
CC: Jan Lieskovsky <jlieskov@...hat.com>, 
 "Steven M. Christey" <coley@...us.mitre.org>,
 Christian Persch <chpe@...me.org>
Subject: Re: CVE Request -- mosh (and probably vte too): mosh server DoS (long
 loop) due improper parsing of terminal parameters in terminal dispatcher

[+chpe]

On 05/22/2012 09:53 AM, Jan Lieskovsky wrote:

> B) vte issue:
> =============
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=673871#5
> 
> there is similar issue in vte too (Gnome bug private for now):
> https://bugzilla.gnome.org/show_bug.cgi?id=676090
> 
> Cc-ed Behdad Esfahbod on this post to clarify, what are the upstream plans
> regarding this report in vte and if the CVE id has been already assigned for
> it.

Christian Persch, CC'ed, has already produced two patches to address these issues:

  * Limit all parsed integers in escape sequences to 65535.  This is in line
with the mosh change,

  * In the specific sequences mentioned in the original report, limit to
screen metrics (columns, rows, etc) the same way that xterm does this.

The patches have not been committed yet from what I can see.  If there's a
coordinated embargo release date being set for this, we can respect that I
believe.

behdad

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.