漏洞信息详情
Eterm Screen Dump 转义序列本地文件损坏漏洞
- CNNVD编号:CNNVD-200303-023
- 危害等级: 低危
- CVE编号: CVE-2003-0021
- 漏洞类型: 设计错误
- 发布时间: 2003-03-03
- 威胁类型: 远程
- 更新时间: 2005-10-12
- 厂 商: michael_jennings
- 漏洞来源: Discovery of these...
漏洞简介
Eterm 0.9.1及其更早版本的“screen dump”功能存在漏洞。攻击者可以借助用户批处理某个字符转义序列时覆盖任意文件,例如在用户浏览包含恶意序列的文件时。
漏洞公告
Gentoo Linux has released an advisory. Users who have installed x11-terms/eterm are advised to upgrade to eterm-0.9.2-r3 by issuing the following commands: emerge sync emerge -u eterm emerge clean This issue has been addressed in Eterm 0.9.2. Users are advised to upgrade. Michael Jennings Eterm 0.8.10
- Michael Jennings Eterm 0.9.2 http://www.eterm.org/download/
- MandrakeSoft Eterm-0.9.2-2.1mdk.i586.rpmMandrake Linux 9.0 http://www.mandrakesecure.net/en/ftp.php
- MandrakeSoft Eterm-devel-0.9.2-2.1mdk.i586.rpmMandrake Linux 9.0 http://www.mandrakesecure.net/en/ftp.php
- MandrakeSoft libast1-0.5-1.1mdk.i586.rpmMandrake Linux 9.0 http://www.mandrakesecure.net/en/ftp.php
- MandrakeSoft libast1-devel-0.5-1.1mdk.i586.rpmMandrake Linux 9.0 http://www.mandrakesecure.net/en/ftp.php
- Michael Jennings Eterm 0.9.2 http://www.eterm.org/download/
参考网址
来源: XF 名称: terminal-emulator-screen-dump(11413) 链接:http://www.iss.net/security_center/static/11413.php 来源: VULNWATCH 名称: 20030224 Terminal Emulator Security Issues 链接:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.HTML 来源: BID 名称: 6936 链接:http://www.securityfocus.com/bid/6936 来源: MANDRAKE 名称: MDKSA-2003:040 链接:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:040 来源: BUGTRAQ 名称: 20030224 Terminal Emulator Security Issues 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2
受影响实体
- Michael_jennings Eterm:0.9.1
- Michael_jennings Eterm:0.8.10
补丁
暂无
评论