ID CESA-2009:0018 Type centos Reporter CentOS Project Modified 2009-02-05T15:30:50
Description
CentOS Errata and Security Advisory CESA-2009:0018
The xterm program is a terminal emulator for the X Window System.
A flaw was found in the xterm handling of Device Control Request Status
String (DECRQSS) escape sequences. An attacker could create a malicious
text file (or log entry, if unfiltered) that could run arbitrary commands
if read by a victim inside an xterm window. (CVE-2008-2383)
All xterm users are advised to upgrade to the updated package, which
contains a backported patch to resolve this issue. All running instances of
xterm must be restarted for the update to take effect.
{"cve": [{"lastseen": "2019-05-29T18:09:26", "bulletinFamily": "NVD", "description": "CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \\n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071.", "modified": "2018-10-03T21:54:00", "id": "CVE-2008-2383", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2383", "published": "2009-01-02T18:11:00", "title": "CVE-2008-2383", "type": "cve", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2019-05-30T02:22:45", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1694-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nJanuary 02, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : xterm\nVulnerability : design flaw\nProblem type : local (remote)\nDebian-specific: no\nCVE Id(s) : CVE-2008-2383\nDebian Bug : 510030\n\nPaul Szabo discovered that xterm, a terminal emulator for the X Window\nSystem, places arbitrary characters into the input buffer when\ndisplaying certain crafted escape sequences (CVE-2008-2383).\n\nAs an additional precaution, this security update also disables font\nchanging, user-defined keys, and X property changes through escape\nsequences.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 222-1etch3.\n\nFor the unstable distribution (sid), this problem will be fixed soon.\n\nWe recommend that you upgrade your xterm package.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch3.dsc\n Size/MD5 checksum: 1123 3bcc850fe7c9057e5d5d03617cc95195\n http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch3.diff.gz\n Size/MD5 checksum: 61664 f1e11e4f4c85db1e2ffa67c5d132d2e6\n http://security.debian.org/pool/updates/main/x/xterm/xterm_222.orig.tar.gz\n Size/MD5 checksum: 802986 bb77882a33083632a9c6c9de004a54fb\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch3_alpha.deb\n Size/MD5 checksum: 437394 2a16b16a6ed79a908987769b9b5a68d8\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch3_amd64.deb\n Size/MD5 checksum: 416434 46ba9b4430c313464afeaa856d02f09a\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch3_arm.deb\n Size/MD5 checksum: 412020 9119d878ffedf54c843ec84a98022a3d\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch3_hppa.deb\n Size/MD5 checksum: 421890 9b3326921fbbd0ba014b3717b20c53fb\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch3_i386.deb\n Size/MD5 checksum: 403908 f54263828a01af2af86f25c1fedc7aa6\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch3_ia64.deb\n Size/MD5 checksum: 509374 052861cf2a23d7a414c038d510fc7f01\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch3_mips.deb\n Size/MD5 checksum: 428858 63615939a4de2f4e3ba0cc61adbf0e47\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch3_mipsel.deb\n Size/MD5 checksum: 425604 9d18da53eea366eb2688dfe629d95e82\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch3_powerpc.deb\n Size/MD5 checksum: 409986 824e743d4a6a1abeb5c1fdc0a9e7d006\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch3_s390.deb\n Size/MD5 checksum: 422196 9b78491ef8fb34da8d5e183e91fc6c65\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch3_sparc.deb\n Size/MD5 checksum: 409994 e284b9163d0da06f932f8e243ccaee2b\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "modified": "2009-01-02T19:08:09", "published": "2009-01-02T19:08:09", "id": "DEBIAN:DSA-1694-1:9F9A5", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00000.html", "title": "[SECURITY] [DSA 1694-1] New xterm packages fix remote code execution", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T02:23:11", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1694-2 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nJanuary 06, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : xterm\nVulnerability : design flaw\nProblem type : local (remote)\nDebian-specific: no\nCVE Id(s) : CVE-2008-2383\nDebian Bug : 510030\n\nThe xterm update in DSA-1694-1 disabled font changing as a precaution.\nHowever, users reported that they need this feature. The update in this\nDSA makes font shifting through escape sequences configurable, using a\nnew allowFontOps X resource, and unconditionally enables font changing\nthrough keyboard sequences.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 222-1etch4.\n\nFor the testing distribution (lenny), this problem has been fixed in\nversion 235-2.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 238-2.\n\nWe recommend that you upgrade your xterm package.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/x/xterm/xterm_222.orig.tar.gz\n Size/MD5 checksum: 802986 bb77882a33083632a9c6c9de004a54fb\n http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch4.diff.gz\n Size/MD5 checksum: 62608 acdbe0c106d90113e928b74c0fadd671\n http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch4.dsc\n Size/MD5 checksum: 1123 28cd750577ddd92fe4806385758a4f4a\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch4_alpha.deb\n Size/MD5 checksum: 438792 83ff3b4478eb19fb1924a492d461da15\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch4_amd64.deb\n Size/MD5 checksum: 417496 b2a1d139d6dec04ed090a931b7cac542\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch4_hppa.deb\n Size/MD5 checksum: 423078 4edd0ffec0c3c0f0fb94c17675dc3998\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch4_i386.deb\n Size/MD5 checksum: 406764 b22526bdba3a5013a7e218c64497efe4\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch4_ia64.deb\n Size/MD5 checksum: 510656 708c1978c6cb406a39d7506a490df2a3\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch4_mips.deb\n Size/MD5 checksum: 429132 86547da89a11b4d9ef734a5586f38e90\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch4_mipsel.deb\n Size/MD5 checksum: 426508 3a875826919674e5833ec9687b922e03\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch4_powerpc.deb\n Size/MD5 checksum: 410788 51f94ca70632508db0a7e02b52ce7d3e\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch4_s390.deb\n Size/MD5 checksum: 423080 a73fa4e7aadaa0195772fee4791be0d2\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch4_sparc.deb\n Size/MD5 checksum: 411298 bc504d1dec3695fb614563c7e8f629bb\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "modified": "2009-01-06T11:40:57", "published": "2009-01-06T11:40:57", "id": "DEBIAN:DSA-1694-2:82287", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00002.html", "title": "[SECURITY] [DSA 1694-2] New xterm packages fix regression", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:45:23", "bulletinFamily": "unix", "description": "Hanterm is a replacement for xterm, a X Window System terminal emulator,\nthat supports Hangul input and output.\n\nA flaw was found in the Hanterm handling of Device Control Request Status\nString (DECRQSS) escape sequences. An attacker could create a malicious\ntext file (or log entry, if unfiltered) that could run arbitrary commands\nif read by a victim inside a Hanterm window. (CVE-2008-2383)\n\nAll hanterm-xf users are advised to upgrade to the updated package, which\ncontains a backported patch to resolve this issue. All running instances of\nhanterm must be restarted for the update to take effect.", "modified": "2018-03-14T19:27:48", "published": "2009-01-07T05:00:00", "id": "RHSA-2009:0019", "href": "https://access.redhat.com/errata/RHSA-2009:0019", "type": "redhat", "title": "(RHSA-2009:0019) Important: hanterm-xf security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:57", "bulletinFamily": "unix", "description": "The xterm program is a terminal emulator for the X Window System.\n\nA flaw was found in the xterm handling of Device Control Request Status\nString (DECRQSS) escape sequences. An attacker could create a malicious\ntext file (or log entry, if unfiltered) that could run arbitrary commands\nif read by a victim inside an xterm window. (CVE-2008-2383)\n\nAll xterm users are advised to upgrade to the updated package, which\ncontains a backported patch to resolve this issue. All running instances of\nxterm must be restarted for the update to take effect.", "modified": "2017-09-08T12:19:11", "published": "2009-01-07T05:00:00", "id": "RHSA-2009:0018", "href": "https://access.redhat.com/errata/RHSA-2009:0018", "type": "redhat", "title": "(RHSA-2009:0018) Important: xterm security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-07-27T10:55:36", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:0019.\n\nHanterm is a replacement for xterm, a X Window System terminal emulator,\nthat supports Hangul input and output.\n\nA flaw was found in the Hanterm handling of Device Control Request Status\nString (DECRQSS) escape sequences. An attacker could create a malicious\ntext file (or log entry, if unfiltered) that could run arbitrary commands\nif read by a victim inside a Hanterm window. (CVE-2008-2383)\n\nAll hanterm-xf users are advised to upgrade to the updated package, which\ncontains a backported patch to resolve this issue. All running instances of\nhanterm must be restarted for the update to take effect.", "modified": "2017-07-12T00:00:00", "published": "2009-01-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=63115", "id": "OPENVAS:63115", "title": "RedHat Security Advisory RHSA-2009:0019", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0019.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0019 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:0019.\n\nHanterm is a replacement for xterm, a X Window System terminal emulator,\nthat supports Hangul input and output.\n\nA flaw was found in the Hanterm handling of Device Control Request Status\nString (DECRQSS) escape sequences. An attacker could create a malicious\ntext file (or log entry, if unfiltered) that could run arbitrary commands\nif read by a victim inside a Hanterm window. (CVE-2008-2383)\n\nAll hanterm-xf users are advised to upgrade to the updated package, which\ncontains a backported patch to resolve this issue. All running instances of\nhanterm must be restarted for the update to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(63115);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-07 23:16:01 +0100 (Wed, 07 Jan 2009)\");\n script_cve_id(\"CVE-2008-2383\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:0019\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0019.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"hanterm-xf\", rpm:\"hanterm-xf~2.0.5~5.AS21.2\", rls:\"RHENT_2.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:55:09", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n xterm\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-13T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=65947", "id": "OPENVAS:65947", "title": "SLES10: Security update for xterm", "type": "openvas", "sourceData": "#\n#VID slesp2-xterm-5898\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for xterm\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n xterm\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_id(65947);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2008-2383\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES10: Security update for xterm\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"xterm\", rpm:\"xterm~208~14.6\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:05", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n XFree86\n XFree86-server\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5041641 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065070", "id": "OPENVAS:136141256231065070", "title": "SLES9: Security update for XFree86", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5041641.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for XFree86\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n XFree86\n XFree86-server\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5041641 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65070\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2008-2383\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for XFree86\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"XFree86\", rpm:\"XFree86~4.3.99.902~43.98\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:42", "bulletinFamily": "scanner", "description": "The remote host is missing an update as announced\nvia advisory SSA:2009-069-03.", "modified": "2017-07-07T00:00:00", "published": "2012-09-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=63559", "id": "OPENVAS:63559", "title": "Slackware Advisory SSA:2009-069-03 xterm", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2009_069_03.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New xterm packages are available for Slackware 12.0, 12.1, 12.2, and -current\nto fix a security issue.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2009-069-03.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2009-069-03\";\n \nif(description)\n{\n script_id(63559);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2008-2383\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 6598 $\");\n name = \"Slackware Advisory SSA:2009-069-03 xterm \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"xterm\", ver:\"241-i486-1_slack12.0\", rls:\"SLK12.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"xterm\", ver:\"241-i486-1_slack12.1\", rls:\"SLK12.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"xterm\", ver:\"241-i486-1_slack12.2\", rls:\"SLK12.2\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:26", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:1361412562310880825", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880825", "title": "CentOS Update for xterm CESA-2009:0018 centos3 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for xterm CESA-2009:0018 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-January/015520.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880825\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2009:0018\");\n script_cve_id(\"CVE-2008-2383\");\n script_name(\"CentOS Update for xterm CESA-2009:0018 centos3 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xterm'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS3\");\n script_tag(name:\"affected\", value:\"xterm on CentOS 3\");\n script_tag(name:\"insight\", value:\"The xterm program is a terminal emulator for the X Window System.\n\n A flaw was found in the xterm handling of Device Control Request Status\n String (DECRQSS) escape sequences. An attacker could create a malicious\n text file (or log entry, if unfiltered) that could run arbitrary commands\n if read by a victim inside an xterm window. (CVE-2008-2383)\n\n All xterm users are advised to upgrade to the updated package, which\n contains a backported patch to resolve this issue. All running instances of\n xterm must be restarted for the update to take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"xterm\", rpm:\"xterm~179~11.EL3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-04-06T11:40:11", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:0018.\n\nThe xterm program is a terminal emulator for the X Window System.\n\nA flaw was found in the xterm handling of Device Control Request Status\nString (DECRQSS) escape sequences. An attacker could create a malicious\ntext file (or log entry, if unfiltered) that could run arbitrary commands\nif read by a victim inside an xterm window. (CVE-2008-2383)\n\nAll xterm users are advised to upgrade to the updated package, which\ncontains a backported patch to resolve this issue. All running instances of\nxterm must be restarted for the update to take effect.", "modified": "2018-04-06T00:00:00", "published": "2009-01-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063111", "id": "OPENVAS:136141256231063111", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:0018", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0018.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0018 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:0018.\n\nThe xterm program is a terminal emulator for the X Window System.\n\nA flaw was found in the xterm handling of Device Control Request Status\nString (DECRQSS) escape sequences. An attacker could create a malicious\ntext file (or log entry, if unfiltered) that could run arbitrary commands\nif read by a victim inside an xterm window. (CVE-2008-2383)\n\nAll xterm users are advised to upgrade to the updated package, which\ncontains a backported patch to resolve this issue. All running instances of\nxterm must be restarted for the update to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63111\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-07 23:16:01 +0100 (Wed, 07 Jan 2009)\");\n script_cve_id(\"CVE-2008-2383\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:0018\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0018.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"xterm\", rpm:\"xterm~179~11.EL3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xterm-debuginfo\", rpm:\"xterm-debuginfo~179~11.EL3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xterm\", rpm:\"xterm~192~8.el4_7.2\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xterm-debuginfo\", rpm:\"xterm-debuginfo~192~8.el4_7.2\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xterm\", rpm:\"xterm~215~5.el5_2.2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xterm-debuginfo\", rpm:\"xterm-debuginfo~215~5.el5_2.2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:51", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:1361412562310880736", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880736", "title": "CentOS Update for xterm-215-5.el5 CESA-2009:0018 centos5 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for xterm-215-5.el5_ CESA-2009:0018 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-January/015526.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880736\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2009:0018\");\n script_cve_id(\"CVE-2008-2383\");\n script_name(\"CentOS Update for xterm-215-5.el5 CESA-2009:0018 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xterm-215-5.el5_'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"xterm-215-5.el5_ on CentOS 5\");\n script_tag(name:\"insight\", value:\"The xterm program is a terminal emulator for the X Window System.\n\n A flaw was found in the xterm handling of Device Control Request Status\n String (DECRQSS) escape sequences. An attacker could create a malicious\n text file (or log entry, if unfiltered) that could run arbitrary commands\n if read by a victim inside an xterm window. (CVE-2008-2383)\n\n All xterm users are advised to upgrade to the updated package, which\n contains a backported patch to resolve this issue. All running instances of\n xterm must be restarted for the update to take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"xterm\", rpm:\"xterm~215~5.el5_2.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:55", "bulletinFamily": "scanner", "description": "The remote host is missing an update as announced\nvia advisory SSA:2009-069-03.", "modified": "2019-03-15T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:136141256231063559", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063559", "title": "Slackware Advisory SSA:2009-069-03 xterm", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2009_069_03.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63559\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_cve_id(\"CVE-2008-2383\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2009-069-03 xterm\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK(12\\.0|12\\.1|12\\.2)\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2009-069-03\");\n\n script_tag(name:\"insight\", value:\"New xterm packages are available for Slackware 12.0, 12.1, 12.2, and -current\nto fix a security issue.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2009-069-03.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"xterm\", ver:\"241-i486-1_slack12.0\", rls:\"SLK12.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"xterm\", ver:\"241-i486-1_slack12.1\", rls:\"SLK12.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"xterm\", ver:\"241-i486-1_slack12.2\", rls:\"SLK12.2\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:56:13", "bulletinFamily": "scanner", "description": "The remote host is missing an update to xterm\nannounced via advisory DSA 1694-1.", "modified": "2017-07-07T00:00:00", "published": "2009-01-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=63098", "id": "OPENVAS:63098", "title": "Debian Security Advisory DSA 1694-1 (xterm)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1694_1.nasl 6615 2017-07-07 12:09:52Z cfischer $\n# Description: Auto-generated from advisory DSA 1694-1 (xterm)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Paul Szabo discovered that xterm, a terminal emulator for the X Window\nSystem, places arbitrary characters into the input buffer when\ndisplaying certain crafted escape sequences (CVE-2008-2383).\n\nAs an additional precaution, this security update also disables font\nchanging, user-defined keys, and X property changes through escape\nsequences.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 222-1etch3.\n\nFor the unstable distribution (sid), this problem will be fixed soon.\n\nWe recommend that you upgrade your xterm package.\";\ntag_summary = \"The remote host is missing an update to xterm\nannounced via advisory DSA 1694-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201694-1\";\n\n\nif(description)\n{\n script_id(63098);\n script_version(\"$Revision: 6615 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:52 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-07 23:16:01 +0100 (Wed, 07 Jan 2009)\");\n script_cve_id(\"CVE-2008-2383\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1694-1 (xterm)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"xterm\", ver:\"222-1etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:46", "bulletinFamily": "scanner", "description": "The remote host is missing an update to xterm\nannounced via advisory DSA 1694-1.", "modified": "2018-04-06T00:00:00", "published": "2009-01-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063098", "id": "OPENVAS:136141256231063098", "title": "Debian Security Advisory DSA 1694-1 (xterm)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1694_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory DSA 1694-1 (xterm)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Paul Szabo discovered that xterm, a terminal emulator for the X Window\nSystem, places arbitrary characters into the input buffer when\ndisplaying certain crafted escape sequences (CVE-2008-2383).\n\nAs an additional precaution, this security update also disables font\nchanging, user-defined keys, and X property changes through escape\nsequences.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 222-1etch3.\n\nFor the unstable distribution (sid), this problem will be fixed soon.\n\nWe recommend that you upgrade your xterm package.\";\ntag_summary = \"The remote host is missing an update to xterm\nannounced via advisory DSA 1694-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201694-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63098\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-07 23:16:01 +0100 (Wed, 07 Jan 2009)\");\n script_cve_id(\"CVE-2008-2383\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1694-1 (xterm)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"xterm\", ver:\"222-1etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2019-12-20T18:24:50", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2009:0019-01\n\n\nHanterm is a replacement for xterm, a X Window System terminal emulator,\nthat supports Hangul input and output.\n\nA flaw was found in the Hanterm handling of Device Control Request Status\nString (DECRQSS) escape sequences. An attacker could create a malicious\ntext file (or log entry, if unfiltered) that could run arbitrary commands\nif read by a victim inside a Hanterm window. (CVE-2008-2383)\n\nAll hanterm-xf users are advised to upgrade to the updated package, which\ncontains a backported patch to resolve this issue. All running instances of\nhanterm must be restarted for the update to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-February/027610.html\n\n**Affected packages:**\nhanterm-xf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "modified": "2009-02-02T23:25:09", "published": "2009-02-02T23:25:09", "href": "http://lists.centos.org/pipermail/centos-announce/2009-February/027610.html", "id": "CESA-2009:0019-01", "title": "hanterm security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2020-01-01T01:37:08", "bulletinFamily": "scanner", "description": "A flaw was found in the xterm handling of Device Control Request\nStatus String (DECRQSS) escape sequences. An attacker could create a\nmalicious text file (or log entry, if unfiltered) that could run\narbitrary commands if read by a victim inside an xterm window.\n(CVE-2008-2383)", "modified": "2020-01-02T00:00:00", "id": "SL_20090107_XTERM_ON_SL3_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60516", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : xterm on SL3.x, SL4.x, SL5.x i386/x86_64", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60516);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/10/25 13:36:18\");\n\n script_cve_id(\"CVE-2008-2383\");\n\n script_name(english:\"Scientific Linux Security Update : xterm on SL3.x, SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Scientific Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the xterm handling of Device Control Request\nStatus String (DECRQSS) escape sequences. An attacker could create a\nmalicious text file (or log entry, if unfiltered) that could run\narbitrary commands if read by a victim inside an xterm window.\n(CVE-2008-2383)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0901&L=scientific-linux-errata&T=0&P=328\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?444e914b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xterm package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"xterm-179-11.EL3\")) flag++;\n\nif (rpm_check(release:\"SL4\", reference:\"xterm-192-8.el4_7.2\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"xterm-215-5.el5_2.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-01T00:17:59", "bulletinFamily": "scanner", "description": "A vulnerability has been discovered in xterm, which can be exploited\nby malicious people to compromise a user", "modified": "2020-01-02T00:00:00", "id": "MANDRIVA_MDVSA-2009-005.NASL", "href": "https://www.tenable.com/plugins/nessus/36977", "published": "2009-04-23T00:00:00", "title": "Mandriva Linux Security Advisory : xterm (MDVSA-2009:005)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:005. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(36977);\n script_version (\"1.14\");\n script_cvs_date(\"Date: 2019/08/02 13:32:51\");\n\n script_cve_id(\"CVE-2008-2383\");\n script_bugtraq_id(33060);\n script_xref(name:\"MDVSA\", value:\"2009:005\");\n\n script_name(english:\"Mandriva Linux Security Advisory : xterm (MDVSA-2009:005)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandriva Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability has been discovered in xterm, which can be exploited\nby malicious people to compromise a user's system. The vulnerability\nis caused due to xterm not properly processing the DECRQSS Device\nControl Request Status String escape sequence. This can be exploited\nto inject and execute arbitrary shell commands by e.g. tricking a user\ninto displaying a malicious text file containing a specially crafted\nescape sequence via the more command in xterm (CVE-2008-2383).\n\nThe updated packages have been patched to prevent this.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xterm package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xterm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xterm-229-2.1mdv2008.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.1\", reference:\"xterm-232-1.1mdv2008.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.0\", reference:\"xterm-236-1.1mdv2009.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-01T01:44:37", "bulletinFamily": "scanner", "description": "XTerm evaluated various ANSI Escape sequences so that command\nexecution was possible if an attacker could pipe raw data to an xterm.\n(CVE-2008-2383)\n\n(It is usually not recommended to display raw data on an xterm.)", "modified": "2020-01-02T00:00:00", "id": "SUSE_11_0_XTERM-090108.NASL", "href": "https://www.tenable.com/plugins/nessus/40160", "published": "2009-07-21T00:00:00", "title": "openSUSE Security Update : xterm (xterm-405)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update xterm-405.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40160);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/10/25 13:36:34\");\n\n script_cve_id(\"CVE-2008-2383\");\n\n script_name(english:\"openSUSE Security Update : xterm (xterm-405)\");\n script_summary(english:\"Check for the xterm-405 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"XTerm evaluated various ANSI Escape sequences so that command\nexecution was possible if an attacker could pipe raw data to an xterm.\n(CVE-2008-2383)\n\n(It is usually not recommended to display raw data on an xterm.)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=462917\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xterm package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xterm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"xterm-235-12.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xterm\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-01T01:44:46", "bulletinFamily": "scanner", "description": "XTerm evaluated various ANSI Escape sequences so that command\nexecution was possible if an attacker could pipe raw data to an xterm.\n(CVE-2008-2383)\n\n(It is usually not recommended to display raw data on an xterm.)", "modified": "2020-01-02T00:00:00", "id": "SUSE_11_1_XTERM-090108.NASL", "href": "https://www.tenable.com/plugins/nessus/40327", "published": "2009-07-21T00:00:00", "title": "openSUSE Security Update : xterm (xterm-405)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update xterm-405.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40327);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/10/25 13:36:35\");\n\n script_cve_id(\"CVE-2008-2383\");\n\n script_name(english:\"openSUSE Security Update : xterm (xterm-405)\");\n script_summary(english:\"Check for the xterm-405 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"XTerm evaluated various ANSI Escape sequences so that command\nexecution was possible if an attacker could pipe raw data to an xterm.\n(CVE-2008-2383)\n\n(It is usually not recommended to display raw data on an xterm.)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=462917\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xterm package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xterm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"xterm-236-1.50.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xterm\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-01T01:13:20", "bulletinFamily": "scanner", "description": "An updated hanterm-xf package to correct a security issue is now\navailable for Red Hat Enterprise Linux 2.1.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nHanterm is a replacement for xterm, a X Window System terminal\nemulator, that supports Hangul input and output.\n\nA flaw was found in the Hanterm handling of Device Control Request\nStatus String (DECRQSS) escape sequences. An attacker could create a\nmalicious text file (or log entry, if unfiltered) that could run\narbitrary commands if read by a victim inside a Hanterm window.\n(CVE-2008-2383)\n\nAll hanterm-xf users are advised to upgrade to the updated package,\nwhich contains a backported patch to resolve this issue. All running\ninstances of hanterm must be restarted for the update to take effect.", "modified": "2020-01-02T00:00:00", "id": "REDHAT-RHSA-2009-0019.NASL", "href": "https://www.tenable.com/plugins/nessus/35319", "published": "2009-01-08T00:00:00", "title": "RHEL 2.1 : hanterm-xf (RHSA-2009:0019)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:0019. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(35319);\n script_version (\"1.25\");\n script_cvs_date(\"Date: 2019/10/25 13:36:13\");\n\n script_cve_id(\"CVE-2008-2383\");\n script_bugtraq_id(33060);\n script_xref(name:\"RHSA\", value:\"2009:0019\");\n\n script_name(english:\"RHEL 2.1 : hanterm-xf (RHSA-2009:0019)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated hanterm-xf package to correct a security issue is now\navailable for Red Hat Enterprise Linux 2.1.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nHanterm is a replacement for xterm, a X Window System terminal\nemulator, that supports Hangul input and output.\n\nA flaw was found in the Hanterm handling of Device Control Request\nStatus String (DECRQSS) escape sequences. An attacker could create a\nmalicious text file (or log entry, if unfiltered) that could run\narbitrary commands if read by a victim inside a Hanterm window.\n(CVE-2008-2383)\n\nAll hanterm-xf users are advised to upgrade to the updated package,\nwhich contains a backported patch to resolve this issue. All running\ninstances of hanterm must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2383\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:0019\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected hanterm-xf package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hanterm-xf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/01/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/01/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^2\\.1([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i386\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:0019\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"hanterm-xf-2.0.5-5.AS21.2\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"hanterm-xf\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-01T01:13:20", "bulletinFamily": "scanner", "description": "An updated xterm package to correct a security issue is now available\nfor Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe xterm program is a terminal emulator for the X Window System.\n\nA flaw was found in the xterm handling of Device Control Request\nStatus String (DECRQSS) escape sequences. An attacker could create a\nmalicious text file (or log entry, if unfiltered) that could run\narbitrary commands if read by a victim inside an xterm window.\n(CVE-2008-2383)\n\nAll xterm users are advised to upgrade to the updated package, which\ncontains a backported patch to resolve this issue. All running\ninstances of xterm must be restarted for the update to take effect.", "modified": "2020-01-02T00:00:00", "id": "REDHAT-RHSA-2009-0018.NASL", "href": "https://www.tenable.com/plugins/nessus/35302", "published": "2009-01-07T00:00:00", "title": "RHEL 3 / 4 / 5 : xterm (RHSA-2009:0018)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:0018. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(35302);\n script_version (\"1.25\");\n script_cvs_date(\"Date: 2019/10/25 13:36:13\");\n\n script_cve_id(\"CVE-2008-2383\");\n script_bugtraq_id(33060);\n script_xref(name:\"RHSA\", value:\"2009:0018\");\n\n script_name(english:\"RHEL 3 / 4 / 5 : xterm (RHSA-2009:0018)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated xterm package to correct a security issue is now available\nfor Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe xterm program is a terminal emulator for the X Window System.\n\nA flaw was found in the xterm handling of Device Control Request\nStatus String (DECRQSS) escape sequences. An attacker could create a\nmalicious text file (or log entry, if unfiltered) that could run\narbitrary commands if read by a victim inside an xterm window.\n(CVE-2008-2383)\n\nAll xterm users are advised to upgrade to the updated package, which\ncontains a backported patch to resolve this issue. All running\ninstances of xterm must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2383\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:0018\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xterm package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xterm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/01/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/01/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x / 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:0018\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"xterm-179-11.EL3\")) flag++;\n\n\n if (rpm_check(release:\"RHEL4\", reference:\"xterm-192-8.el4_7.2\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xterm-215-5.el5_2.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xterm-215-5.el5_2.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xterm-215-5.el5_2.2\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xterm\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-01T07:47:55", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-200902-04\n(xterm: User-assisted arbitrary commands execution)\n\n Paul Szabo reported an insufficient input sanitization when processing\n Device Control Request Status String (DECRQSS) sequences.\n \nImpact :\n\n A remote attacker could entice a user to display a file containing\n specially crafted DECRQSS sequences, possibly resulting in the remote\n execution of arbitrary commands with the privileges of the user viewing\n the file.\n \nWorkaround :\n\n There is no known workaround at this time.", "modified": "2020-01-02T00:00:00", "id": "GENTOO_GLSA-200902-04.NASL", "href": "https://www.tenable.com/plugins/nessus/35675", "published": "2009-02-13T00:00:00", "title": "GLSA-200902-04 : xterm: User-assisted arbitrary commands execution", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200902-04.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(35675);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/08/02 13:32:45\");\n\n script_cve_id(\"CVE-2008-2383\");\n script_xref(name:\"GLSA\", value:\"200902-04\");\n\n script_name(english:\"GLSA-200902-04 : xterm: User-assisted arbitrary commands execution\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200902-04\n(xterm: User-assisted arbitrary commands execution)\n\n Paul Szabo reported an insufficient input sanitization when processing\n Device Control Request Status String (DECRQSS) sequences.\n \nImpact :\n\n A remote attacker could entice a user to display a file containing\n specially crafted DECRQSS sequences, possibly resulting in the remote\n execution of arbitrary commands with the privileges of the user viewing\n the file.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200902-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All xterm users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=x11-terms/xterm-239'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:xterm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/02/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"x11-terms/xterm\", unaffected:make_list(\"ge 239\"), vulnerable:make_list(\"lt 239\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xterm\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-01T02:11:12", "bulletinFamily": "scanner", "description": "XTerm evaluated various ANSI Escape sequences so that command\nexecution was possible if an attacker could pipe raw data to an xterm.\n(CVE-2008-2383)\n\n(It is usually not recommended to display raw data on an xterm.)", "modified": "2020-01-02T00:00:00", "id": "SUSE_XTERM-5898.NASL", "href": "https://www.tenable.com/plugins/nessus/41604", "published": "2009-09-24T00:00:00", "title": "SuSE 10 Security Update : xterm (ZYPP Patch Number 5898)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(41604);\n script_version (\"1.10\");\n script_cvs_date(\"Date: 2019/10/25 13:36:37\");\n\n script_cve_id(\"CVE-2008-2383\");\n\n script_name(english:\"SuSE 10 Security Update : xterm (ZYPP Patch Number 5898)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"XTerm evaluated various ANSI Escape sequences so that command\nexecution was possible if an attacker could pipe raw data to an xterm.\n(CVE-2008-2383)\n\n(It is usually not recommended to display raw data on an xterm.)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-2383.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 5898.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"xterm-208-14.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"xterm-208-14.6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-01T06:41:53", "bulletinFamily": "scanner", "description": "An updated xterm package to correct a security issue is now available\nfor Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe xterm program is a terminal emulator for the X Window System.\n\nA flaw was found in the xterm handling of Device Control Request\nStatus String (DECRQSS) escape sequences. An attacker could create a\nmalicious text file (or log entry, if unfiltered) that could run\narbitrary commands if read by a victim inside an xterm window.\n(CVE-2008-2383)\n\nAll xterm users are advised to upgrade to the updated package, which\ncontains a backported patch to resolve this issue. All running\ninstances of xterm must be restarted for the update to take effect.", "modified": "2020-01-02T00:00:00", "id": "CENTOS_RHSA-2009-0018.NASL", "href": "https://www.tenable.com/plugins/nessus/35312", "published": "2009-01-08T00:00:00", "title": "CentOS 3 / 4 / 5 : xterm (CESA-2009:0018)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:0018 and \n# CentOS Errata and Security Advisory 2009:0018 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(35312);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2019/10/25 13:36:04\");\n\n script_cve_id(\"CVE-2008-2383\");\n script_bugtraq_id(33060);\n script_xref(name:\"RHSA\", value:\"2009:0018\");\n\n script_name(english:\"CentOS 3 / 4 / 5 : xterm (CESA-2009:0018)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated xterm package to correct a security issue is now available\nfor Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe xterm program is a terminal emulator for the X Window System.\n\nA flaw was found in the xterm handling of Device Control Request\nStatus String (DECRQSS) escape sequences. An attacker could create a\nmalicious text file (or log entry, if unfiltered) that could run\narbitrary commands if read by a victim inside an xterm window.\n(CVE-2008-2383)\n\nAll xterm users are advised to upgrade to the updated package, which\ncontains a backported patch to resolve this issue. All running\ninstances of xterm must be restarted for the update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-February/015595.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5a581080\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-February/015600.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?74809f78\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-January/015520.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?76b89994\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-January/015521.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?20b3fb2b\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-January/015526.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a050911f\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-January/015527.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?70007572\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-January/015548.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?57421b16\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-January/015549.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?26bb4f91\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xterm package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xterm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/01/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/01/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 3.x / 4.x / 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", reference:\"xterm-179-11.EL3\")) flag++;\n\nif (rpm_check(release:\"CentOS-4\", reference:\"xterm-192-8.el4_7.2\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"xterm-215-5.el5_2.2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xterm\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-01T07:46:38", "bulletinFamily": "scanner", "description": "SecurityFocus reports :\n\nThe xterm program is prone to a remote command-execution vulnerability\nbecause it fails to sufficiently validate user input.\n\nSuccessfully exploiting this issue would allow an attacker to execute\narbitrary commands on an affected computer in the context of the\naffected application.", "modified": "2020-01-02T00:00:00", "id": "FREEBSD_PKG_D5E1AAC8DB0B11DDAE30001CC0377035.NASL", "href": "https://www.tenable.com/plugins/nessus/35295", "published": "2009-01-06T00:00:00", "title": "FreeBSD : xterm -- DECRQSS remote command execution vulnerability (d5e1aac8-db0b-11dd-ae30-001cc0377035)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(35295);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2019/08/02 13:32:40\");\n\n script_cve_id(\"CVE-2008-2383\");\n script_bugtraq_id(33060);\n\n script_name(english:\"FreeBSD : xterm -- DECRQSS remote command execution vulnerability (d5e1aac8-db0b-11dd-ae30-001cc0377035)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"SecurityFocus reports :\n\nThe xterm program is prone to a remote command-execution vulnerability\nbecause it fails to sufficiently validate user input.\n\nSuccessfully exploiting this issue would allow an attacker to execute\narbitrary commands on an affected computer in the context of the\naffected application.\"\n );\n # http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510030\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510030\"\n );\n # https://vuxml.freebsd.org/freebsd/d5e1aac8-db0b-11dd-ae30-001cc0377035.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e470f812\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:xterm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/01/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"xterm<238\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "slackware": [{"lastseen": "2019-05-30T07:37:10", "bulletinFamily": "unix", "description": "New xterm packages are available for Slackware 12.0, 12.1, 12.2, and -current\nto fix a security issue.\n\nMore details about this issue may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2383\n\n\nHere are the details from the Slackware 12.2 ChangeLog:\n\npatches/packages/xterm-241-i486-1_slack12.2.tgz:\n Upgraded to xterm-241.\n This fixes a vulnerability where displaying a file containing\n DECRQSS (Device Control Request Status String) sequences could\n cause arbitrary commands to be executed as the user running xterm.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2383\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/xterm-241-i486-1_slack12.0.tgz\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/xterm-241-i486-1_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/xterm-241-i486-1_slack12.2.tgz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xterm-241-i486-1.tgz\n\n\nMD5 signatures:\n\nSlackware 12.0 package:\nf9fac14482cb0799bcc9e0174eeb959e xterm-241-i486-1_slack12.0.tgz\n\nSlackware 12.1 package:\n5da769ba1fe03bfc878adac06e44caaf xterm-241-i486-1_slack12.1.tgz\n\nSlackware 12.2 package:\nab97395b148fa1441bf01847f37e7b56 xterm-241-i486-1_slack12.2.tgz\n\nSlackware -current package:\nbb5b9a0774ff62a7abb728b60209aa5e xterm-241-i486-1.tgz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg xterm-241-i486-1_slack12.2.tgz", "modified": "2009-03-10T10:26:52", "published": "2009-03-10T10:26:52", "id": "SSA-2009-069-03", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.389683", "title": "xterm", "type": "slackware", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:34:59", "bulletinFamily": "unix", "description": "[215-5.el5_2.2]\n- Fix CVE-2008-2383", "modified": "2009-01-07T00:00:00", "published": "2009-01-07T00:00:00", "id": "ELSA-2009-0018", "href": "http://linux.oracle.com/errata/ELSA-2009-0018.html", "title": "xterm security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:19", "bulletinFamily": "unix", "description": "\nSecurityFocus reports:\n\nThe xterm program is prone to a remote command-execution\n\t vulnerability because it fails to sufficiently validate user\n\t input.\nSuccessfully exploiting this issue would allow an attacker\n\t to execute arbitrary commands on an affected computer in the\n\t context of the affected application.\n\n", "modified": "2009-01-06T00:00:00", "published": "2008-12-28T00:00:00", "id": "D5E1AAC8-DB0B-11DD-AE30-001CC0377035", "href": "https://vuxml.freebsd.org/freebsd/d5e1aac8-db0b-11dd-ae30-001cc0377035.html", "title": "xterm -- DECRQSS remote command execution vulnerability", "type": "freebsd", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:02", "bulletinFamily": "unix", "description": "### Background\n\nxterm is a terminal emulator for the X Window system. \n\n### Description\n\nPaul Szabo reported an insufficient input sanitization when processing Device Control Request Status String (DECRQSS) sequences. \n\n### Impact\n\nA remote attacker could entice a user to display a file containing specially crafted DECRQSS sequences, possibly resulting in the remote execution of arbitrary commands with the privileges of the user viewing the file. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll xterm users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-terms/xterm-239\"", "modified": "2009-02-12T00:00:00", "published": "2009-02-12T00:00:00", "id": "GLSA-200902-04", "href": "https://security.gentoo.org/glsa/200902-04", "type": "gentoo", "title": "xterm: User-assisted arbitrary commands execution", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2019-05-29T17:22:28", "bulletinFamily": "unix", "description": "Paul Szabo discovered that the DECRQSS escape sequences were not handled correctly by xterm. Additionally, window title operations were also not safely handled. If a user were tricked into viewing a specially crafted series of characters while in xterm, a remote attacker could execute arbitrary commands with user privileges. (CVE-2006-7236, CVE-2008-2382)", "modified": "2009-01-06T00:00:00", "published": "2009-01-06T00:00:00", "id": "USN-703-1", "href": "https://usn.ubuntu.com/703-1/", "title": "xterm vulnerabilities", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:30", "bulletinFamily": "software", "description": "About the security content of Security Update 2009-002 / Mac OS X v10.5.7\r\n\r\n * Last Modified: May 12, 2009\r\n * Article: HT3549\r\n\r\nSummary\r\n\r\nThis document describes the security content of Security Update 2009-002 / Mac OS X v10.5.7, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.\r\n\r\nFor the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.\r\n\r\nFor information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."\r\n\r\nWhere possible, CVE IDs are used to reference the vulnerabilities for further information.\r\n\r\nTo learn about other Security Updates, see "Apple Security Updates."\r\nProducts Affected\r\n\r\nProduct Security, Mac OS X 10.5\r\nSecurity Update 2009-002 / Mac OS X v10.5.7\r\n\r\n *\r\n\r\n Apache\r\n\r\n CVE-ID: CVE-2008-2939\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11\r\n\r\n Impact: Visiting a malicious website via a proxy may result in cross-site scripting\r\n\r\n Description: An input validation issue exists in Apache's handling of FTP proxy requests containing wildcard characters. Visiting a malicious website via an Apache proxy may result in a cross-site scripting attack. This update addresses the issue by applying the Apache patch for version 2.0.63. Further information is available via the Apache web site at http://httpd.apache.org/ Apache 2.0.x is only shipped with Mac OS X Server v10.4.x systems. Mac OS X v10.5.x and Mac OS X Server v10.5.x ship with Apache 2.2.x.\r\n\r\n *\r\n\r\n Apache\r\n\r\n CVE-ID: CVE-2008-2939\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Visiting a malicious website via a proxy may result in cross-site scripting\r\n\r\n Description: An input validation issue exists in Apache 2.2.9's handling of FTP proxy requests containing wildcard characters. Visiting a malicious website via an Apache proxy may result in a cross-site scripting attack. This update addresses the issue by updating Apache to version 2.2.11. Further information is available via the Apache web site at http://httpd.apache.org/\r\n\r\n *\r\n\r\n Apache\r\n\r\n CVE-ID: CVE-2008-0456\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Web sites that allow users to control the name of a served file may be vulnerable to HTTP response injection\r\n\r\n Description: A request forgery issue exists in Apache. Apache does not escape filenames when negotiating the correct content type to send to a remote browser. A user who can publish files with specially crafted names to a web site can substitute their own response for any web page hosted on the system. This update addresses the issue by escaping filenames in content negotiation responses.\r\n\r\n *\r\n\r\n ATS\r\n\r\n CVE-ID: CVE-2009-0154\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Viewing or downloading a document containing a maliciously crafted embedded CFF font may lead to arbitrary code execution\r\n\r\n Description: A heap buffer overflow exists in Apple Type Services' handling of Compact Font Format (CFF) fonts. Viewing or downloading a document containing a maliciously crafted embedded CFF font may lead to arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to Charlie Miller of Independent Security Evaluators working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n BIND\r\n\r\n CVE-ID: CVE-2009-0025\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: BIND is susceptible to a spoofing attack if configured to use DNSSEC\r\n\r\n Description: BIND incorrectly checks the return value of the OpenSSL DSA_do_verify function. On systems using the DNS Security Extensions (DNSSEC) protocol, a maliciously crafted DSA certificate could bypass the validation, which may lead to a spoofing attack. By default, DNSSEC is not enabled. This update addresses the issue by updating BIND to version 9.3.6-P1 on Mac OS X v10.4, and version 9.4.3-P1 for Mac OS X v10.5 systems. Further information is available via the ISC web site at https://www.isc.org/\r\n\r\n *\r\n\r\n CFNetwork\r\n\r\n CVE-ID: CVE-2009-0144\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Applications that use CFNetwork may send secure cookies in unencrypted HTTP requests\r\n\r\n Description: An implementation issue exists in CFNetwork's parsing of Set-Cookie headers, which may result in certain cookies being unexpectedly sent over a non-encrypted connection. This issue affects non-RFC compliant Set-Cookie headers that are accepted for compatibility reasons. This may result in applications that use CFNetwork, such as Safari, sending sensitive information in unencrypted HTTP requests. This update addresses the issue through improved parsing of Set-Cookie headers. This issue does not affect systems prior to Mac OS X v10.5. Credit to Andrew Mortensen of the University of Michigan for reporting this issue.\r\n\r\n *\r\n\r\n CFNetwork\r\n\r\n CVE-ID: CVE-2009-0157\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Visiting a malicious website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A heap buffer overflow exists in the handling of overly long HTTP headers in CFNetwork. Visiting a malicious website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of HTTP headers. This issue does not affect systems prior to Mac OS X v10.5. Credit to Moritz Jodeit of n.runs AG for reporting this issue.\r\n\r\n *\r\n\r\n CoreGraphics\r\n\r\n CVE-ID: CVE-2009-0145\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: Multiple memory corruption issues exist in CoreGraphics' handling of PDF files. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issues through improved bounds and error checking.\r\n\r\n *\r\n\r\n CoreGraphics\r\n\r\n CVE-ID: CVE-2009-0155\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An integer underflow in CoreGraphics' handling of PDF files may result in a heap buffer overflow. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.5. Credit to Barry K. Nathan for reporting this issue.\r\n\r\n *\r\n\r\n CoreGraphics\r\n\r\n CVE-ID: CVE-2009-0146, CVE-2009-0147, CVE-2009-0165\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Viewing or downloading a PDF file containing a maliciously crafted JBIG2 stream may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: Multiple heap buffer overflows exist in CoreGraphics' handling of PDF files containing JBIG2 streams. Viewing or downloading a PDF file containing a maliciously crafted JBIG2 stream may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to Apple, Alin Rad Pop of Secunia Research, and Will Dormann of CERT/CC for reporting this issue.\r\n\r\n *\r\n\r\n Cscope\r\n\r\n CVE-ID: CVE-2009-0148\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Processing a maliciously crafted source file with Cscope may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A stack buffer overflow exists in Cscope's handling of long file system path names. Using Cscope to process a maliciously crafted source file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.\r\n\r\n *\r\n\r\n CUPS\r\n\r\n CVE-ID: CVE-2009-0164\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Visiting a maliciously crafted web site may lead to unauthorized access of the Web Interface of CUPS\r\n\r\n Description: Under certain circumstances, the Web Interface of CUPS 1.3.9 and earlier may be accessible to attackers through DNS rebinding attacks. In the default configuration, this may allow a maliciously crafted website to start and stop printers, and access information about printers and jobs. This update addresses the issue by performing additional validation of the Host header. Credit: Apple.\r\n\r\n *\r\n\r\n Disk Images\r\n\r\n CVE-ID: CVE-2009-0150\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Mounting a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A stack buffer overflow exists in the handling of disk images. Mounting a maliciously crafted sparse disk image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.5. Credit to Tiller Beauchamp of IOActive for reporting this issue.\r\n\r\n *\r\n\r\n Disk Images\r\n\r\n CVE-ID: CVE-2009-0149\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Mounting a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: Multiple memory corruption issues exist in the handling of disk images. Mounting a maliciously crafted sparse disk image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit: Apple.\r\n\r\n *\r\n\r\n enscript\r\n\r\n CVE-ID: CVE-2004-1184, CVE-2004-1185, CVE-2004-1186, CVE-2008-3863\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Multiple vulnerabilities in enscript\r\n\r\n Description: enscript is updated to version 1.6.4 to address several vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the gnu web site at http://www.gnu.org/software/enscript/\r\n\r\n *\r\n\r\n Flash Player plug-in\r\n\r\n CVE-ID: CVE-2009-0519, CVE-2009-0520, CVE-2009-0114\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Multiple vulnerabilities in Adobe Flash Player plug-in\r\n\r\n Description: Multiple issues exist in the Adobe Flash Player plug-in, the most serious of which may lead to arbitrary code execution when viewing a maliciously crafted web site. The issues are addressed by updating the Flash Player plug-in on Mac OS v10.5.x systems to version 10.0.22.87, and to version 9.0.159.0 on Mac OS X v10.4.11 systems. Further information is available via the Adobe web site at http://www.adobe.com/support/security/bulletins/apsb09-01.html\r\n\r\n *\r\n\r\n Help Viewer\r\n\r\n CVE-ID: CVE-2009-0942\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Accessing a maliciously crafted "help:" URL may lead to arbitrary code execution\r\n\r\n Description: Help Viewer loads Cascading Style Sheets referenced in URL parameters without validating that the referenced style sheets are located within a registered help book. A malicious "help:" URL may be used to invoke arbitrary AppleScript files, which may lead to arbitrary code execution. This update addresses the issue through improved validation of file system paths when loading stylesheets. Credit to Brian Mastenbrook for reporting this issue.\r\n\r\n *\r\n\r\n Help Viewer\r\n\r\n CVE-ID: CVE-2009-0943\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Accessing a maliciously crafted "help:" URL may lead to arbitrary code execution\r\n\r\n Description: Help Viewer does not validate that full paths to HTML documents are within registered help books. A malicious "help:" URL may be used to invoke arbitrary AppleScript files, which may lead to arbitrary code execution. This update addresses the issue through improved validation of "help:" URLs. Credit to Brian Mastenbrook for reporting this issue.\r\n\r\n *\r\n\r\n iChat\r\n\r\n CVE-ID: CVE-2009-0152\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: iChat AIM communications configured for SSL may downgrade to plaintext\r\n\r\n Description: iChat supports Secure Sockets Layer (SSL) for AOL Instant Messenger and Jabber accounts. iChat automatically disables SSL for AOL Instant Messenger accounts when it is unable to connect, and sends subsequent communications in plain text until SSL is manually re-enabled. A remote attacker with the ability to observe network traffic from an affected system may obtain the contents of AOL Instant Messenger conversations. This update addresses the issue by changing the behavior of iChat to always attempt to use SSL, and to use less secure channels only if the "Require SSL" preference is not enabled. This issue does not affect systems prior to Mac OS X v10.5, as they do not support SSL for iChat accounts.\r\n\r\n *\r\n\r\n International Components for Unicode\r\n\r\n CVE-ID: CVE-2009-0153\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Maliciously crafted content may bypass website filters and result in cross-site scripting\r\n\r\n Description: An implementation issue exists in ICU's handling of certain character encodings. Using ICU to convert invalid byte sequences to Unicode may result in over-consumption, where trailing bytes are considered part of the original character. This may be leveraged by an attacker to bypass filters on websites that attempt to mitigate cross-site scripting. This update addresses the issue through improved handling of invalid byte sequences. This issue does not affect systems prior to Mac OS X v10.5. Credit to Chris Weber of Casaba Security for reporting this issue.\r\n\r\n *\r\n\r\n IPSec\r\n\r\n CVE-ID: CVE-2008-3651, CVE-2008-3652\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Multiple vulnerabilities in the racoon daemon may lead to a denial of service\r\n\r\n Description: Multiple memory leaks exist in the racoon daemon in ipsec-tools before 0.7.1, which may lead to a denial of service. This update addresses the issues through improved memory management.\r\n\r\n *\r\n\r\n Kerberos\r\n\r\n CVE-ID: CVE-2009-0845\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Processing a maliciously crafted authentication packet may lead to a denial of service of a Kerberos-enabled program\r\n\r\n Description: A null pointer dereference issue exists in the Kerberos SPNEGO support. Processing a maliciously crafted authentication packet may lead to a denial of service of a Kerberos-enabled program. This update addresses the issue by adding a check for a null pointer. This issue does not affect systems prior to Mac OS X v10.5.\r\n\r\n *\r\n\r\n Kerberos\r\n\r\n CVE-ID: CVE-2009-0846, CVE-2009-0847\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Processing a maliciously crafted ASN.1 encoded message may lead to a denial of service of a Kerberos-enabled program or arbitrary code execution\r\n\r\n Description: Multiple memory corruption issues exist in Kerberos' handling of ASN.1 encoded messages. Processing a maliciously crafted ASN.1 encoded message may lead to a denial of service of a Kerberos-enabled program or arbitrary code execution. Further information on the issues and the patches applied is available via the MIT Kerberos website at http://web.mit.edu/Kerberos/\r\n\r\n *\r\n\r\n Kerberos\r\n\r\n CVE-ID: CVE-2009-0844\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Processing a maliciously crafted Kerberos data packet may lead to a denial of service of a Kerberos-enabled program\r\n\r\n Description: An out-of-bounds memory access exists in Kerberos. Processing a maliciously crafted Kerberos data packet may lead to a denial of service of a Kerberos-enabled program. This update addresses the issue through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.5. Credit: Apple.\r\n\r\n *\r\n\r\n Kernel\r\n\r\n CVE-ID: CVE-2008-1517\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: A local user may obtain system privileges\r\n\r\n Description: An unchecked index issue exists in the kernel's handling of workqueues, which may lead to an unexpected system shutdown or arbitrary code execution with Kernel privileges. This update addresses the issue through improved index checking. Credit to an anonymous researcher working with Verisign iDefense VCP for reporting this issue.\r\n\r\n *\r\n\r\n Launch Services\r\n\r\n CVE-ID: CVE-2009-0156\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Downloading a maliciously crafted Mach-O executable may cause Finder to repeatedly terminate and relaunch\r\n\r\n Description: An out-of-bounds memory read access exists in Launch Services. Downloading a maliciously crafted Mach-O executable may cause the Finder to repeatedly terminate and relaunch. This update addresses the issue through improved bounds checking.\r\n\r\n *\r\n\r\n libxml\r\n\r\n CVE-ID: CVE-2008-3529\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A heap buffer overflow exists in libxml's handling of long entity names. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.\r\n\r\n *\r\n\r\n Net-SNMP\r\n\r\n CVE-ID: CVE-2008-4309\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: A remote attacker may terminate the operation of the SNMP service\r\n\r\n Description: An integer overflow exists in the netsnmp_create_subtree_cache function. By sending a maliciously crafted SNMPv3 packet, an attacker may cause the SNMP server to terminate, denying service to legitimate clients. This update addresses the issue by applying the Net-SNMP patches on Mac OS X v10.4.11 systems, and by updating net_snmp to version 5.4.2.1 on Mac OS X v10.5.x systems. The SNMP service is not enabled by default on Mac OS X or Mac OS X Server.\r\n\r\n *\r\n\r\n Network Time\r\n\r\n CVE-ID: CVE-2009-0021\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Network Time is susceptible to a spoofing attack if NTP authentication is enabled\r\n\r\n Description: The ntpd daemon incorrectly checks the return value of the OpenSSL EVP_VerifyFinal function. On systems using NTPv4 authentication, this may allow a maliciously crafted signature to bypass the cryptographic signature validation, which may lead to a time spoofing attack. By default, NTP authentication is not enabled. This update addresses the issue by properly checking the return value of the EVP_VerifyFinal function.\r\n\r\n *\r\n\r\n Network Time\r\n\r\n CVE-ID: CVE-2009-0159\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Using the ntpq command to request peer information from a malicious remote time server may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A stack buffer overflow exists in the ntpq program. When the ntpq program is used to request peer information from a remote time server, a maliciously crafted response may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit: Apple.\r\n\r\n *\r\n\r\n Networking\r\n\r\n CVE-ID: CVE-2008-3530\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: A remote user may be able to cause an unexpected system shutdown\r\n\r\n Description: When IPv6 support is enabled, IPv6 nodes use ICMPv6 to report errors encountered while processing packets. An implementation issue in the handling of incoming ICMPv6 "Packet Too Big" messages may cause an unexpected system shutdown. This update addresses the issue through improved handling of ICMPv6 messages.\r\n\r\n *\r\n\r\n OpenSSL\r\n\r\n CVE-ID: CVE-2008-5077\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: A man-in-the-middle attacker may be able to impersonate a trusted server or user in applications using OpenSSL for SSL certificate verification\r\n\r\n Description: Several functions within the OpenSSL library incorrectly check the result value of the EVP_VerifyFinal function. A man-in-the-middle attacker may be able to impersonate a trusted server or user in applications using OpenSSL for SSL certificate verification for DSA and ECDSA keys. This update addresses the issue by properly checking the return value of the EVP_VerifyFinal function.\r\n\r\n *\r\n\r\n PHP\r\n\r\n CVE-ID: CVE-2008-3659, CVE-2008-2829, CVE-2008-3660, CVE-2008-2666, CVE-2008-2371, CVE-2008-2665, CVE-2008-3658, CVE-2008-5557\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Multiple vulnerabilities in PHP 5.2.6\r\n\r\n Description: PHP is updated to version 5.2.8 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP website at http://www.php.net/\r\n\r\n *\r\n\r\n QuickDraw Manager\r\n\r\n CVE-ID: CVE-2009-0160\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in QuickDraw's handling of PICT images. Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of PICT images. Credit: Apple.\r\n * QuickDraw Manager\r\n\r\n CVE-ID: CVE-2009-0010\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An integer underflow in the handling of PICT images may result in a heap buffer overflow. Opening a maliciously crafted PICT file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of PICT images. Credit to Damian Put and Sebastian Apelt working with TippingPoint's Zero Day Initiative, and Chris Ries of Carnegie Mellon University Computing Services for reporting this issue.\r\n\r\n *\r\n\r\n ruby\r\n\r\n CVE-ID: CVE-2008-3443, CVE-2008-3655, CVE-2008-3656, CVE-2008-3657, CVE-2008-3790\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Multiple vulnerabilities in Ruby 1.8.6\r\n\r\n Description: Multiple vulnerabilities exist in Ruby 1.8.6. This update addresses the issues by updating Ruby to version 1.8.6-p287. Further information is available via the Ruby web site at http://www.ruby-lang.org/en/security/\r\n\r\n *\r\n\r\n ruby\r\n\r\n CVE-ID: CVE-2009-0161\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Ruby programs may accept revoked certificates\r\n\r\n Description: An incomplete error check exists in Ruby's use of the OpenSSL library. The OpenSSL::OCSP Ruby module may interpret an invalid response as an OCSP validation of the certificate. This update addresses the issue through improved error checking while verifying OCSP responses.\r\n\r\n *\r\n\r\n Safari\r\n\r\n CVE-ID: CVE-2009-0162\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Accessing a maliciously crafted "feed:" URL may lead to arbitrary code execution\r\n\r\n Description: Multiple input validation issues exist in Safari's handling of "feed:" URLs. Accessing a maliciously crafted "feed:" URL may lead to the execution of arbitrary JavaScript. This update addresses the issues by performing additional validation of "feed:" URLs. These issues do not affect systems prior to Mac OS X v10.5. Credit to Billy Rios of Microsoft Vulnerability Research (MSVR), and Alfredo Melloni for reporting these issues.\r\n\r\n *\r\n\r\n Spotlight\r\n\r\n CVE-ID: CVE-2009-0944\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: Multiple memory corruption issues exist in the Mac OS X Microsoft Office Spotlight Importer. Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of Microsoft Office files.\r\n\r\n *\r\n\r\n system_cmds\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: The "login" command always runs the default shell with normal priority\r\n\r\n Description: The "login" command starts an interactive shell after a local user is authenticated. The priority level for the interactive shell is reset to the system default, which can cause the shell to run with an unexpectedly high priority. This update addresses the issue by respecting the priority setting of the calling process if the caller is the superuser or the user who was successfully logged in.\r\n\r\n *\r\n\r\n telnet\r\n\r\n CVE-ID: CVE-2009-0158\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Connecting to a TELNET server with a very long canonical name in its DNS address record may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A stack buffer overflow exists in telnet command. Connecting to a TELNET server with a very long canonical name in its DNS address record may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit: Apple.\r\n\r\n *\r\n\r\n WebKit\r\n\r\n CVE-ID: CVE-2009-0945\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Visiting a maliciously crafted website may lead to arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in WebKit's handling of SVGList objects. Visiting a maliciously crafted website may lead to arbitrary code execution. This update addresses the issue through improved bounds checking. For Mac OS X v10.4.11 and Mac OS X Server v10.4.11, updating to Safari 3.2.3 will address this issue. Credit to Nils working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n X11\r\n\r\n CVE-ID: CVE-2006-0747, CVE-2007-2754\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11\r\n\r\n Impact: Multiple vulnerabilities in FreeType v2.1.4\r\n\r\n Description: Multiple vulnerabilities exist in FreeType v2.1.4, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. This update addresses the issues by updating FreeType to version 2.3.8. Further information is available via the FreeType site at http://www.freetype.org/ The issues are already addressed in systems running Mac OS X v10.5.6.\r\n\r\n *\r\n\r\n X11\r\n\r\n CVE-ID: CVE-2008-2383\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Displaying maliciously crafted data within an xterm terminal may lead to arbitrary code execution\r\n\r\n Description: The xterm program supports a command sequence known as DECRQSS that can be used to return information about the current terminal. The information returned is sent as terminal input similar to keyboard input by a user. Within an xterm terminal, displaying maliciously crafted data containing such sequences may result in command injection. This update addresses the issue by performing additional validation of the output data. This issue does not affect systems prior to Mac OS X v10.5.\r\n\r\n *\r\n\r\n X11\r\n\r\n CVE-ID: CVE-2008-1382, CVE-2009-0040\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Multiple vulnerabilities in libpng version 1.2.26\r\n\r\n Description: Multiple vulnerabilities exist in libpng version 1.2.26, the most serious of which may lead to arbitrary code execution. This update addresses the issues by updating libpng to version 1.2.35. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html These issues do not affect systems prior to Mac OS X v10.5.\r\n\r\n *\r\n\r\n X11\r\n\r\n CVE-ID: CVE-2009-0946\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Multiple vulnerabilities in FreeType v2.3.8\r\n\r\n Description: Multiple integer overflows exist in FreeType v2.3.8, which may lead to an unexpected application termination or arbitrary code execution. This update addresses the issues through improved bounds checking. Credit to Tavis Ormandy of the Google Security Team for reporting these issues.\r\n", "modified": "2009-05-14T00:00:00", "published": "2009-05-14T00:00:00", "id": "SECURITYVULNS:DOC:21825", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21825", "title": "About the security content of Security Update 2009-002 / Mac OS X v10.5.7", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
