漏洞信息详情
Invisible-Island xterm DECRQSS请求远程命令执行漏洞
- CNNVD编号:CNNVD-200901-004
- 危害等级: 中危
- CVE编号: CVE-2008-2383
- 漏洞类型: 代码注入
- 发布时间: 2008-12-28
- 威胁类型: 远程
- 更新时间: 2009-05-16
- 厂 商: invisible-island
- 漏洞来源: Paul Szabo psz@ma...
漏洞简介
xterm程序是X窗口系统的终端模拟器,可为无法直接使用窗口系统的程序提供DEC VT102与Tektronix 4014 兼容的终端。
xterm没有正确地处理DECRQSS Device Control Request Status String转义序列,如果用户在xterm中通过more命令显示了包含有特制转义序列的恶意文本文件的话,就会导致注入并执行任意shell命令。
漏洞公告
厂商目前已经发布了升级补丁以修复此安全问题,补丁获取链接:
http://www.debian.org/security/2009/dsa-1694
http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch3.dsc
Size/MD5 checksum:1123 3bcc850fe7c9057e5d5d03617cc95195
http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch3.diff.gz
Size/MD5 checksum:61664 f1e11e4f4c85db1e2ffa67c5d132d2e6
http://security.debian.org/pool/updates/main/x/xterm/xterm_222.orig.tar.gz
Size/MD5 checksum:802986 bb77882a33083632a9c6c9de004a54fb
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch3_alpha.deb
Size/MD5 checksum:437394 2a16b16a6ed79a908987769b9b5a68d8
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch3_amd64.deb
Size/MD5 checksum:416434 46ba9b4430c313464afeaa856d02f09a
arm architecture (ARM)
http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch3_arm.deb
Size/MD5 checksum:412020 9119d878ffedf54c843ec84a98022a3d
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch3_hppa.deb
Size/MD5 checksum:421890 9b3326921fbbd0ba014b3717b20c53fb
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch3_i386.deb
Size/MD5 checksum:403908 f54263828a01af2af86f25c1fedc7aa6
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch3_ia64.deb
Size/MD5 checksum:509374 052861cf2a23d7a414c038d510fc7f01
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch3_mips.deb
Size/MD5 checksum:428858 63615939a4de2f4e3ba0cc61adbf0e47
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch3_mipsel.deb
Size/MD5 checksum:425604 9d18da53eea366eb2688dfe629d95e82
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch3_powerpc.deb
Size/MD5 checksum:409986 824e743d4a6a1abeb5c1fdc0a9e7d006
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch3_s390.deb
Size/MD5 checksum:422196 9b78491ef8fb34da8d5e183e91fc6c65
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch3_sparc.deb
Size/MD5 checksum:409994 e284b9163d0da06f932f8e243ccaee2b
http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=misc.c.patch;att=1;bug=510030
参考网址
来源: FEDORA
名称: FEDORA-2009-0154
链接:https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00184.HTML
来源: FEDORA
名称: FEDORA-2009-0059
链接:https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00072.HTML
来源: XF
名称: xterm-decrqss-code-execution(47655)
链接:http://xforce.iss.net/xforce/xfdb/47655
来源: VUPEN
名称: ADV-2009-1297
链接:http://www.vupen.com/english/advisories/2009/1297
来源: UBUNTU
名称: USN-703-1
链接:http://www.ubuntulinux.org/support/documentation/usn/usn-703-1
来源: BID
名称: 33060
链接:http://www.securityfocus.com/bid/33060
来源: REDHAT
名称: RHSA-2009:0018
链接:http://www.redhat.com/support/errata/RHSA-2009-0018.HTML
来源: DEBIAN
名称: DSA-1694
链接:http://www.debian.org/security/2009/dsa-1694
来源: support.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com
链接:http://support.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/kb/HT3549
来源: SUNALERT
名称: 254208
链接:http://sunsolve.sun.com/search/document.do?assetkey=1-66-254208-1
来源: SECUNIA
名称: 35074
链接:http://secunia.com/advisories/35074
来源: SECUNIA
名称: 33820
链接:http://secunia.com/advisories/33820
来源: SECUNIA
名称: 33568
链接:http://secunia.com/advisories/33568
来源: SECUNIA
名称: 33419
链接:http://secunia.com/advisories/33419
来源: SECUNIA
名称: 33418
链接:http://secunia.com/advisories/33418
来源: SECUNIA
名称: 33397
链接:http://secunia.com/advisories/33397
来源: SECUNIA
名称: 33388
链接:http://secunia.com/advisories/33388
来源: SECUNIA
名称: 33318
链接:http://secunia.com/advisories/33318
来源: SUSE
名称: SUSE-SR:2009:003
链接:http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.HTML
来源: SUSE
名称: SUSE-SR:2009:002
链接:http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.HTML
来源: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple
名称: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple-SA-2009-05-12
链接:http://lists.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/archives/security-announce/2009/May/msg00002.HTML
来源: bugs.debian.org
链接:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510030
受影响实体
- Invisible-Island Xterm:_nil_
补丁
暂无
评论