漏洞信息详情

Eterm Screen Dump 转义序列本地文件损坏漏洞

• CNNVD编号：CNNVD-200303-023
• 危害等级： 低危
  
• CVE编号： CVE-2003-0021
• 漏洞类型： 设计错误
• 发布时间： 2003-03-03
• 威胁类型： 远程
• 更新时间： 2005-10-12
• 厂        商： michael_jennings
• 漏洞来源： Discovery of these...

漏洞简介

Eterm 0.9.1及其更早版本的“screen dump”功能存在漏洞。攻击者可以借助用户批处理某个字符转义序列时覆盖任意文件，例如在用户浏览包含恶意序列的文件时。

漏洞公告

Gentoo Linux has released an advisory. Users who have installed x11-terms/eterm are advised to upgrade to eterm-0.9.2-r3 by issuing the following commands: emerge sync emerge -u eterm emerge clean This issue has been addressed in Eterm 0.9.2. Users are advised to upgrade. Michael Jennings Eterm 0.8.10

• Michael Jennings Eterm 0.9.2 http://www.eterm.org/download/

• MandrakeSoft Eterm-0.9.2-2.1mdk.i586.rpmMandrake Linux 9.0 http://www.mandrakesecure.net/en/ftp.php
• MandrakeSoft Eterm-devel-0.9.2-2.1mdk.i586.rpmMandrake Linux 9.0 http://www.mandrakesecure.net/en/ftp.php
• MandrakeSoft libast1-0.5-1.1mdk.i586.rpmMandrake Linux 9.0 http://www.mandrakesecure.net/en/ftp.php
• MandrakeSoft libast1-devel-0.5-1.1mdk.i586.rpmMandrake Linux 9.0 http://www.mandrakesecure.net/en/ftp.php
• Michael Jennings Eterm 0.9.2 http://www.eterm.org/download/

参考网址

来源: XF 名称: terminal-emulator-screen-dump(11413) 链接:http://www.iss.net/security_center/static/11413.php 来源: VULNWATCH 名称: 20030224 Terminal Emulator Security Issues 链接:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.HTML 来源: BID 名称: 6936 链接:http://www.securityfocus.com/bid/6936 来源: MANDRAKE 名称: MDKSA-2003:040 链接:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:040 来源: BUGTRAQ 名称: 20030224 Terminal Emulator Security Issues 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2

受影响实体

• Michael_jennings Eterm:0.9.1  
• Michael_jennings Eterm:0.8.10  

补丁

暂无